通過MSBuild在Web部署期間設置ACL

Question

我有一個在TeamCity中運行的主要工作的Web構建和部署配置，基本上使用MSBuild自動將站點部署到Web服務器。默認情況下，MSDeploy在目標服務器上將所有內容設置爲Readonly，並且我需要AppPool標識具有對一個文件夾的寫入權限。

我找到了an article by Kevin leetham，讓我有90％的方式。凱文介紹瞭如何可以掛接到網絡的MSBuild通過創建一個名爲ProjectName.wpp.targets文件發佈管道，沿着這些線路：

<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> 
    <PropertyGroup> 
    <!--Extends the AfterAddIisSettingAndFileContentsToSourceManifest action do also set ACLs --> 

    <IncludeCustomACLs>TRUE</IncludeCustomACLs> 

    <AfterAddIisSettingAndFileContentsToSourceManifest Condition="'$(AfterAddIisSettingAndFileContentsToSourceManifest)'==''"> 
     $(AfterAddIisSettingAndFileContentsToSourceManifest); 
     SetCustomACLs; 
    </AfterAddIisSettingAndFileContentsToSourceManifest> 
    </PropertyGroup> 
    <Target Name="SetCustomACLs" Condition="'$(IncludeCustomACLs)'=='TRUE'"> 
    <Message Text="Adding Custom ACls" /> 
    <ItemGroup> 
     <!-- Ensure the AppPool identity has write access to the Files directory --> 
     <MsDeploySourceManifest Include="setAcl" Condition="$(IncludeSetAclProviderOnDestination)"> 
     <Path>$(_MSDeployDirPath_FullPath)\files</Path> 
     <setAclAccess>Read,Write,Modify</setAclAccess> 
     <setAclResourceType>Directory</setAclResourceType> 
     <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings> 
     </MsDeploySourceManifest> 
    </ItemGroup> 
    </Target> 
</Project> 

這是等近工作，它讓我發瘋了。 ACL被添加到清單中，但問題是它會根據構建位置生成絕對路徑，而不是相對於目標服務器上的IIS Web應用程序。生成的清單出來是這樣的（有些名稱已更改爲保護無辜者）：

<?xml version="1.0" encoding="utf-8"?> 
<sitemanifest> 
    <IisApp path="C:\SolutionPath\IisWebAppName\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp" managedRuntimeVersion="v4.0" /> 
    <setAcl path="C:\SolutionPath\IisWebAppName\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp" setAclResourceType="Directory" /> 
    <setAcl path="C:\SolutionPath\IisWebAppName\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp" setAclUser="anonymousAuthenticationUser" setAclResourceType="Directory" /> 
    <setAcl path="C:\SolutionPath\IisWebAppName\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp\files" setAclResourceType="Directory" setAclAccess="Read,Write,Modify" /> 
</sitemanifest> 

這實際上看起來是正確的，最後一行是從德wpp.targets文件我的自定義ACL。然而，MSDeploy將其發送至目標服務器時，這裏發生了什麼：

2>Start Web Deploy Publish the Application/package to https://webhostingprovider.biz:8172/msdeploy.axd?site=IisWebAppName ... 
2>Adding sitemanifest (sitemanifest). 
2>Adding ACL's for path (IisWebAppName) 
2>Adding ACL's for path (IisWebAppName) 
2>Adding ACL's for path (C:\SolutionPath\IisWebAppname\src\MyProjectName\obj\Release_Deploy\Package\PackageTmp\files) 
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v11.0\Web\Microsoft.Web.Publishing.targets(4377,5): Error ERROR_USER_NOT_AUTHORIZED_FOR_SETACL: Web deployment task failed. (Could not complete an operation with the specified provider ("setAcl") when connecting using the Web Management Service. This can occur if the server administrator has not authorized the user for this operation. setAcl http://go.microsoft.com/fwlink/?LinkId=178034

整個事情落在了我的自定義ACL路徑，它出來使用絕對路徑名稱，而不是到是相對IisWebAppName上。我無法弄清楚爲什麼！

請幫助:)

Answer 1

你需要創建一個ProviderPath參數與DefaultValue這需要它的使用{param name}語法另一個參數的值。

這裏有一個幫手我列入another question執行的所有操作：

<ItemDefinitionGroup> 
    <AdditionalAcls> 
    <AclAccess>Write</AclAccess> 
    <ResourceType>Directory</ResourceType> 
    </AdditionalAcls> 
</ItemDefinitionGroup> 

<PropertyGroup> 
    <AfterAddIisSettingAndFileContentsToSourceManifest> 
    $(AfterAddIisSettingAndFileContentsToSourceManifest); 
    AddAdditionalAclsToSourceManifest; 
    </AfterAddIisSettingAndFileContentsToSourceManifest> 
    <AfterAddIisAndContentDeclareParametersItems> 
    $(AfterAddIisAndContentDeclareParametersItems); 
    AddAdditionalAclsDeclareParameterItems 
    </AfterAddIisAndContentDeclareParametersItems> 
</PropertyGroup> 

<Target Name="AddAdditionalAclsToSourceManifest"> 
    <ItemGroup Condition="'@(AdditionalAcls)' != ''"> 
    <MsDeploySourceManifest Include="setAcl"> 
     <Path>$(_MSDeployDirPath_FullPath)\%(AdditionalAcls.Identity)</Path> 
     <setAclResourceType Condition="'%(AdditionalAcls.ResourceType)' != ''">%(AdditionalAcls.ResourceType)</setAclResourceType> 
     <setAclAccess>%(AdditionalAcls.AclAccess)</setAclAccess> 
     <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings> 
    </MsDeploySourceManifest> 
    </ItemGroup> 
</Target> 

<Target Name="AddAdditionalAclsDeclareParameterItems"> 
    <ItemGroup Condition="'@(AdditionalAcls)' != ''"> 
    <MsDeployDeclareParameters Include="Add %(AdditionalAcls.AclAccess) permission to %(AdditionalAcls.Identity) Folder"> 
     <Kind>ProviderPath</Kind> 
     <Scope>setAcl</Scope> 
     <Match>^$(_EscapeRegEx_MSDeployDirPath)\\@(AdditionalAcls)$</Match> 
     <Description>Add %(AdditionalAcls.AclAccess) permission to %(AdditionalAcls.Identity) Folder</Description> 
     <DefaultValue>{$(_MsDeployParameterNameForContentPath)}/@(AdditionalAcls)</DefaultValue> 
     <DestinationContentPath>$(_DestinationContentPath)/@(AdditionalAcls)</DestinationContentPath> 
     <Tags>Hidden</Tags> 
     <ExcludeFromSetParameter>True</ExcludeFromSetParameter> 
     <Priority>$(VsSetAclPriority)</Priority> 
    </MsDeployDeclareParameters> 
    </ItemGroup> 
</Target> 

可以通過聲明使用它：

<ItemGroup> 
    <AdditionalAcls Include="MyRelativeWritableDirectory" /> 
</ItemGroup> 

請注意，該方案目前只工作，如果你在路徑中不需要反斜槓（即，如果它只是一個根目錄）。如果您需要一個子目錄，則需要竊取我用於「SkipDeleteItems」的技巧（稍後在該答案中），將正則表達式轉義的路徑元數據添加到每個項目。