Knowledgebase
Prevent Visual Studio 2010/12 and Web Deploy From Changing ACLs
Posted by Phil (Netcetera) on 26 February 2013 02:52 PM

Microsoft Visual Studio and Web Matrix both support a new way to publish your website, using Microsoft's Web Deploy.

Our Shared Hosting supports Web Deploy which can be enabled by editing your websites settings in your WebsitePanel Control Panel.

Once Web Deploy is enabled for your website you are able to publish your application through Web Deploy, however before you do, you need to update your publish settings so prevent the publishing of ACL's which will over write the server permissions.

By default Web Deploy sets the ACL of the sites anonymous user to read only while also overwriting Control Panel access to your website.

To prevent this when you publish your application, you will need to update your Visual Studio project configuration file to prevent the publishing of ACL permissions.

For Visual Studio 2010:

There are project-level properties for everything we do in VS to publish or create a deployment package. To disable setting ACLs, you can do either of these:

1) Edit the .csproj file and set  <IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>

2) msbuild.exe myproject.csproj /p:IncludeSetAclProviderOnDestination=False

 

Secondly you need to determine what your configuration and platform are for the project.  To do that, right click your project in Visual Studio 2010 and select Package/Publish Settings.   Look at the Configuration: and Platform: drop downs.  In my example below they are set to Release and Any CPU. 

 
 
Look for the following line in the project file:
 
<propertygroup condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' "></propertygroup>
 
Scroll down to the closing tag of:
 
</propertygroup>
 
Add a new line right above it and put the following there:
 
<includesetaclproviderondestination>False</includesetaclproviderondestination>
 
Save your project file.  The next time you publish your project, it won't make any ACL changes on the remote server and all your existing NTFS permissions will remain intact.
For Visual Studio 2012

By default we will call the Web Deploy SetAcl provider on the App_Data folder, this behavior is controlled by an MSBuild property, IncludeSetAclProviderOnDestination. The default value for this property is true in %ProgramFiles32%\MSBuild\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets. If you want to prevent the SetAcl provider from being called you can just set this property to false when publishing. In order to do this follow these steps.

  1. In the same directory as your project create a file with the name {ProjectName}.wpp.targets (where {ProjectName} is the name of your Web application project)
  2. Inside the file paste the MSBuild content which is below this list
  3. Reload the project in Visual Studio (VS caches the project files in memory so this cache needs to be cleared).

{ProjectName}.wpp.targets

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <PropertyGroup>
    <IncludeSetAclProviderOnDestination>false</IncludeSetAclProviderOnDestination>
  </PropertyGroup>    
</Project>
Inside of this file you can see that I'm declaring that property and setting it's value to False. After you have this file it will automatically be picked up by our publishing process, both from Visual Studio as well as any publish operations from the command line

(2 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).