Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 4

IIS Dynamic Parameter for Username never fails


I've been using the solution here:
to specify Dynamic username/password for creating an application pool. The problem I'm having is that it works too well - as in setup does not fail when creating an app pool with a non existent domain account. The app pool will show up in IIS manager with the fake account!

Has anybody encountered this problem? If so, has anybody solved this problem?

Is there any way for me to verify an account when receiving account info in a dialog? Something along the lines of
CheckDomainAccount( szUser, szPassword);

Thanks in advance,

Labels (1)
0 Kudos
(1) Reply
Level 5

Not directly in InstallShield, but you can write a DLL to do it. I wrote a c# one for many things I needed to do, one of which was to verify account credentials. This works for local or domain accounts.

c# dll method definition...
public bool ValidateAccountCredentials(string domain, string userName, string password, ref bool validCredentials, ref string errorMsg)
// The result.
bool result = false;
validCredentials = false;

// Lower the hostname so that matches definately work.
string localHostName = Environment.MachineName.ToLower();

using (PrincipalContext pc = new PrincipalContext(localHostName == domain.ToLower() ? ContextType.Machine : ContextType.Domain, domain, userName, password))
// Check the account credentials for logging onto the domain/machine.
validCredentials = pc.ValidateCredentials(userName, password);

result = true;
catch (Exception ex)
// Failed to validate the credentials, fill in the error message.
errorMsg = ex.Message;

return result;

InstallScript code to call the .NET dll...

prototype Util_ValidateAccountCredentials(STRING, STRING, STRING, BYREF BOOL);

function Util_ValidateAccountCredentials(sDomain, sUserName, sPassword, bvValidCredentials)
OBJECT oAccountManagement;
BOOL bvResult;
STRING svErrorMsgFromDll, svExceptionErrorMsg;
SdShowMsg("Validating the " + sDomain + "\\" + sUserName + " account credentials...", TRUE);

// We don't want to log this.

// Network credentials are invalid until we found out they are valid.
bvValidCredentials = FALSE;

// Create an object to talk to the account management class of the InstallLibrary.
set oAccountManagement= DotNetCoCreateObject(SUPPORTDIR ^ "InstallLibrary.dll", "MyCompany.MyProduct.InstallLibrary.AccountManagement, "MyCompany.MyProduct.InstallLibrary");

// Test whether the network credentials are valid.
bvResult = oAccountManagement.ValidateAccountCredentials(
sDomain + "",
sUserName + "",
sPassword + "",

// Check the result.
if (bvResult = FALSE) then
MessageBox("Error: Unable to validate the " + sDomain + "\\" + sUserName + " account credentials. " + svErrorMsgFromDll, SEVERE);
elseif (bvResult != FALSE && bvValidCredentials = FALSE) then
MessageBox("Error: The " + sDomain + "\\" + sUserName + " account credentials are not valid.", SEVERE);
else // Success
// Do nothing

// Clean up object.
set oAccountManagement = NOTHING;
// Unload app domain.
Sprintf(svExceptionErrorMsg, "Unable to validate the " + sDomain + "\\" + sUserName + " account credentials.\n%i\n\n%s\n\n%s.\n%s.", Err.Number, Err.Description, Err.LastDllError, svErrorMsgFromDll);
MessageBox("Error: " + svExceptionErrorMsg, SEVERE);

// Start logging again.

SdShowMsg("Validating the " + sDomain + "\\" + sUserName + " account credentials...", FALSE);

I also wrote this function in InstallScript to split up the username and domain components of the user name...

prototype Util_GetComponentsFromAccountName(STRING, BYREF STRING, BYREF STRING);

function Util_GetComponentsFromAccountName(sAccountName, svDomain, svUsername)
LIST listID;
BOOL bvResult;
// Failed to complete task, until we know otherwise.
bvResult = FALSE;
svDomain = "";
svUsername = "";
// Create a list to get the tokens of the string into.
listID = ListCreate (STRINGLIST);
// Get the tokens of the string into the list.
if (StrGetTokens(listID, sAccountName, "\\") = 0) then
if (ListGetFirstString(listID, svDomain) = 0) then
if (StrLength(svDomain) > 0) then
if (ListGetNextString(listID, svUsername) = 0) then
if (StrLength(svUsername) > 0) then
bvResult = TRUE;

if (bvResult = FALSE) then
MessageBox("Error: Failed to determine the domain and/or username from the '" + sAccountName + "' text.", SEVERE);

Which you can call like this...

STRING svDomainName, svUserName;
Util_GetComponentsFromAccountName("MyDomain\\MyUser", svDomainName, svUserName);
0 Kudos