Management Trusted Providers <trustedProviders>

Overview

The <trustedProviders> element of the <management> element configures the management providers that are trusted by IIS Manager and the Management Service (WMSVC).

Before calling the provider for a site or an application, the .NET Users and .NET Roles features verify that the configured provider is trusted. If it is not trusted, the setting in the allowUntrustedProviders attribute will determine whether untrusted providers are allowed to run. If untrusted providers are not allowed and the provider is not in the trusted providers collection, the provider will not be allowed to run.

Compatibility

Version Notes
IIS 10.0 The <trustedProviders> element was not modified in IIS 10.0.
IIS 8.5 The <trustedProviders> element was not modified in IIS 8.5.
IIS 8.0 The <trustedProviders> element was not modified in IIS 8.0.
IIS 7.5 The <trustedProviders> element was not modified in IIS 7.5.
IIS 7.0 The <trustedProviders> element of the <management> element was introduced in IIS 7.0.
IIS 6.0 N/A

Setup

The default installation of IIS 7 and later does not include the Management Service role service. To install this role service, use the following steps.

Windows Server 2012 or Windows Server 2012 R2

  1. On the taskbar, click Server Manager.
  2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
  3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
  4. On the Server Roles page, expand Web Server (IIS), expand Management Tools, and then select Management Service. Click Next.
    Screenshot of Management Service selected in a Windows Server 2012 interface. .
  5. On the Select features page, click Next.
  6. On the Confirm installation selections page, click Install.
  7. On the Results page, click Close.

Windows 8 or Windows 8.1

  1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.
  3. Expand Internet Information Services, expand Web Management Tools, and then select IIS Management Service.
    Screenshot of Management Service selected in a Windows 8 interface.
  4. Click OK.
  5. Click Close.

Windows Server 2008 or Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, select Management Service, and then click Next.
    Screenshot of Management Service selected in a Windows Server 2008 interface.
  5. On the Confirm Installation Selections page, click Install.
  6. On the Results page, click Close.

Windows Vista or Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. Expand Internet Information Services, then Web Management Tool.
  4. Select IIS Management Service, and then click OK.
    Screenshot of the Management Service pane in the I I S Manager.

How To

There is no user interface for configuring the <trustedProviders> element for IIS 7. For examples of how to configure the <trustedProviders> element programmatically, see the Code Samples section of this document.

Configuration

Attributes

Attribute Description
allowUntrustedProviders Optional Boolean attribute.

Specifies whether untrusted providers can run.

Important Note: For security reasons, it is not recommended to change this value to true, because it will allow untrusted code to run on your server. Instead, you should always test a provider and add it to the trusted providers collection only when it is safe.

The default value is false.

Child Elements

Element Description
add Optional element.

Adds a provider to the collection of providers that are trusted to be run by IIS Manager and the Management Service (WMSVC).

Configuration Sample

The following default <trustedProviders> element is configured in the root Administration.config file in IIS 7.0 when the Management Service role service is installed.

<trustedProviders allowUntrustedProviders="false">
   <add type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   <add type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   <add type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</trustedProviders>

Sample Code

Note

The examples in this document illustrate using a managed-code assembly that has been stored in the .NET Global Assembly Cache (GAC). Before using the code in these examples to deploy your own assemblies, you need to retrieve the assembly information from the GAC. To do so, use the following steps:

  • In Windows Explorer, open your C:\Windows\assembly path, where C: is your operating system drive.
  • Locate your assembly.
  • Right-click the assembly and click Properties.
  • Copy the Culture value; for example: Neutral.
  • Copy the Version number; for example: 1.0.0.0.
  • Copy the Public Key Token value; for example: 426f62526f636b73.
  • Click Cancel.

The following code examples add a provider named Contoso.Provider to the collection of trusted management providers.

AppCmd.exe

Note

You cannot configure <system.webServer/Management> settings using AppCmd.exe.

C#

using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
         Configuration config = serverManager.GetAdministrationConfiguration();

         ConfigurationSection trustedProvidersSection = config.GetSection("system.webServer/management/trustedProviders");
         ConfigurationElementCollection trustedProvidersCollection = trustedProvidersSection.GetCollection();
         ConfigurationElement addElement = trustedProvidersCollection.CreateElement("add");
         addElement["type"] = @"Contoso.Provider, System.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=426f62526f636b73";
         trustedProvidersCollection.Add(addElement);

         serverManager.CommitChanges();
      }
   }
}

VB.NET

Imports System
Imports System.Text
Imports Microsoft.Web.Administration

Module Sample

   Sub Main()
      Dim serverManager As ServerManager = New ServerManager
      Dim config As Configuration = serverManager.GetAdministrationConfiguration

      Dim trustedProvidersSection As ConfigurationSection = config.GetSection("system.webServer/management/trustedProviders")
      Dim trustedProvidersCollection As ConfigurationElementCollection = trustedProvidersSection.GetCollection
      Dim addElement As ConfigurationElement = trustedProvidersCollection.CreateElement("add")
      addElement("type") = "Contoso.Provider, System.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=426f62526f636b73"
      trustedProvidersCollection.Add(addElement)

      serverManager.CommitChanges()
   End Sub

End Module

JavaScript

var adminManager = new ActiveXObject("Microsoft.ApplicationHost.WritableAdminManager"); 
adminManager.CommitPath = "MACHINE/WEBROOT"; 
adminManager.SetMetadata("pathMapper", "AdministrationConfig");

var trustedProvidersSection = adminManager.GetAdminSection("system.webServer/management/trustedProviders", "MACHINE/WEBROOT"); 
var trustedProvidersCollection = trustedProvidersSection.Collection;

var addElement = trustedProvidersCollection.CreateNewElement("add");
addElement.Properties.Item("type").Value = "Contoso.Provider, System.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=426f62526f636b73";
trustedProvidersCollection.AddElement(addElement);

adminManager.CommitChanges();

VBScript

Set adminManager = WScript.CreateObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT"
adminManager.SetMetadata "pathMapper", "AdministrationConfig"

Set trustedProvidersSection = adminManager.GetAdminSection("system.webServer/management/trustedProviders", "MACHINE/WEBROOT")
Set trustedProvidersCollection = trustedProvidersSection.Collection

Set addElement = trustedProvidersCollection.CreateNewElement("add")
addElement.Properties.Item("type").Value = "Contoso.Provider, System.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=426f62526f636b73"
trustedProvidersCollection.AddElement(addElement)

adminManager.CommitChanges()