Example configuration of IIS for "boostrapping" Powershell scripts via a curl | iex style. Because, port 80/443 all the things?
This is intended for HTTPS INTRANET sites as running code.
Yes, iex can be considered harmful, and CSS tomfoolery exists to exploit the behavior. Nonetheless, this is how Chocolatey, PsGet, and even Homebrew bootstrap themselves. In any case, one should always approach code with caution (i.e. curl first without the iex).
Normal
(new-object net.webclient).DownloadString('https://site.contoso.local/bootstrap-thing.ps1')|iexNTLM
$wc=new-object net.webclient;$wc.UseDefaultCredentials=$true;$wc.DownloadString('https://site.contoso.local/windowsAuth/bootstrap-thang.ps1')|iex- Use
.\setup-urlAuthorization-WindowsAuth.ps1to- Install URL Authorization feature (
Web-Url-Auth) - Configure
authenticatedUserOverridein yourappHostConfig-- otherwise you have to grant authenticating users NTFS permissions (see link)
- Install URL Authorization feature (
- In your site's top
web.config, ensure you add MIME maps for at least.ps1-- if not for.7z, etc.
You can use .\enable-windowsAuthOnSitePath.ps1 to setup your appHostConfig for your site path as such:
- Disable Anonymous authentication
- Enable Windows authentication
- Clear existing Windows Auth Providers
- Add
NTLMprovider
However, how you setup that portion (even via the GUI) is up to you.
An example of setting up restrictions via URL authorization rules against AD is in site\windowsAuth\web.config