I've sent you three private messages as a response to your message and still no response. If you need more detailed information beside what I've sent to you just say it and I will do my best to provide it but not I'm just wondering if you are really commited
to solving this issue.
I've published 5 various apps using WebMatrix and I didn't faced permission removal problem. I'm waiting for response from my customers. It would be good if other people who experienced this issue could tell if installing WebDeploy v3b fixed their problem
too.
I ran into this same issue today so I wanted to include a summary and some more details since this is a long thread.
It’s a WebDeploy issue with Visual Studio, but not with WebMatrix because of the way they each update the permissions on deployment. The issue is caused by the inherited permissions being dropped. If you inherit permissions like SYSTEM, Administrator and
other management accounts then they will be dropped with a Visual Studio WebDeploy publish.
There are three possible solutions or workarounds (the 3rd is what I used):
1) Update the server to use WebDeploy 3.0.
I haven’t tested but harshmittal mentioned above that V3 beta has a fix for this.
2) Fix the ACLs on the site:
The kicker is that for WebDeploy v2.0 and earlier the folder above the site root needs to have proper permission for the WebDeploy setAcl assigned user. As an example, consider the case of WebsitePanel with the following structure: c:\HostingSpace\accountname\domain.com\wwwroot\.
It’s ‘domain.com’ that needs to have proper permissions assigned.
You would need to run the following:
icacls c:\HostingSpaces\accountname\domain.com\ /grant management_account:(OI)(CI)(Rc,S)
3) Update the Service Delegation rules
My situation today is for WebsitePanel which sets the permissions on ‘domain.com’ automatically. So I can’t use option #2 without applying code changes to WebsitePanel. Instead, there is another option.
If you used an identityType of CurrentUser for the setAcl provider then you can switch that to a SpecificUser which has permissions to the disk. In this case of WebsitePanel it does need to be an administrator on the server, but the user can be used for
just this specific task to minimize the footprint.
GrZeCh
64 Posts
Re: BUG – Permissions removed from an application root folder
Nov 14, 2011 08:45 PM|LINK
GrZeCh
64 Posts
Re: BUG – Permissions removed from an application root folder
Nov 17, 2011 09:56 AM|LINK
Hello,
I've sent you three private messages as a response to your message and still no response. If you need more detailed information beside what I've sent to you just say it and I will do my best to provide it but not I'm just wondering if you are really commited to solving this issue.
Regards
harshmittal
28 Posts
Microsoft
Moderator
Re: BUG – Permissions removed from an application root folder
Nov 17, 2011 06:15 PM|LINK
Hi GrZech,
Sorry for delayed response, I was off from the work due to being sick. I am looking into the issue right away.
Regards,
Harsh
GrZeCh
64 Posts
Re: BUG – Permissions removed from an application root folder
Nov 17, 2011 06:38 PM|LINK
harshmittal
28 Posts
Microsoft
Moderator
Re: BUG – Permissions removed from an application root folder
Dec 05, 2011 09:24 PM|LINK
We worked on this issue with GrZeCh offline and found that Webdeploy V3 beta has fix for this issue. Thanks GrZeCh for your help.
Others who are facing this issue, please download V3 beta from http://www.microsoft.com/download/en/details.aspx?id=27430 and please report if it fixes the issue.
Regards,
Harsh
GrZeCh
64 Posts
Re: BUG – Permissions removed from an application root folder
Dec 05, 2011 09:29 PM|LINK
Hello,
I've published 5 various apps using WebMatrix and I didn't faced permission removal problem. I'm waiting for response from my customers. It would be good if other people who experienced this issue could tell if installing WebDeploy v3b fixed their problem too.
Regards
MaciejR
26 Posts
Re: BUG – Permissions removed from an application root folder
Dec 05, 2011 09:40 PM|LINK
Thank you GrZeCh for your support to Microsoft.
Now, it is perhaps a right time to fix also the bug described below ?
http://forums.asp.net/p/1623437/4177355.aspx#4177355
Regards,
Maciej
OWScott
286 Posts
Re: BUG – Permissions removed from an application root folder
Mar 05, 2012 10:34 PM|LINK
I ran into this same issue today so I wanted to include a summary and some more details since this is a long thread.
It’s a WebDeploy issue with Visual Studio, but not with WebMatrix because of the way they each update the permissions on deployment. The issue is caused by the inherited permissions being dropped. If you inherit permissions like SYSTEM, Administrator and other management accounts then they will be dropped with a Visual Studio WebDeploy publish.
There are three possible solutions or workarounds (the 3rd is what I used):
1) Update the server to use WebDeploy 3.0.
I haven’t tested but harshmittal mentioned above that V3 beta has a fix for this.
2) Fix the ACLs on the site:
The kicker is that for WebDeploy v2.0 and earlier the folder above the site root needs to have proper permission for the WebDeploy setAcl assigned user. As an example, consider the case of WebsitePanel with the following structure: c:\HostingSpace\accountname\domain.com\wwwroot\.
It’s ‘domain.com’ that needs to have proper permissions assigned.
You would need to run the following:
icacls c:\HostingSpaces\accountname\domain.com\ /grant management_account:(OI)(CI)(Rc,S)
3) Update the Service Delegation rules
My situation today is for WebsitePanel which sets the permissions on ‘domain.com’ automatically. So I can’t use option #2 without applying code changes to WebsitePanel. Instead, there is another option.
If you used an identityType of CurrentUser for the setAcl provider then you can switch that to a SpecificUser which has permissions to the disk. In this case of WebsitePanel it does need to be an administrator on the server, but the user can be used for just this specific task to minimize the footprint.
Here’s the provider rule before:
<rule enabled="true" providers="setAcl" actions="*" path="{userScope}" pathType="PathPrefix">
<permissions>
<user name="*" isRole="false" accessType="Allow" />
</permissions>
<runAs identityType="CurrentUser" />
</rule>
And here’s the rule afterward
<rule enabled="true" providers="setAcl" actions="*" path="{userScope}" pathType="PathPrefix">
<permissions>
<user name="*" isRole="false" accessType="Allow" />
</permissions>
<runAs identityType="SpecificUser" userName="iisAclUser" password="[enc:….=:enc]" />
</rule>
You can set the password using Management Service Delegation at the server level in IIS Manager.
Microsoft MVP - IIS
Vaasnet
www.vaasnet.com
GrZeCh
64 Posts
Re: BUG – Permissions removed from an application root folder
Apr 20, 2012 09:51 AM|LINK
WebDeploy 3 RC has just been released:
http://blogs.iis.net/msdeploy/archive/2012/04/19/announcing-web-deploy-3-0-release-candidate.aspx
Maybe our problems will be solved
GrZeCh
64 Posts
Re: BUG – Permissions removed from an application root folder
Apr 23, 2012 01:08 PM|LINK
According to readme from WebDeploy v3RC:
http://learn.iis.net/page.aspx/1276/microsoft-web-deploy-v3-readme/
this issue has been fixed:
"Change: In some cases Web Deploy publishing removed inherited permissions on root folder of site. Web Deploy V3 fixes this issue. "
Can someone confirm?