4

I have a web forms application (Visual Studio 2010) with an existing wpp.targets file working successfully to do things like LESS preprocessing, resource minification/bundling, web.config encryption, etc.

I have always been able to deploy just fine by simply right-clicking on the web app, and choosing the Publish - File System option.

I recently decided to try and automate the setting of the ACL permissions on a specific folder within the app. This led me down the road of changing from the File System publish option to the Web Deploy option (which also works fine after installing and configuring Web Deploy 3 on the server).

The reason I switched to Web Deploy is because it's my understanding that by using the Web Deploy option, I should be able to add additional steps to my wpp.targets file to set the necessary folder permissions.

I've seen numerous articles, blogs, forum posts, etc. on the subject and it seems fairly straight forward.

I'm trying to give Read/Write/Modify access to Domain Users for a folder named "IDAutomation" - so I basically just added the following at the end of my existing wpp.targets file:

<Target Name="SetupCustomAcls" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
    <ItemGroup>
        <MsDeploySourceManifest Include="setAcl">
            <Path>$(_MSDeployDirPath_FullPath)\IDAutomation</Path>
            <setAclAccess>Read,Write,Modify</setAclAccess>
            <setAclUser>Domain Users</setAclUser>
            <setAclResourceType>Directory</setAclResourceType>
            <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings>
        </MsDeploySourceManifest>
    </ItemGroup>
</Target>

<Target Name="DeclareCustomParameters" AfterTargets="AddIisAndContentDeclareParametersItems">
    <ItemGroup>
        <MsDeployDeclareParameters Include="IDAutomationSetAclParam">
            <Kind>ProviderPath</Kind>
            <Scope>setAcl</Scope>
            <Match>^$(_EscapeRegEx_MSDeployDirPath)\\IDAutomation$</Match>
            <Value>$(_DestinationContentPath)/IDAutomation</Value>
            <ExcludeFromSetParameter>True</ExcludeFromSetParameter>
        </MsDeployDeclareParameters>
    </ItemGroup>
</Target>

But I'm obviously missing something because I click Publish -> Web Deploy - and let it do its thing, the permissions are not applied to the folder. The app is deployed successfully and everything looks good - it just doesn't set the permissions on the folder for me.

Here's some excerpts from the end of the deploy output:

Target "Package" skipped, due to false condition; ($(_CreatePackage)) was evaluated as (false).
Target "MSDeployPublish" in file ..... from project .....
Start Web Deploy Publish the Application/package to....
...
Starting Web deployment task from source:manifest(.....) to Destination:auto().
Updating setAcl (Site/app).
Updating setAcl (Site/app).
Updating setAcl (Site/app/IDAutomation).     <--  Appears to be doing something??
Updating filePath......
....
Updating setAcl (Site/app).
Updating setAcl (Site/app).
Updating setAcl (Site/app/IDAutomation).     <--  Appears to be doing something??
Successfully executed Web deployment task.
Publish is successfully deployed.
Task "MSdeploy" skipped, due to false condition; ($(UseMsdeployExe)) was evaluated as (False).
Done building target "MSDeployPublish" in project ...
Done building project ...

So it appears to be setting the acl on the folder (twice for some reason) as you can see, but when I go look at the folder on the remote server, the permissions have not been applied.

What am I missing here?

I'm not trying to build a package for later/manual deployment or anything involving a build server. I'm simply manually trying to Publish -> Web Deploy.

Also Web Deploy 3.0 is installed on my machine (win7) as well as the web server (Win2008R2/IIS7.5).

-- UPDATE --

I've discovered that regardless of what I set in the setAclUser element, the sitemanifest.xml file is always missing the setAclUser attribute for the folder (abbreviated paths):

<sitemanifest>
    <IisApp path="C:\...\obj\...\Package\PackageTmp" managedRuntimeVersion="v4.0" />
    <setAcl path="C:\...\obj\...\Package\PackageTmp" setAclResourceType="Directory" />
    <setAcl path="C:\...\obj\...\Package\PackageTmp" setAclUser="anonymousAuthenticationUser" setAclResourceType="Directory" />
    <setAcl path="C:\...\obj\...\Package\PackageTmp\IDAutomation" setAclResourceType="Directory" setAclAccess="Read,Write" />
</sitemanifest>

So you can see there's no setAclUser on the setAcl element for the IDAutomation folder. Hopefully that will be a clue to someone?

Thanks again-

Community
  • 1
  • 1
kman
  • 2,184
  • 3
  • 23
  • 42
  • Try setting `UseMsDeployExe` to `true`; it will output the equivalent command line. – Richard Szalay Nov 17 '12 at 22:39
  • @RichardSzalay I set it to true and I can tell it switched to the command line: Task "VSMSDeploy" skipped, due to false condition; (!$(UseMsdeployExe)) was evaluated as (!true)..... but the end result is the same.. although now the output shows: Info: Adding ACL's for path (Site/app/IDAutomation) instead of the original "Updating setAcl..." as shown in my original question details. Are there any logs or anything I can look at on the server to see if something is preventing the permissions from being set? I've gone through the event logs. – kman Nov 19 '12 at 14:46
  • FWIW, I've worked through the common troubleshooting list [here](http://blogs.iis.net/kateroh/archive/2009/06/05/troubleshooting-common-msdeploy-issues.aspx) (which mentions a WMSvc log that is curiously absent) – kman Nov 19 '12 at 17:15

1 Answers1

6

sigh - Finally realized I was missing the setAclUser property from the AdditionalProviderSettings:

<AdditionalProviderSettings>setAclUser;setAclResourceType;setAclAccess</AdditionalProviderSettings>
kman
  • 2,184
  • 3
  • 23
  • 42