Installing Web Deploy on IIS 7+ with Shared Configuration enabled - asp.net

We have a web farm environment running IIS 7.5 on Windows 2008R2. We use shared configuration and web storage replication.
We tried to install Web Deploy (v3.5) on one of the servers but receive an error message saying that Web Deploy is not supported with Shared Configuration.
Is it possible to run Web Deploy in a shared configuration environment? If so how?
NOTE: We have figured this out so I am posting the answer here. There is little to no documentation that we could find on this topic so I thought it best to host the info here so the rest of the world can easily find it.

Yes Web Deploy can be installed on an IIS server using Shared Configuration. Here are the step we used to get it to work. Any comments, improvements or considerations are welcome.
Open IIS and select the server node in the tree.
Open the Shared Configuration in the Management section.
Uncheck Shared Configuration select Yes to copy the configuration to the local storage.
Do this to ALL servers that have been sharing configuration as you need to rebuild the configuration once Web Deploy is installed and reattach each server.
Install Web Deploy 3.5 (or newer) via the Web Platform Installer found here:
http://www.microsoft.com/web/gallery/install.aspx?appid=WDeploy
Installing Web Deploy will modify the authentication rules which will cause issues in a Shared Configuration environment so these rules need to be manually updated.
Open IIS and select the server node in the tree.
Open the Management Service Delegation module in the Management section (this module appears once Web Deploy is installed).
Edit the following rules and set the credentials to the a user that has access to the Shared Configuration. Typically a new account can be made that can be granted access to the Shared Configuration storage or use IIS service account. This will enable the web deployment agent to access the shared configuration with a domain account instead of the default local account.
createApp
recycleAPP
appPoolPipeline,appPoolNetFx
backupSettings
Restart the Web Deployment Agent service.
Restart the Web Management service.
Restart the IIS service.
Make sure you have disabled shared configuration on all servers.
Now to re-enable shared configuration, open IIS and select the server node in the tree.
Open the Shared Configuration in the Management section.
If this is the first server you need to export the configuration using the following steps (if not skip to next step):
Click Export Configuration...
Set the Physical Path to the shared configuration location and enter the appropriate encryption key.
You should see a success dialog if the export was successful.
Check Enable shared configuration.
Set the Physical Path to the shared configuration location and click Apply.
Enter the appropriate encryption key and click Ok.
Restart the IIS service.
You will then need to perform these steps again for each server using the shared configuration except you can skip step #14.

Related

IIS 10 getting 401 unauthorized

Deploying an asp.net project on local IIS server as a release version. Getting 401 unauthorized error on API call (allow anonymous enabled). Server runs with administrator user principal. This principal has all the permissions. And the project declared as application with correct .net library. The only thing I can't change is read only flag on the project directory. Anyone can help? Nothing in google resources worked...
Update: After a lot of searching and digging, I found a solution:
IIS Application basic settings - The default settings is to run application with Application pool user, which is usually limited with it's files access permissions. So the idea is to run application with administrator user.
Run as - enter administrator user name and password
Application pool type - The default application pool type is 2 and sometimes new .NET libraries are not accessible. So you have to add all the missing ASP.NET types to IIS.
Usually ASP.Net version suppose to be classic, in this case application works fast. Otherwise application refresh time may take long period.
Local folder permission - add local administrator, that you defined on IIS settings, and grand him all permissions to the folder recursively
SQL Server Management- the default server authentication is Windows Authentication, make it SQL Server and Windows Authentication mode
Add new user to the server and grand him all the permission to the database
Add this user to database Users and change the SQL connection string at the project accordingly. This way you prevent application pull trying to connect with database with it's user
Just posting this here as I went around in circles trying to diagnose an intermittent 401 error.
I had a virtual sub directory within the web application that referenced an external folder which was out of the directory tree so had different folder permissions.
Any scripts that referenced this folder failed - while others ran completely fine.

Uploading file Azure Clound Service WebRole gives me an error: Access to path denied

I have an ASP.NET MVC Application running as an Azure Cloud Service WebRole and I need to b able to upload files to my /Views/Whatever directory so I can quickly edit files on the fly without having to re-publish which can take 30 minutes.
How can I set the permissions to allow me to save files to this path?
If it's a single instance Web Role (which I assume it would be, I can't imagine you editing files on each one of the instances), then you can just enable Web Deploy on your deployment and be done. Then you can use Web Deploy to send the updates to your site without having to RDP. Just keep in mind that if for whatever reason the machine has to be moved or re-imaged (e.g. host updates) you'll lose your changes if they are not part of the Cloud Package (cspkg).
You can enable the option as part of the deployment of your Cloud Service.

How to configure Web Deploy publishing feature on IIS so developer can publish?

I control a server running IIS 8 on Windows Server 2012. I want to publish a few basic asp.net websites with the Publish option in Visual Studio 2012. There are no good/current Microsoft articles on the server configuration steps.
1) What exactly do I need to do on the server? I don't see any "web deploy" role option under the various IIS roles. I have read of some people downloading and installing "Web Deploy 3.0" from Microsoft but that file is one year old and it seems strange that I would have to download another file to use a promoted IIS file deployment option. If you are using IIS7 or IIS7.5 instead of IIS8 like me, please feel free to reply what YOU do, but let me know what version you are using.
2) Is the authentication process encrypted? For example, FTP would send passwords in plain text. FTP over SSL doesn't but setting up even a self-issued SSL cert is annoying just to get secure authentication. So what about Web Deploy? Is it safe or no?
3) Must I open port 8172 on the server's firewall? Microsoft's documentation says I "might need to".
4) On the Visual Studio side, it wants an account for authentication. Is this a Windows account on the server? Should I then right click the IIS website folder on the server and add this user there or is there some other preferred way of mapping users to websites? If so, what rights are required?
Please answer any or all of the above but please focus on the server side configuration and not the client (visual studio). Please don't suggest FTP as I am truly wanting to try Web Deploy. I am adding an IIS 7.5 tag too since some of the answers may be the same as for IIS 8.
It appears that one must still download the Web Deploy extension. Also, Version 3.5 is now available.
To download on a server, default IE security rules will require you add something like http://*.microsoft.com as a trusted site else you can't download the installer.
The whole package is rather large in its purpose and covers many deployment/backup/transfer type scenarios for IIS. So, when you install it, it turns into "Web Platform Installer 4.6" and installs roughly 10 prerequisites in addition to Web Deploy 3.5. Those prerequisites covers CLR Types, SQL Server framework (even if you don't have SQL Server installed), SQL Server shared management objects, etc. I did check afterwards if all these items are uninstallable through control panel (in case I changed my mind about web deploy) and they are there.
Finally, to configure web deploy on a site, I found this document:
http://www.iis.net/learn/publish/using-web-deploy/configure-the-web-deployment-handler
To find more information about this, google "web deployment handler".
It also does appear that you can configure secure authentication, which is the main reason I went down this Web Deploy publishing path instead of using plain clear-text FTP. However, http://www.iis.net/learn/publish/using-web-deploy/introduction-to-web-deploy says
Web Deploy is secure. Web Deploy supports transfer over HTTPS. Note that variants of FTP such as SFTP and FTPS are also secure.
I'm not sure if this means I will have to use an SSL certificate anyway. I was hoping Web Deploy provided more authentication options that were both secure and didn't need a certificate.
The answer marked correct pointed me in the right direction to publish a web site from Visual Studio 2013 to Server 2012. The Validate Connection button kept stating check Web Management service is installed.
As of April 2014 these simple steps work:
Install Web Deploy
http://www.iis.net/downloads/microsoft/web-deploy
In Powershell:
(from: https://www.orcsweb.com/blog/jamie-furr/manage-and-install-iis8-on-windows-2012-server-core/)
Install-WindowsFeature Web-Server
Install-WindowsFeature Web-Mgmt-Service
Set-ItemProperty -Path
HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name
EnableRemoteManagement -Value 1
Net Stop WMSVC
Net Start
WMSVC
netsh advfirewall firewall add rule name=”Allow Web
Management” dir=in action=allow service=”WMSVC”
In IIS:
(from
http://blog.richardszalay.com/2013/02/02/building-a-deployment-pipeline-with-msdeploy-part-4-server-configuration/)
Create a new non-admin user
Once your user is created, we need
to grant it permission to deploy the site. Right click on your
website and select “Configure for Web Deploy Publishing…” from the
“Deploy” sub menu

Publish ASP.NET MVC 3 (Razor) app onto remote server running Windows Server 2003 with IIS 6

I have built an ASP.NET MVC 3 web application (with exlusively Razor/cshtml pages) that runs fine on my local machine with IIS Express. Now I'm trying to publish it to a remote server that is running Windows Server 2003 and IIS 6 and has just been upgraded to .NET Framework 4.0.
I was able to successfully publish all the files to the proper directory on the remote server using Visual Studio 2010's Publish dialog (Publish method: FTP), and I've followed the instructions for including all the DLLs needed to run ASP.NET MVC on a machine that doesn't have it installed, but now I'm pretty much stuck.
The first issue is that I don't have access to the remote server's IIS. I may be able to get the hosting company to add a virtual directory or change a setting, but I'm not sure they know what they're doing, and at the moment, I wouldn't know what to tell them anyway.
The second issue is that I need my web app to live inside an existing site (the web app is basically a protected members area of the main website). So, pretend the main site is http://www.foobar.com. I'd like my web app to be accessed by entering the URL http://www.foobar.com/members.
Questions
Is it possible to publish my web app without access to the remote server's IIS?
If not, what exactly do I need to tell the hosting company to add or change in IIS?
Do the settings under the Web tab of project properties affect publishing or just local debugging? At the moment, I have it set to use IIS Express, and the Project URL is "http://localhost:7373/". Do I need to change these?
Given that the remote server is running Windows Server 2003 and IIS 6.0, is it possible to use Web Deploy or am I limited to FTP?
If I can use Web Deploy, what do I put for the Service URL? All I have right now is a URL in the format of ftp://www.foobar.com/www and a username and password.
If I need to use FTP, what steps do I need to take to get the app working once the necessary files have been uploaded to ftp://www.foobar.com/www/members? I'm not worried about database, security certificates, registry, GAC, etc., I just want to know the steps necessary to get the home page of my web app to come up when I put http://www.foobar.com/members.
Have you had a look at this article by Scott Hanselman?
In addition to that article, please read the following thread on StackOverflow on pretty much the same environment as yourself.
Edit
Your first step should be to get the hosting company to set up the virtual directory with the following parameters (IIS 6):
ASP.NET Version: 4.0.30319 (or later)
Local Path: [root ftp path for main website]\Members
[ ] Script source access (unchecked)
[x] Read (checked)
[ ] Write (unchecked)
[ ] Directory browsing (unchecked)
[x] Log Visits (checked)
[x] Index this resource (checked)
Application Name: Members
Execute Permissions: Scripts only
Application Pool: ASP.NET 2.0

How to use msdeploy and target a specific site?

When using msdeploy and the msdeploy.axd handler any attempts to deploy to my remote server is met with a 401 not authorized error and the server logs
IISWMSVC_AUTHORIZATION_SERVER_NOT_ALLOWED
Only Windows Administrators are allowed to connect using a server
connection. Other users should use the 'Connect To Site or
Application' task to be able to connect.
Process:WMSvc
What is the correct way to target the axd for the site level?
This might depend on how you're specifying the connection on the client side as well - if you're using msdeploy.exe you would specify the computername argument including a "?site=" query so that you connect at that site level rather than the server level, for example:
msdeploy.exe -verb:dump -source:iisapp="siteName",computername=https://servername:8172/msdeploy.axd?site=siteName,username=user,password=pass,authType=basic [-allowUntrusted]
If you use Web Deploy Tool 2.0 you can use IIS Manager UI to enable non-admin users to deploy website:
Start IIS Manager
Right-click the site you want to publish to, click Deploy and then click “Configure Web Deploy Publishing...”
When you click Setup button Web Deploy grants necessary permissions to selected user. You can discard generated file.
See Announcing Web Deploy 2.0 Refresh!
If you're using WMSvc, I'm assuming this is IIS7 ...
If so, then you can deploy with a normal account but you have to make sure these 3 criteria are met:
Your account needs to have:
1 IIS Manager permission for the site/app you are trying to connect with.
2 A delegation rule for msdeploy, that states that you are allowed to do ContentPath operations.
3 Actual filesystem/ACL access to the files.

Resources