I mainly have a web assembly and deployment assembly working in TeamCity, which mainly uses MSBuild to automatically deploy a site to a web server. MSDeploy by default installs everything on Readonly on the target server, and I need the AppPool ID to have write access to only one folder.
I found an article by Kevin leetham that gives me 90% of the way. Kevin describes how to connect to MSBuild Web Publish Pipeline by creating a file called ProjectName.wpp.targets in the following lines:
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <PropertyGroup> <IncludeCustomACLs>TRUE</IncludeCustomACLs> <AfterAddIisSettingAndFileContentsToSourceManifest Condition="'$(AfterAddIisSettingAndFileContentsToSourceManifest)'==''"> $(AfterAddIisSettingAndFileContentsToSourceManifest); SetCustomACLs; </AfterAddIisSettingAndFileContentsToSourceManifest> </PropertyGroup> <Target Name="SetCustomACLs" Condition="'$(IncludeCustomACLs)'=='TRUE'"> <Message Text="Adding Custom ACls" /> <ItemGroup> <MsDeploySourceManifest Include="setAcl" Condition="$(IncludeSetAclProviderOnDestination)"> <Path>$(_MSDeployDirPath_FullPath)\files</Path> <setAclAccess>Read,Write,Modify</setAclAccess> <setAclResourceType>Directory</setAclResourceType> <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings> </MsDeploySourceManifest> </ItemGroup> </Target> </Project>
It almost works so much that it drives me crazy. The ACL is added to the manifest, but the problem is that it generates an absolute path based on the assembly location, and not relative to the IIS web application on the target server. the generated manifest goes like this (some names have been changed to protect the innocent):
<?xml version="1.0" encoding="utf-8"?> <sitemanifest> <IisApp path="C:\SolutionPath\IisWebAppName\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp" managedRuntimeVersion="v4.0" /> <setAcl path="C:\SolutionPath\IisWebAppName\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp" setAclResourceType="Directory" /> <setAcl path="C:\SolutionPath\IisWebAppName\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp" setAclUser="anonymousAuthenticationUser" setAclResourceType="Directory" /> <setAcl path="C:\SolutionPath\IisWebAppName\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp\files" setAclResourceType="Directory" setAclAccess="Read,Write,Modify" /> </sitemanifest>
It really looks right, the last line is my custom ACL from the wpp.targets file. However, when MSDeploy sends this to the target server, this is what happens:
2> Start Web Deploy Publish the Application / package to https://webhostingprovider.biz:8172/msdeploy.axd?site=IisWebAppName ...
2> Adding sitemanifest (sitemanifest).
2> Adding ACL for path (IisWebAppName)
2> Adding ACL for path (IisWebAppName)
2> Adding ACL for path (C: \ SolutionPath \ IisWebAppname \ src \ MyProjectName \ obj \ Release_Deploy \ Package \ PackageTmp \ files)
2> C: \ Program Files (x86) \ MSBuild \ Microsoft \ VisualStudio \ v11.0 \ Web \ Microsoft.Web.Publishing.targets (4377.5): Error ERROR_USER_NOT_AUTHORIZED_FOR_SETACL: Web deployment task failed. (Could not complete an operation with the specified provider ("setAcl") when connecting using the Web Management Service. This can occur if the server administrator has not authorized the user for this operation. SetAcl http://go.microsoft.com/ fwlink /? LinkId = 178034 It all depends on my custom ACL path, which is displayed using an absolute path name instead of referring to IisWebAppName. I can’t understand why!
Help me please:)
source share