Retrieve the Windows Identity of the AppPool running a WCF Service

1.7k views Asked by At

I need to verify that the underlying server-side account running my WCF Service has correct ACL permissions to various points on the local file system. If I can get the underlying Windows Identity, I can take it from there. This folds into a larger Powershell script used after deployment.

Below is my powershell snippet, that get the ApplicationPoolSid, how do you map this to the AppPool's Windows Identity?

$mywcfsrv = Get-Item IIS:\AppPools\<MyWCFServiceName>;

Updated below to include Keith's snippet

For completeness, here's the solution:

Function Get-WebAppPoolAccount
{
param ( [Parameter(Mandatory = $true, Position = 0)]
        [string]
        $AppPoolName )

        # Make sure WebAdmin module is loaded.
        $module = (Get-Module -ListAvailable) | ForEach-Object { if ($_.Name -like 'WebAdministration') { $_ } };
        if ($module -eq $null)
        {
            throw "WebAdministration PSSnapin module is not available. This module is required in order to interact with WCF Services.";
        }

        Import-Module $module;

        # Get the service account.
        try 
        {
            $mywcfsrv = Get-Item (Join-Path "IIS:\AppPools" $AppPoolName);
        }
        catch [System.Exception]
        {
            throw "Unable to locate $AppPoolName in IIS. Verify it is installed and running.";
        }

        $accountType = $mywcfsrv.processModel.identityType;

        $account = $null;


        if ($accountType -eq 'LocalSystem')
        {
            $account = 'NT AUTHORITY\SYSTEM';
        }
        elseif ($accountType -eq 'LocalService')
        {
            $account = 'NT AUTHORITY\LOCAL SERVICE';
        }
        elseif ($accountType -eq 'NetworkService')
        {
            $account = 'NT AUTHORITY\NETWORK SERVICE';
        }
        elseif ($accountType -eq 'SpecificUser')
        {
            $account = $mywcfsrv.processModel.userName;
        }

        return $account;
}
1

There are 1 answers

2
Keith Hill On BEST ANSWER

Like so:

$mywcfsrv = Get-Item IIS:\AppPools\<MyWCFServiceName>
$mywcfsrv.processModel.identityType