I have web application that is deployed to my local IIS server under Sites\Default
, it works fine and right now I want to make it more secure - I want to encrypt connection strings and appSettings.
Inside pubxml file I've added this line:
but that only encrypts connections strings. I know that I can manually call:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
on my server after deploy to encrypt external file containing appSettings, but I must do that manually.
My question is how can I deploy website from Visual Studio (Build > Publish) and have that aspnet_regiis
command execute automatically after publish succeeded.
I found information that I could use runcommand
and other about bat files, but I'm not calling MSDeploy from command line.
I've also found information that I should build custom provider and call it from MSDeploy.
How should I edit my pubxml file to get this behaviour?
I've managed to hook After Deploy
Target using:
<Target Name="EncryptAppSettings" AfterTargets="MSDeployPublish" >
<Message Text="Encrypting appSettings" />
<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />
<Message Text="AppPath: $(DeployIisAppPath)" />
But now I get this error:
The command "aspnet_regiis -pe "appSettings" -site Default -app "/"" exited with code 9009.
I've tried using runCommand like this:
<MsDeploySourceManifest Include="runCommand">
<path>aspnet_regiis -pe "appSettings" -site Default -app "/"</path>
but I had no luck. I found blog about postSync:runCommand, but I'd like to call that directly from VS so I'd like to add that to publish profile.
I'm adding my publish profile below:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish />
<RemoteSitePhysicalPath />
<Objects xmlns="">
<ObjectGroup Name="ApplicationDbContext" Order="1" Enabled="False">
<Destination Path="Data Source=;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;Application Name=EntityFramework" Name="Data Source=;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework" />
<Object Type="DbCodeFirst">
<Source Path="DBContext" DbContext="Api.ApplicationDbContext, Api" Origin="Configuration" />
<MSDeployParameterValue Include="$(DeployParameterPrefix)ApplicationDbContext-Web.config Connection String">
<ParameterValue>metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework"</ParameterValue>
<MsDeploySourceManifest Include="runCommand">
<!--<Target Name="EncryptImportantSettings" AfterTargets="MSDeployPublish" >
<Message Text="Encrypting appSettings" />
--><!--<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />--><!--
<MsDeploySourceManifest Include="runCommand">
<path>dir/b >> C:\temp\log.txt</path>
<Message Text="AppPath: $(DeployIisAppPath)" />
I've noticed that when I use MSDeploy I can see command that is executed during publish:
"C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:manifest='D:\GameBit\API\obj\Release\Package\API.SourceManifest.xml' -dest:auto,ComputerName="",UserName='LocalAdmin',Password="MyRealPassword",IncludeAcls='False',AuthType='Basic' -verb:sync -enableRule:EncryptWebConfig -enableRule:EncryptWebConfig -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"D:\GameBit\API\obj\Release\Package\API.Publish.Parameters.xml" -allowUntrusted -retryAttempts=2 -userAgent="VS12.0:PublishDialog:WTE12.5.60612.0"
Can I add -postSync:runCommand=""
to that command from publish profile? As I found on MS site this parameter allows to execute command on destination machine.
I found information about Web Deploy Operation Settings and postSync setting, but I don't know where to set it, I don't want to edit Microsoft.Web.Publishing.targets
from MSBuild folder
I need to execute command on remote machine after publish succeeded.
After going through your all edits and a bit of research from me , you want to execute the following command after the publish from the Visual Studio
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
If i understood right , You can try wrapping the ItemGroup
in a Target with AfterTargets
set to AddIisSettingAndFileContentsToSourceManifest
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
<MsDeploySourceManifest Include="runCommand">
//here would be your path that need to run after the publish
So in Your case this is how that part should look:
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
<MsDeploySourceManifest Include="runCommand">
<path>C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site $(DeployIisAppPath) -app "/"</path>
Additional Info:
target works justright before Web Deploy copying files from local to server. <target>
node by <Exec>
. Ex:
<Exec Command="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef connectionStrings $(ProjectDir)obj\Debug\Package\PackageTmp" WorkingDirectory="$(publishUrl)" />