Prevent Visual Studio 2010/12 and Web Deploy From Changing ACLs
Posted by Phil (Netcetera) on 26 February 2013 02:52 PM

Microsoft Visual Studio and Web Matrix both support a new way to publish your website, using Microsoft's Web Deploy.

Our Shared Hosting supports Web Deploy which can be enabled by editing your websites settings in your WebsitePanel Control Panel.

Once Web Deploy is enabled for your website you are able to publish your application through Web Deploy, however before you do, you need to update your publish settings so prevent the publishing of ACL's which will over write the server permissions.

By default Web Deploy sets the ACL of the sites anonymous user to read only while also overwriting Control Panel access to your website.

To prevent this when you publish your application, you will need to update your Visual Studio project configuration file to prevent the publishing of ACL permissions.

For Visual Studio 2010:

There are project-level properties for everything we do in VS to publish or create a deployment package. To disable setting ACLs, you can do either of these:

1) Edit the .csproj file and set  <IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>

2) msbuild.exe myproject.csproj /p:IncludeSetAclProviderOnDestination=False


Secondly you need to determine what your configuration and platform are for the project.  To do that, right click your project in Visual Studio 2010 and select Package/Publish Settings.   Look at the Configuration: and Platform: drop downs.  In my example below they are set to Release and Any CPU. 

Look for the following line in the project file:
<propertygroup condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' "></propertygroup>
Scroll down to the closing tag of:
Add a new line right above it and put the following there:
Save your project file.  The next time you publish your project, it won't make any ACL changes on the remote server and all your existing NTFS permissions will remain intact.
For Visual Studio 2012

By default we will call the Web Deploy SetAcl provider on the App_Data folder, this behavior is controlled by an MSBuild property, IncludeSetAclProviderOnDestination. The default value for this property is true in %ProgramFiles32%\MSBuild\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets. If you want to prevent the SetAcl provider from being called you can just set this property to false when publishing. In order to do this follow these steps.

  1. In the same directory as your project create a file with the name {ProjectName}.wpp.targets (where {ProjectName} is the name of your Web application project)
  2. Inside the file paste the MSBuild content which is below this list
  3. Reload the project in Visual Studio (VS caches the project files in memory so this cache needs to be cleared).


<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="">
Inside of this file you can see that I'm declaring that property and setting it's value to False. After you have this file it will automatically be picked up by our publishing process, both from Visual Studio as well as any publish operations from the command line

(10 vote(s))
Not helpful

Comments (3)
Andrew Allen
15 February 2015 09:51 PM
This also works for VS2013 please update to add details for VS2013 This should really be added to the enable web publishing pages in the control panel. It has got me twice now and is a right pain ...
Javier Justiniano
30 November 2015 03:42 PM
The way to vs 2012 also works for 2013
I just checked
Rasmus Eeg
08 October 2015 07:57 AM
This works in VS2015, thansk alot!
Post a new comment
Full Name: