MSBuild 可以使用集成身份验证部署还是仅使用基本身份验证? [英] Can MSBuild deploy using integrated authentication or only basic?
问题描述
我正在将 Web 应用程序包从 MSBuild 命令行部署到 IIS6 上的 MSDepSvc,使用基本身份验证的以下命令可以正常工作:
I'm deploying a web app package from the MSBuild command line to MSDepSvc on IIS6 which is working fine with the following command using basic authentication:
MSBuild.exe Web.csproj
/p:Configuration=Debug
/p:DeployOnBuild=True
/p:DeployTarget=MSDeployPublish
/p:MsDeployServiceUrl=http://[server name]/MsDeployAgentService
/p:DeployIisAppPath=DeploymentTestProject
/p:MSDeployPublishMethod=RemoteAgent
/p:CreatePackageOnPublish=True
/p:username=***
/p:password=***
但是,我真正想做的是删除用户名和密码参数,并以当前用户的身份回退到集成身份验证.此命令将进入构建服务器,我不希望在目标环境(MsDepSvc 所需)上具有管理员权限的帐户的纯文本凭据可见.我找不到任何有关如何执行此操作的文档,并且在我尝试发布时丢弃凭据返回 401 未经授权.
However, what I'd really like to do is drop the username and password parameters and fall back to integrated auth under the identity of the current user. This command is going into a build server and I'd prefer not to have the plain text credentials of an account with admin rights on the target environment (required for MsDepSvc) visible. I can't locate any documentation on how to do this and dropping off the credentials returns 401 unauthorised when I attempt to publish.
特别令人沮丧的是,我可以愉快地在带有集成身份验证的包中运行部署命令(只是不包括凭据),但我似乎无法从 MSBuild 命令行运行它.我正在尝试将包和部署流程封装到一个命令中而不编辑构建文件,这是目前唯一的方法.
What makes it particularly frustrating is that I can happily run the deploy command in the package with integrated auth (just don't include credentials), I just can't seem to run it from the MSBuild command line. I'm trying to encapsulate the package and deploy processes into a single command without editing build files and this is the only thing in the way at present.
有什么想法吗?
编辑在与 Sayed 讨论并深入了解命令行输出后,在执行上面的 MSBuild 命令(没有用户名和密码参数)之后,正在调用以下 MSDeploy 命令:
Edit After some discussions with Sayed and looking a bit deeper into the command line output, after executing the MSBuild command above (without username and password parameters), the following MSDeploy command is being invoked:
msdeploy.exe
-source:package='[project path]WebobjDebugPackageWeb.zip'
-dest:auto,ComputerName='http://[server]/MsDeployAgentService',UserName='***',IncludeAcls='False',AuthType='NTLM'
-verb:sync
-disableLink:AppPoolExtension
-disableLink:ContentExtension
-disableLink:CertificateExtension
-retryAttempts=2
您可以看到正在设置 UserName 属性,其值为当前登录用户的用户名.如果我把它拿出来直接运行上面的命令,部署就很好了.
You can see the UserName attribute is being set and the value is the username of the current logged on user. If I take this out and run the above command directly, the deployment goes through just fine.
那么在此基础上,为什么原来的 MSBuild 命令在调用 MSDeploy 时会插入 UserName 属性?这似乎是现在唯一的障碍.
So on that basis, why is the original MSBuild command inserting a UserName attribute when it calls MSDeploy? This appears to be the only barrier now.
推荐答案
答案是……
根据我上面关于当前身份的用户名持续到 MSDeploy 命令的编辑,即使未在原始 MSBuild 调用中传递,我尝试重构参数以传递空用户名,如下所示:
Following my edit above about the current identity's username persisting to the MSDeploy command even when not passed in the original MSBuild call, I tried reconstructing the parameters to pass an empty username as follows:
MSBuild.exe Web.csproj
/p:Configuration=Debug
/p:DeployOnBuild=True
/p:DeployTarget=MSDeployPublish
/p:MsDeployServiceUrl=http://[server name]/MsDeployAgentService
/p:DeployIisAppPath=DeploymentTestProject
/p:MSDeployPublishMethod=RemoteAgent
/p:CreatePackageOnPublish=True
/p:username=
然后生成以下 MSDeploy 命令:
Which then generates the following MSDeploy command:
msdeploy.exe
-source:package='[project path]objDebugPackageWeb.zip'
-dest:auto,ComputerName='http://[server name]/MsDeployAgentService',IncludeAcls='False',AuthType='NTLM'
-verb:sync
-disableLink:AppPoolExtension
-disableLink:ContentExtension
-disableLink:CertificateExtension
-retryAttempts=2
此调用不再包含 UserName 属性.所以简而言之,如果你不向 MSBuild 调用添加用户名参数,它将插入当前身份并推迟到基本身份验证,这将失败,因为没有密码.如果您包含用户名参数但不给它一个值,则它根本不包含在 MSDeploy 命令中.
This call no longer includes the UserName attribute. So in short, if you do not add a username parameter to the MSBuild call it will insert the current identity anyway and defer to basic auth which will fail because there's no password. If you include the username parameter but don't give it a value, it doesn't include it at all in the MSDeploy command.
这篇关于MSBuild 可以使用集成身份验证部署还是仅使用基本身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
