Adding Management Authorization Providers <add>


The <add> element of the <providers> element adds an authorization provider to the collection of management authorization providers for Internet Information Services (IIS) 7.

Note: The default authorization provider, ConfigurationAuthorizationProvider, uses the IIS Administration.config file to store authorization rules for IIS Manager.


Version Notes
IIS 7.5 The <add> element was not modified in IIS 7.5.
IIS 7.0 The <add> element of the <providers> element was introduced in IIS 7.0.
IIS 6.0 N/A


The default installation of IIS 7 does not include the Management Service role service. To install this role service, use the following steps.

Windows Server 2008 or Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, select Management Service, and then click Next.

  5. On the Confirm Installation Selections page, click Install.
  6. On the Results page, click Close.

Windows Vista or Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. Expand Internet Information Services, then Web Management Tool.
  4. Select IIS Management Service, and then click OK.

How To

There is no user interface for configuring the <providers> element of the <authorization> element for IIS 7. For examples of how to configure the <providers> element of the <authorization> element programmatically, see the Code Samples section of this document.



Attribute Description
name Required string attribute.

Specifies the name of the authorization provider.
type Required string attribute.

Specifies the authentication provider's managed type.

Child Elements


Configuration Sample

The following default <providers> element under the <authorization> element is configured in the root Administration.config file in IIS 7 when the Management Service role service is installed.

<authorization defaultProvider="ConfigurationAuthorizationProvider">
      <add name="ConfigurationAuthorizationProvider"
         type="Microsoft.Web.Management.Server.ConfigurationAuthorizationProvider, Microsoft.Web.Management, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

Sample Code

Note: The examples in this document illustrate using a managed-code assembly that has been stored in the .NET Global Assembly Cache (GAC). Before using the code in these examples to deploy your own assemblies, you need to retrieve the assembly information from the GAC. To do so, use the following steps:

  • In Windows Explorer, open your C:\Windows\assembly path, where C: is your operating system drive.
  • Locate your assembly.
  • Right-click the assembly and click Properties.
  • Copy the Culture value; for example: Neutral.
  • Copy the Version number; for example:
  • Copy the Public Key Token value; for example: 426f62526f636b73.
  • Click Cancel.

The following code examples add an authorization provider named ContosoAuthorizationProvider to the collection of management authorization providers, and set the default authorization provider to ContosoAuthorizationProvider.


Note: You cannot configure <system.webServer/Management> settings using AppCmd.exe.


using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
   private static void Main()
      using (ServerManager serverManager = new ServerManager())
         Configuration config = serverManager.GetAdministrationConfiguration();

         ConfigurationSection authorizationSection = config.GetSection("system.webServer/management/authorization");
         ConfigurationElementCollection providersCollection = authorizationSection.GetCollection("providers");
         ConfigurationElement addElement = providersCollection.CreateElement("add");
         addElement["name"] = @"ContosoAuthorizationProvider";
         addElement["type"] = @"Contoso.Provider, System.Web, Version=, Culture=neutral, PublicKeyToken=426f62526f636b73";
         authorizationSection["defaultProvider"] = "ContosoAuthorizationProvider";



Imports System
Imports System.Text
Imports Microsoft.Web.Administration

Module Sample

   Sub Main()
      Dim serverManager As ServerManager = New ServerManager
      Dim config As Configuration = serverManager.GetAdministrationConfiguration

      Dim authorizationSection As ConfigurationSection = config.GetSection("system.webServer/management/authorization")
      Dim providersCollection As ConfigurationElementCollection = authorizationSection.GetCollection("providers")
      Dim addElement As ConfigurationElement = providersCollection.CreateElement("add")
      addElement("name") = "ContosoAuthorizationProvider"
      addElement("type") = "Contoso.Provider, System.Web, Version=, Culture=neutral, PublicKeyToken=426f62526f636b73"
      authorizationSection("defaultProvider") = "ContosoAuthorizationProvider"

   End Sub

End Module


var adminManager = new ActiveXObject("Microsoft.ApplicationHost.WritableAdminManager"); 
adminManager.CommitPath = "MACHINE/WEBROOT"; 
adminManager.SetMetadata("pathMapper", "AdministrationConfig");

var authorizationSection = adminManager.GetAdminSection("system.webServer/management/authorization", "MACHINE/WEBROOT"); 
var providersCollection = authorizationSection.ChildElements.Item("providers").Collection;

var addElement = providersCollection.CreateNewElement("add");
addElement.Properties.Item("name").Value = "ContosoAuthorizationProvider";
addElement.Properties.Item("type").Value = "Contoso.Provider, System.Web, Version=, Culture=neutral, PublicKeyToken=426f62526f636b73";
authorizationSection.Properties.Item("defaultProvider").Value = "ContosoAuthorizationProvider";



Set adminManager = WScript.CreateObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT"
adminManager.SetMetadata "pathMapper", "AdministrationConfig"

Set authorizationSection = adminManager.GetAdminSection("system.webServer/management/authorization", "MACHINE/WEBROOT")
Set providersCollection = authorizationSection.ChildElements.Item("providers").Collection

Set addElement = providersCollection.CreateNewElement("add")
addElement.Properties.Item("name").Value = "ContosoAuthorizationProvider"
addElement.Properties.Item("type").Value = "Contoso.Provider, System.Web, Version=, Culture=neutral, PublicKeyToken=426f62526f636b73"
authorizationSection.Properties.Item("defaultProvider").Value = "ContosoAuthorizationProvider"

Deprecated Elements