Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
File Configuration Endpoint
The IIS Administration API has many places that require access to the file system. A few examples include creating web sites, setting the directory for log files, and the file system API. The configuration for all this file access resides in the application's appsettings.json file. Historically users needed to edit this file by hand to open up new parts of the file system to the API. Now users that have access to the system access policy can use this endpoint to add new file system locations.
Who Has Access
This endpoint is locked down by the system access policy in the appsettings.json file security section.
By default only the installing user will have access. To grant access to additional users they will need to granted access to the system access policy which is the highest privilege of the IIS Administration API and allows users to take advantage of the fact that the service runs as the System account.
Example Improved Scenario
Creating a site in C:\sites
Before
After
Note: Installing user is automatically added to the system access policy of the API so they have access to this new file settings endpoint
Endpoint
/api/files/settings
Supported Operations
*All desired locations must be sent in the body of the request.