Programmatically add binding on IIS 8 with SNI opt

2019-02-24 05:45发布

问题:

I'm trying to create bindings for IIS 8 that have the flag SNI checked (Server Name Indication) using Microsoft.Web.Administration library (.NET Framework).

This is necessary to me because I want to get multiple SSL bindings for the same website under IIS, all using just one IP address. This is one of the main new features of IIS 8.

I've been looking into the Binding class and I can't find any flag or option to indicate it.

Is it possible with current Microsoft.Web.Administration v 7.0.0.0? Will I need a new version that I haven't found?

I know that version 7.9.0.0 is only for IIS express, and it isn't my scenario, so I haven't looked into it.

回答1:

I finally managed to do it using the Microsoft.Web.Administration from the folder %windir%\system32\inetsrv\ but only in Windows 8/Windows 2012 with IIS 8.

These libraries had the SslFlags option in the Add function for BindingCollection class. There is no documentation from microsoft yet for this new overload, or at least I haven't found it.

The SslFlags.Sni is available to use in this one and creates the binding with SNI check perfectly.



回答2:

Is it possible with current Microsoft.Web.Administration v 7.0.0.0?

Indeed it is, by manually adding the sslFlags attribute to the <binding> node:

Binding mySslBinding;
bool enableSni;

using (var serverManager = new ServerManager())
{
    ... create or get value of mySslBinding...

    mySslBinding.SetAttributeValue("sslFlags", Convert.ToInt32(enableSni));

    serverManager.CommitChanges();
}

Note that executing the above code on a machine with any version of IIS earlier than 8.0 will cause the CommitChanges() method to throw an exception, because sslFlags doesn't exist in those versions.