可以在子目录上使用 Web Deploy 的 setAcl 提供程序吗? [英] Can Web Deploy's setAcl provider be used on a sub-directory?

问题描述

我正在尝试使 MS Deploy 包中的子目录对应用程序池用户可写.感谢 关于 setAcl 提供程序的有用帖子 作者:Kevin Leetham 我能够将我需要的大部分内容放入我的项目文件中:

I'm trying to make a subdirectory in an MS Deploy package writable to the application pool user. Thanks to a helpful post about the setAcl provider by Kevin Leetham I was able to get most of what I need into my project file:

<MsDeploySourceManifest Include="setAcl"
                        Condition="$(IncludeSetAclProviderOnDestination)">
  <Path>$(_MSDeployDirPath_FullPath)docpublic</Path>
  <setAclAccess>Read,Write,Modify</setAclAccess>
  <setAclResourceType>Directory</setAclResourceType>
  <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings>
</MsDeploySourceManifest>

请注意，我已将docpublic"添加到根部署目录.在 VS2010 构建的结果清单中，我看到以下 setAcl 元素:

Note that I've added "docpublic" to the root deployment directory. In the resulting manifest that VS2010 builds, I see the following setAcl element:

<sitemanifest>
  <contentPath path="C:Source...objDebugPackagePackageTmp" />
  <setAcl path="C:Source...objDebugPackagePackageTmp"
          setAclResourceType="Directory" />
  <setAcl path="C:Source...objDebugPackagePackageTmp"
          setAclUser="anonymousAuthenticationUser"
          setAclResourceType="Directory" />
  <setAcl path="C:Source...objDebugPackagePackageTmpdocpublic"
          setAclResourceType="Directory"
          setAclAccess="Read,Write,Modify" />
</sitemanifest>

最后一行看起来不错:它附加了我想要可写的子目录，并且访问修饰符似乎都已经转移得足够好.

That last line looks good: it's appended the subdirectory I want to be writable, and the access modifiers all seem to have transferred over well enough.

但是，当我部署这个包时，我收到一个错误:

However, when I deploy this package I receive an error:

错误:必须指定setAclUser"设置的值，当setAcl"提供程序与物理路径一起使用.

Error: A value for the 'setAclUser' setting must be specified when the 'setAcl' provider is used with a physical path.

这是一个令人困惑的错误，因为我并不是要在物理路径上设置 ACL，确切地说，是在 Web 应用程序的子目录上.查看MS Deploy的输出，很容易看出问题所在:

This is a confusing error because I'm not trying to set an ACL on a physical path, exactly, but a subdirectory of a web application. Looking at the output of MS Deploy, it's easy to see the problem:

Info: Adding setAcl (REST Services1.0.334).
Info: Adding setAcl (REST Services1.0.334).
Info: Adding setAcl (C:...objReleasePackagePackageTmpdocpublic).

MS Deploy 显然用 Web 应用程序名称代替了我的绝对路径C:...objReleasePackagePackageTmp"，但是当我将docpublic"附加到该绝对路径时，它不再识别它作为一个 web 应用程序目录.另一个受害者 描述了这个确切的问题.ASP.NET 论坛没有任何解决方案.

MS Deploy is apparently substituting the web application name for my absolute path "C:...objReleasePackagePackageTmp", but when I append "docpublic" to that absolute path it no longer recognizes it as a web application directory. This exact problem is described by another victim over on the ASP.NET forums without any resolution.

有谁知道如何在不手动识别目标主机上的物理路径和应用程序池用户的情况下，通过 Web Deploy 在 Web 应用程序的特定子目录上设置 ACL?

Does anyone know how to set an ACL on a particular subdirectory of a web application via Web Deploy without manually identifying the physical path and application pool user on the target host?

推荐答案

好吧，我先说这比应该的要难多了！

OK let me first say that this is way harder than it should be!

我认为它失败的原因是当您发布时它无法将该文件夹识别为 IIS 应用程序中的文件夹.发生这种情况的原因是当调用 SetAcl 提供程序时，完整路径正在传输到目标.取而代之的是，我们需要一个相对于 IIS 应用程序的路径.例如，在您的情况下，它应该类似于:REST SERVICES/1.0.334/doc/public".执行此操作的唯一方法是创建一个 MSDeploy 参数，该参数在发布时填充正确的值.除了在源清单中创建自己的 SetAcl 条目之外，您还必须执行此操作.请按照以下步骤操作.

I think the reason why it is failing is because when you are publishing it cannot recognize the folder as being a folder in the IIS Application. The reason this is happening is because the full path is being transferred to the destination when the SetAcl provider is invoked. Instead of that we need an path which is relative to the IIS Application. For instance in your case it should be something like : "REST SERVICES/1.0.334/doc/public". The only way to do this is to create an MSDeploy parameter which gets populated with the correct value at publish time. You will have to do this in addition to creating your own SetAcl entry in the source manifest. Follow the steps below.

1. 在与您的项目相同的目录中，创建一个名为 {ProjectName}.wpp.targets 的文件(其中 {ProjectName} 是您的 Web 应用程序项目的名称)
2. 在文件内粘贴此列表下方的 MSBuild 内容
3. 在 Visual Studio 中重新加载项目(VS 将项目文件缓存在内存中，因此需要清除此缓存).

{ProjectName}.wpp.targets

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

  <Target Name="SetupCustomAcls" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">   
    <!-- This must be declared inside of a target because the property 
    $(_MSDeployDirPath_FullPath) will not be defined at that time. -->
    <ItemGroup>
      <MsDeploySourceManifest Include="setAcl">
        <Path>$(_MSDeployDirPath_FullPath)docpublic</Path>
        <setAclAccess>Read,Write,Modify</setAclAccess>
        <setAclResourceType>Directory</setAclResourceType>
        <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings>
      </MsDeploySourceManifest>
    </ItemGroup>
  </Target>

  <Target Name="DeclareCustomParameters" AfterTargets="AddIisAndContentDeclareParametersItems">
    <!-- This must be declared inside of a target because the property 
    $(_EscapeRegEx_MSDeployDirPath) will not be defined at that time. -->
    <ItemGroup>
      <MsDeployDeclareParameters Include="DocPublicSetAclParam">
        <Kind>ProviderPath</Kind>
        <Scope>setAcl</Scope>
        <Match>^$(_EscapeRegEx_MSDeployDirPath)\doc\public$</Match>
        <Value>$(_DestinationContentPath)/doc/public</Value>
        <ExcludeFromSetParameter>True</ExcludeFromSetParameter>
      </MsDeployDeclareParameters>
    </ItemGroup>
  </Target>

</Project>

为了稍微解释一下，目标 SetupCustomAcls 将导致一个新的 SetAcl 条目被放置在发布期间使用的源清单内.该目标在 AddIisSettingAndFileContentsToSourceManifest 目标执行后通过 AfterTargets 属性执行.我们这样做是为了确保在正确的时间创建项目值，因为我们需要确保填充了属性 _MSDeployDirPath_FullPath.

To explain this a bit, the target SetupCustomAcls will cause a new SetAcl entry to be placed inside of the source manifest used during publishing. This target is executed after the AddIisSettingAndFileContentsToSourceManifest target executes, via the AfterTargets attribute. We do this to ensure that the item value is created at the right time and because we need to ensure that the property _MSDeployDirPath_FullPath is populated.

DeclareCustomParameters 是自定义 MSDeploy 参数的创建位置.该目标将在 AddIisAndContentDeclareParametersItems 目标之后执行.我们这样做是为了确保填充属性 _EscapeRegEx_MSDeployDirPath.请注意，当我声明参数的值(在 Value 元素内)时，请注意在该目标内，我使用了属性 _DestinationContentPath，这是包含应用程序部署路径的 MSBuild 属性，即 REST 服务/1.0.334.

The DeclareCustomParameters is where the custom MSDeploy parameter will be created. That target will execute after the AddIisAndContentDeclareParametersItems target. We do this to ensure that the property _EscapeRegEx_MSDeployDirPath is populated. Notice inside that target when I declare the value of the parameter (inside the Value element) that I use the property _DestinationContentPath which is the MSBuild property containing the path to where your app is being deployed, i.e. REST Services/1.0.334.

你能尝试一下，让我知道它是否对你有用吗?

Can you try that out and let me know if it worked for you or not?

这篇关于可以在子目录上使用 Web Deploy 的 setAcl 提供程序吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！