Login/Register
How can I stop Visual Studio's Web Publish from removing write permissions from my target web site?
Asked Answered
Solved orchardcmsaclmsdeployweb-publishing
M

2

13

I have a web app (actually Orchard CMS) that I am customizing and I want to push directl from my build server to my hosting provider, using Web Publishing aka MSDeploy.

The problem is, when I publish the site (from Visual Studio, haven't tried it from the build server yet) it removes the write permission from the target web site, which makes Orchard instantly fall over because it can no longer access its database (etc).

We can debate the wisdom of this, but the bottom line is that Orchard requires write access, and web publishing insists on removing that access, which breaks the site. Not good. I have to log in to the service provider's control panel and reset the permissions each time I publish, which kind of makes the process less than automatic.

So, how do I get Web Publishing to leave the ACLs alone? I can't find any settings for this in the solution anywhere.

Masochism answered 27/5, 2013 at 23:57 Comment(1)
This should really be a setting in the publish but web deploy documentation is very patchy.Chemistry
S
19

You can add turn off the ACL setting functionality by adding this to the .pubxml file:

    <IncludeSetACLProviderOnDestination>False</IncludeSetACLProviderOnDestination>

See http://msdn.microsoft.com/en-us/library/ff398069.aspx

The article also mentions you can change this for all publish configurations via a local .wpp.targets file. Make sure to consider that option if you use multiple publish configurations

Substitutive answered 28/5, 2013 at 15:46 Comment(5)
Interesting - that seems simple enough. What's the difference between this approach and modifying the .csproj file, as suggested by @Paul?Masochism
Editing the publish file changes that setting for that Publish profile only. Editing the project file changes it for every publish with any profile. There is also a way to change a targets (or similar) file in the visual studio folders that will change this setting for all projects if I recall correctly, but I can't remember where this is.Rowell
The doc I linked to in the answer also mentions the .wpp.targets file -- creating that file and putting this setting in it is another alternative if you want to make this setting apply to all profiles rather than just selected profiles.Substitutive
I found it difficult to choose which answer to accept as they are both essentially proposing the same fix. In the end I went with this one because it seems slightly simpler and more flexible and mentions the .wpp.targets file, which I eventually used, and because my follow-up questions were answered. Thank you!Masochism
is there a more UI friendly solution? (e.g. a visual studio extension or tool to easily configure this without unload project - edit - reload)Quipu
R
2

In some cases you may find that after publishing a project using Web Deploy the ASPNet IUSR cannot write to the root directory or any files within it (except App_Data).

By default Web Deploy sets the ACL of the ASPNet IUSR to read only. To prevent this from causing problems when you publish your application, you will need to locate the project file and make some changes. The project file will end with the extension .vbproj for applications written in Visual Basic or .csproj for applications written in C#. In the project file find:

<propertygroup condition=" '$(Configuration)|$(Platform)' ==
'Release|AnyCPU' "></propertygroup>

and change it to:

<propertygroup condition=" '$(Configuration)|$(Platform)' ==
'Release|AnyCPU' ">
<includesetaclproviderondestination>False</includesetaclproviderondestination>
</propertygroup>

This will ensure that ACL is not modified by Web Deploy.

If you already deployed to a 3rd party hosting provider, you may need to contact them to get your permissions reset before doing another deployment.

Rowell answered 29/5, 2013 at 13:1 Comment(2)
The site is functional - luckily the hosting provider lets me enable Write permission in the control panel.Masochism
Interesting - that seems simple enough. What's the difference between this approach and modifying the .pubxml file, as suggested by @tdykstra?Masochism

© 2022 - 2024 — McMap. All rights reserved.