可以在子目录上使用Web Deploy的setAcl提供程序吗? [英] Can Web Deploy's setAcl provider be used on a sub-directory?

问题描述

我正在尝试使MS Deploy包中的子目录对应用程序池用户可写.感谢关于setAcl提供程序的有用帖子由Kevin Leetham撰写，我能够将我需要的大部分内容保存到我的项目文件中:

I'm trying to make a subdirectory in an MS Deploy package writable to the application pool user. Thanks to a helpful post about the setAcl provider by Kevin Leetham I was able to get most of what I need into my project file:

<MsDeploySourceManifest Include="setAcl"
                        Condition="$(IncludeSetAclProviderOnDestination)">
  <Path>$(_MSDeployDirPath_FullPath)\doc\public</Path>
  <setAclAccess>Read,Write,Modify</setAclAccess>
  <setAclResourceType>Directory</setAclResourceType>
  <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings>
</MsDeploySourceManifest>

请注意，我已经在根部署目录中添加了"\ doc \ public".在VS2010构建的结果清单中，我看到以下setAcl元素:

Note that I've added "\doc\public" to the root deployment directory. In the resulting manifest that VS2010 builds, I see the following setAcl element:

<sitemanifest>
  <contentPath path="C:\Source\...\obj\Debug\Package\PackageTmp" />
  <setAcl path="C:\Source\...\obj\Debug\Package\PackageTmp"
          setAclResourceType="Directory" />
  <setAcl path="C:\Source\...\obj\Debug\Package\PackageTmp"
          setAclUser="anonymousAuthenticationUser"
          setAclResourceType="Directory" />
  <setAcl path="C:\Source\...\obj\Debug\Package\PackageTmp\doc\public"
          setAclResourceType="Directory"
          setAclAccess="Read,Write,Modify" />
</sitemanifest>

最后一行看起来不错:它被附加到我想写的子目录中，并且访问修饰符似乎都已经转移得足够好了.

That last line looks good: it's appended the subdirectory I want to be writable, and the access modifiers all seem to have transferred over well enough.

但是，当我部署此软件包时，会收到错误消息:

However, when I deploy this package I receive an error:

错误:当 "setAcl"提供程序与物理路径一起使用.

Error: A value for the 'setAclUser' setting must be specified when the 'setAcl' provider is used with a physical path.

这是一个令人困惑的错误，因为我不是在物理路径上而是在Web应用程序的子目录上尝试设置ACL.查看MS Deploy的输出，很容易发现问题:

This is a confusing error because I'm not trying to set an ACL on a physical path, exactly, but a subdirectory of a web application. Looking at the output of MS Deploy, it's easy to see the problem:

Info: Adding setAcl (REST Services\1.0.334).
Info: Adding setAcl (REST Services\1.0.334).
Info: Adding setAcl (C:\...\obj\Release\Package\PackageTmp\doc\public).

MS Deploy显然是用Web应用程序名称代替我的绝对路径"C:... \ obj \ Release \ Package \ PackageTmp"，但是当我将"\ doc \ public"附加到该绝对路径时，它不再识别将其作为Web应用程序目录.此确切问题由另一个受害者在没有任何解决方案的ASP.NET论坛.

MS Deploy is apparently substituting the web application name for my absolute path "C:...\obj\Release\Package\PackageTmp", but when I append "\doc\public" to that absolute path it no longer recognizes it as a web application directory. This exact problem is described by another victim over on the ASP.NET forums without any resolution.

有人知道如何通过Web Deploy在Web应用程序的特定子目录上设置ACL，而无需手动识别目标主机上的物理路径和应用程序池用户吗?

Does anyone know how to set an ACL on a particular subdirectory of a web application via Web Deploy without manually identifying the physical path and application pool user on the target host?

推荐答案

好的，我首先要说这比应该做的难！

OK let me first say that this is way harder than it should be!

我认为它失败的原因是因为在发布时它无法将文件夹识别为IIS应用程序中的文件夹.发生这种情况的原因是，在调用SetAcl提供程序时，完整路径正在传输到目标.取而代之的是，我们需要相对于IIS应用程序的路径.例如，在您的情况下，它应该类似于:"REST SERVICES/1.0.334/doc/public".唯一的方法是创建一个MSDeploy参数，该参数将在发布时填充正确的值.除了在源清单中创建自己的SetAcl条目外，还必须执行此操作.请按照以下步骤操作.

I think the reason why it is failing is because when you are publishing it cannot recognize the folder as being a folder in the IIS Application. The reason this is happening is because the full path is being transferred to the destination when the SetAcl provider is invoked. Instead of that we need an path which is relative to the IIS Application. For instance in your case it should be something like : "REST SERVICES/1.0.334/doc/public". The only way to do this is to create an MSDeploy parameter which gets populated with the correct value at publish time. You will have to do this in addition to creating your own SetAcl entry in the source manifest. Follow the steps below.

1. 在与您的项目相同的目录中，创建一个名为{ProjectName} .wpp.targets的文件(其中{ProjectName}是您的Web应用程序项目的名称)
2. 在文件内部粘贴此列表下方的MSBuild内容
3. 在Visual Studio中重新加载项目(VS将项目文件缓存在内存中，因此需要清除此缓存).

{ProjectName} .wpp.targets

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

  <Target Name="SetupCustomAcls" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">   
    <!-- This must be declared inside of a target because the property 
    $(_MSDeployDirPath_FullPath) will not be defined at that time. -->
    <ItemGroup>
      <MsDeploySourceManifest Include="setAcl">
        <Path>$(_MSDeployDirPath_FullPath)\doc\public</Path>
        <setAclAccess>Read,Write,Modify</setAclAccess>
        <setAclResourceType>Directory</setAclResourceType>
        <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings>
      </MsDeploySourceManifest>
    </ItemGroup>
  </Target>

  <Target Name="DeclareCustomParameters" AfterTargets="AddIisAndContentDeclareParametersItems">
    <!-- This must be declared inside of a target because the property 
    $(_EscapeRegEx_MSDeployDirPath) will not be defined at that time. -->
    <ItemGroup>
      <MsDeployDeclareParameters Include="DocPublicSetAclParam">
        <Kind>ProviderPath</Kind>
        <Scope>setAcl</Scope>
        <Match>^$(_EscapeRegEx_MSDeployDirPath)\\doc\\public$</Match>
        <Value>$(_DestinationContentPath)/doc/public</Value>
        <ExcludeFromSetParameter>True</ExcludeFromSetParameter>
      </MsDeployDeclareParameters>
    </ItemGroup>
  </Target>

</Project>

为对此进行解释，目标SetupCustomAcls将导致新的SetAcl条目被放置在发布期间使用的源清单的内部.该目标在 AddIisSettingAndFileContentsToSourceManifest 目标执行后通过AfterTargets属性执行.我们这样做是为了确保在正确的时间创建项目值，并且因为我们需要确保填充属性 _MSDeployDirPath_FullPath .

To explain this a bit, the target SetupCustomAcls will cause a new SetAcl entry to be placed inside of the source manifest used during publishing. This target is executed after the AddIisSettingAndFileContentsToSourceManifest target executes, via the AfterTargets attribute. We do this to ensure that the item value is created at the right time and because we need to ensure that the property _MSDeployDirPath_FullPath is populated.

将在其中创建自定义MSDeploy参数的DeclareCustomParameters.该目标将在 AddIisAndContentDeclareParametersItems 目标之后执行.我们这样做是为了确保填充属性 _EscapeRegEx_MSDeployDirPath .请注意，当我声明参数的值(在Value元素内部)时，在该目标内部使用了属性 _DestinationContentPath ，该属性是MSBuild属性，其中包含要部署应用程序的路径，即 REST服务/1.0.334.

The DeclareCustomParameters is where the custom MSDeploy parameter will be created. That target will execute after the AddIisAndContentDeclareParametersItems target. We do this to ensure that the property _EscapeRegEx_MSDeployDirPath is populated. Notice inside that target when I declare the value of the parameter (inside the Value element) that I use the property _DestinationContentPath which is the MSBuild property containing the path to where your app is being deployed, i.e. REST Services/1.0.334.

您可以尝试一下，让我知道它是否对您有用吗?

Can you try that out and let me know if it worked for you or not?

这篇关于可以在子目录上使用Web Deploy的setAcl提供程序吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！