using System;
using System.DirectoryServices;
using System.Reflection;
//using mscorlib;

namespace ConfigIIS
{
 /// <summary>
 /// Small class containing methods to configure IIS.
 /// </summary>
 class class1
 {
  /// <summary>
  /// The main entry point for the application.
  /// </summary>
  [STAThread]
  static void Main(string[] args)
  {
   try
   {
    // retrieve the directory entry for the root of the IIS server
    System.DirectoryServices.DirectoryEntry IIS = new System.DirectoryServices.DirectoryEntry("IIS://localhost/w3svc/1/root");

    // retrieve the list of currently denied IPs
    Console.WriteLine("Retrieving the list of currently denied IPs.");

    // get the IPSecurity property
    Type typ = IIS.Properties["IPSecurity"][0].GetType();
    object IPSecurity = IIS.Properties["IPSecurity"][0];

    // retrieve the IPDeny list from the IPSecurity object
    Array origIPDenyList = (Array) typ.InvokeMember("IPDeny",
     BindingFlags.DeclaredOnly |
     BindingFlags.Public | BindingFlags.NonPublic |
     BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null);

    // display what was being denied
    foreach(string s in origIPDenyList)
     Console.WriteLine("Before: " + s);

    // check GrantByDefault.  This has to be set to true, or what we are doing will not work.
    bool bGrantByDefault = (bool) typ.InvokeMember("GrantByDefault",
     BindingFlags.DeclaredOnly |
     BindingFlags.Public | BindingFlags.NonPublic |
     BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null);

    Console.WriteLine("GrantByDefault = " + bGrantByDefault);
    if(!bGrantByDefault)
    {
     typ.InvokeMember("GrantByDefault",
      BindingFlags.DeclaredOnly |
      BindingFlags.Public | BindingFlags.NonPublic |
      BindingFlags.Instance | BindingFlags.SetProperty, null, IPSecurity, new object[] {true});
    }

    // update the list of denied IPs.  This is a complete replace.  If you want to maintain what
    // was already being denied, you need to make sure those IPs are in here as well.  This area
    // will be where you will most likely modify to your needs as this is just an example.
    Console.WriteLine("Updating the list of denied IPs.");
    object[] newIPDenyList = new object[4];
    newIPDenyList[0] = "192.168.1.477, 255.255.255.0";
    newIPDenyList[1] = "192.168.1.76, 255.255.255.0";
    newIPDenyList[2] = "192.168.1.467, 255.255.255.0";
    newIPDenyList[3] = "192.168.1.106, 255.255.255.0";
    Console.WriteLine("Calling SetProperty");

    // add the updated list back to the IPSecurity object
    typ.InvokeMember("IPDeny",
     BindingFlags.DeclaredOnly |
     BindingFlags.Public | BindingFlags.NonPublic |
     BindingFlags.Instance | BindingFlags.SetProperty, null, IPSecurity, new object[] {newIPDenyList});
           
    IIS.Properties["IPSecurity"][0] = IPSecurity;           
    Console.WriteLine("Commiting the changes.");

    // commit the changes
    IIS.CommitChanges();
    IIS.RefreshCache();

    // check to see if the update took
    Console.WriteLine("Checking to see if the update took.");
    IPSecurity = IIS.Properties["IPSecurity"][0];
    Array y = (Array) typ.InvokeMember("IPDeny",
     BindingFlags.DeclaredOnly |
     BindingFlags.Public | BindingFlags.NonPublic |
     BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null);
    foreach(string s in y)
     Console.WriteLine("After:  " + s);
   }
   catch (Exception e)
   {
    Console.WriteLine("Error: " + e.ToString());
   }
  }
 }
}