MSBuild可以使用集成身份验证还是仅使用基本身份验证进行部署? [英] Can MSBuild deploy using integrated authentication or only basic?
问题描述
我正在从MSBuild命令行将Web应用程序包部署到IIS6上的MSDepSvc,使用基本身份验证通过以下命令可以正常工作:
I'm deploying a web app package from the MSBuild command line to MSDepSvc on IIS6 which is working fine with the following command using basic authentication:
MSBuild.exe Web.csproj
/p:Configuration=Debug
/p:DeployOnBuild=True
/p:DeployTarget=MSDeployPublish
/p:MsDeployServiceUrl=http://[server name]/MsDeployAgentService
/p:DeployIisAppPath=DeploymentTestProject
/p:MSDeployPublishMethod=RemoteAgent
/p:CreatePackageOnPublish=True
/p:username=***
/p:password=***
但是,我真正想做的是删除用户名和密码参数,并以当前用户的身份回退到集成身份验证.该命令将进入构建服务器,并且我不希望在目标环境(MsDepSvc必需)上显示具有管理员权限的帐户的纯文本凭据.我找不到有关如何执行此操作的任何文档,并且在尝试发布时删除凭据会返回未经授权的401.
However, what I'd really like to do is drop the username and password parameters and fall back to integrated auth under the identity of the current user. This command is going into a build server and I'd prefer not to have the plain text credentials of an account with admin rights on the target environment (required for MsDepSvc) visible. I can't locate any documentation on how to do this and dropping off the credentials returns 401 unauthorised when I attempt to publish.
让我特别沮丧的是,我可以使用集成的auth(不包含凭据)在包中愉快地运行deploy命令,但似乎无法从MSBuild命令行运行它.我正在尝试将程序包封装和部署到一个命令中,而无需编辑构建文件,这是目前唯一的方法.
What makes it particularly frustrating is that I can happily run the deploy command in the package with integrated auth (just don't include credentials), I just can't seem to run it from the MSBuild command line. I'm trying to encapsulate the package and deploy processes into a single command without editing build files and this is the only thing in the way at present.
那里有什么主意吗?
修改 在与Sayed进行了一些讨论并更深入地研究了命令行输出之后,在执行了上面的MSBuild命令(没有用户名和密码参数)之后,下面的MSDeploy命令被调用:
Edit After some discussions with Sayed and looking a bit deeper into the command line output, after executing the MSBuild command above (without username and password parameters), the following MSDeploy command is being invoked:
msdeploy.exe
-source:package='[project path]\Web\obj\Debug\Package\Web.zip'
-dest:auto,ComputerName='http://[server]/MsDeployAgentService',UserName='***',IncludeAcls='False',AuthType='NTLM'
-verb:sync
-disableLink:AppPoolExtension
-disableLink:ContentExtension
-disableLink:CertificateExtension
-retryAttempts=2
您可以看到正在设置UserName属性,该值是当前登录用户的用户名.如果我将其取出并直接运行上述命令,则部署就可以了.
You can see the UserName attribute is being set and the value is the username of the current logged on user. If I take this out and run the above command directly, the deployment goes through just fine.
因此,在此基础上,为什么原始MSBuild命令在调用MSDeploy时插入UserName属性?这似乎是目前唯一的障碍.
So on that basis, why is the original MSBuild command inserting a UserName attribute when it calls MSDeploy? This appears to be the only barrier now.
推荐答案
答案是...
在上面关于当前身份的用户名的修改(即使在原始MSBuild调用中未传递时)仍保留到MSDeploy命令之后,我尝试重建参数以传递空用户名,如下所示:
Following my edit above about the current identity's username persisting to the MSDeploy command even when not passed in the original MSBuild call, I tried reconstructing the parameters to pass an empty username as follows:
MSBuild.exe Web.csproj
/p:Configuration=Debug
/p:DeployOnBuild=True
/p:DeployTarget=MSDeployPublish
/p:MsDeployServiceUrl=http://[server name]/MsDeployAgentService
/p:DeployIisAppPath=DeploymentTestProject
/p:MSDeployPublishMethod=RemoteAgent
/p:CreatePackageOnPublish=True
/p:username=
然后生成以下MSDeploy命令:
Which then generates the following MSDeploy command:
msdeploy.exe
-source:package='[project path]\obj\Debug\Package\Web.zip'
-dest:auto,ComputerName='http://[server name]/MsDeployAgentService',IncludeAcls='False',AuthType='NTLM'
-verb:sync
-disableLink:AppPoolExtension
-disableLink:ContentExtension
-disableLink:CertificateExtension
-retryAttempts=2
此调用不再包含UserName属性.简而言之,如果您不向MSBuild调用添加用户名参数,它将始终插入当前身份并推迟到基本身份验证,因为没有密码,该身份验证将失败.如果您包含username参数,但不给它一个值,则它根本不会在MSDeploy命令中包含它.
This call no longer includes the UserName attribute. So in short, if you do not add a username parameter to the MSBuild call it will insert the current identity anyway and defer to basic auth which will fail because there's no password. If you include the username parameter but don't give it a value, it doesn't include it at all in the MSDeploy command.
这篇关于MSBuild可以使用集成身份验证还是仅使用基本身份验证进行部署?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
