I have a web form application (Visual Studio 2010) with an existing wpp.targets file that works successfully with LESS preprocessing, resource minimization / bundling, web.config encryption, etc.
I could always deploy everything simply by right-clicking on the web application and selecting the option “Publish file system”.
Recently, I decided to try and automate the setting of ACL permissions for a specific folder in the application. This led me to switch from the option to publish the file system to the Web Deploy parameter (which also works fine after installing and configuring Web Deploy 3 on the server).
The reason I switched to Web Deploy is because I understand that with the Web Deployment option, I have to add extra steps to the wpp.targets file to set the necessary permissions on the folder.
I have seen numerous articles, blogs , forum posts , etc. on the subject, and it seems pretty straightforward.
I'm trying to provide read / write / change access to domain users for a folder named "IDAutomation" - so I just added the following at the end of the existing wpp.targets file:
<Target Name="SetupCustomAcls" AfterTargets="AddIisSettingAndFileContentsToSourceManifest"> <ItemGroup> <MsDeploySourceManifest Include="setAcl"> <Path>$(_MSDeployDirPath_FullPath)\IDAutomation</Path> <setAclAccess>Read,Write,Modify</setAclAccess> <setAclUser>Domain Users</setAclUser> <setAclResourceType>Directory</setAclResourceType> <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings> </MsDeploySourceManifest> </ItemGroup> </Target> <Target Name="DeclareCustomParameters" AfterTargets="AddIisAndContentDeclareParametersItems"> <ItemGroup> <MsDeployDeclareParameters Include="IDAutomationSetAclParam"> <Kind>ProviderPath</Kind> <Scope>setAcl</Scope> <Match>^$(_EscapeRegEx_MSDeployDirPath)\\IDAutomation$</Match> <Value>$(_DestinationContentPath)/IDAutomation</Value> <ExcludeFromSetParameter>True</ExcludeFromSetParameter> </MsDeployDeclareParameters> </ItemGroup> </Target>
But I obviously missed something because I click Publish → Web Deployment and let it do that, permissions do not apply to the folder. The application is deployed successfully, and everything looks good - it just does not set permissions for the folder for me.
Here are a few excerpts from the end of the deployment output:
Target "Package" skipped, due to false condition; ($(_CreatePackage)) was evaluated as (false). Target "MSDeployPublish" in file ..... from project ..... Start Web Deploy Publish the Application/package to.... ... Starting Web deployment task from source:manifest(.....) to Destination:auto(). Updating setAcl (Site/app). Updating setAcl (Site/app). Updating setAcl (Site/app/IDAutomation). <-- Appears to be doing something?? Updating filePath...... .... Updating setAcl (Site/app). Updating setAcl (Site/app). Updating setAcl (Site/app/IDAutomation). <-- Appears to be doing something?? Successfully executed Web deployment task. Publish is successfully deployed. Task "MSdeploy" skipped, due to false condition; ($(UseMsdeployExe)) was evaluated as (False). Done building target "MSDeployPublish" in project ... Done building project ...
Thus, it seems that you install acl in the folder (for some reason, twice), as you can see, but when I look at the folder on the remote server, the permissions were not applied.
What am I missing here?
I am not trying to create a package for subsequent / manual deployment or anything related to the build server. I am just trying to manually publish -> Web Deploy.
Also on my computer (win7) is also installed Web Deploy 3.0, as well as a web server (Win2008R2 / IIS7.5).
- UPDATE -
I found that no matter what I set in the setAclUser element, the sitemanifest.xml file always skips the setAclUser attribute for the folder (shortened paths):
<sitemanifest> <IisApp path="C:\...\obj\...\Package\PackageTmp" managedRuntimeVersion="v4.0" /> <setAcl path="C:\...\obj\...\Package\PackageTmp" setAclResourceType="Directory" /> <setAcl path="C:\...\obj\...\Package\PackageTmp" setAclUser="anonymousAuthenticationUser" setAclResourceType="Directory" /> <setAcl path="C:\...\obj\...\Package\PackageTmp\IDAutomation" setAclResourceType="Directory" setAclAccess="Read,Write" /> </sitemanifest>
That way you don't see, there is no setAclUser in the setAcl element for the IDAutomation folder. Hope this will be the key to someone?
Thanks again -