Using Coldfusion 8/9, how would I go about managing IIS7. For example:
I am building a website generator, when someone fills out a form, a website will be generated. A step in this process will be to create an IIS site with specific host headers/ip bindings. Another step may be to allow the user to upload a SSL certificate. That may not be possible, I am not sure. But I do know that there should be a way to interact with IIS7.
Fortunately ColdFusion 8 and 9 can instantiate .NET components, this means you can access the .NET managed-code IIS administration API's:
IIS7 ships with two .NET managed-code management API's:
Microsoft.Web.Administration
Microsoft.Web.Management
These reside in: c:\windows\system32\inetsrv.
Using this functionality you should be able to consume these API's via ColdFusion to create websites and manage IIS functionality.
If there are problems calling these API's directly (i.e. some item of data doesn't marshal back to ColdFusion properly) you could always wrap calls to these API's with your own .NET code.
For more information about creating and managing websites using the API's above refer to the following links:
It should also be noted that the Windows account the site runs under should be a member of the Administrators group to manage IIS via these API's.
If this was a public facing site then I'd split the application in two. Your public facing ColdFusion (running under a low privileged account) site collects information about the site to be created. Post this data as a task into a queue (can be as simple as a database) of some sort to be read by either a scheduled task or a Windows service (running as a highly privileged user) which picks these tasks off of the queue periodically (say once every 15 or 30 seconds).
This is known as 'sandboxing' and means that if your ColdFusion site is hijacked then it's not running under elevated rights and can't do much damage. All the highly privileged tasks are sandboxed in a process that isn't surfaced via the web.
I do not think that it is a beneficial way to do this. It just won't work.