从 Visual Studio 发布并使用 aspnet_regiis 自动加密 appSettings
Publish from Visual Studio and automatically encrypt appSettings using aspnet_regiis
我在 Sites\Default 下将 Web 应用程序部署到我的本地 IIS 服务器,它工作正常,现在我想让它更安全 - 我想加密连接字符串和 appSettings。
在 pubxml 文件中,我添加了这一行:
<MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule>
但这只会加密连接字符串。
我知道我可以手动调用:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
部署后在我的服务器上加密包含 appSettings 的外部文件,但我必须手动执行此操作。
我的问题是如何从 Visual Studio 部署网站(构建 > 发布)并让 aspnet_regiis 命令在发布成功后自动执行。
我 found information that I could use runcommand and other about bat files,但我不是从命令行调用 MSDeploy。
我还找到了我应该构建自定义提供程序并从 MSDeploy 调用它的信息。
我应该如何编辑我的 pubxml 文件以获得此行为?
编辑 1:
我已经设法挂钩 After Deploy 目标使用:
<Target Name="EncryptAppSettings" AfterTargets="MSDeployPublish" >
<Message Text="Encrypting appSettings" />
<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />
<Message Text="AppPath: $(DeployIisAppPath)" />
</Target>
但现在我得到这个错误:
The command "aspnet_regiis -pe "appSettings" -site Default -app "/""
exited with code 9009.
编辑2:
我试过像这样使用 runCommand:
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>aspnet_regiis -pe "appSettings" -site Default -app "/"</path>
<waitInterval>10000</waitInterval>
<AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>
</MsDeploySourceManifest>
</ItemGroup>
但我运气不好。 I found blog 关于 postSync:runCommand,但我想直接从 VS 调用它,所以我想将其添加到发布配置文件中。
编辑3:
我在下面添加我的发布配置文件:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish />
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<MSDeployServiceURL>192.168.5.50</MSDeployServiceURL>
<DeployIisAppPath>Default</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>False</SkipExtraFilesOnServer>
<MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
<EnableMSDeployBackup>True</EnableMSDeployBackup>
<MSDeployEnableWebConfigEncryptRule>True</MSDeployEnableWebConfigEncryptRule>
<UserName>LocalAdmin</UserName>
<_SavePWD>True</_SavePWD>
<PublishDatabaseSettings>
<Objects xmlns="">
<ObjectGroup Name="ApplicationDbContext" Order="1" Enabled="False">
<Destination Path="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;Application Name=EntityFramework" Name="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework" />
<Object Type="DbCodeFirst">
<Source Path="DBContext" DbContext="Api.ApplicationDbContext, Api" Origin="Configuration" />
</Object>
</ObjectGroup>
</Objects>
</PublishDatabaseSettings>
</PropertyGroup>
<PropertyGroup>
<UseMsdeployExe>true</UseMsdeployExe>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
</PropertyGroup>
<ItemGroup>
<MSDeployParameterValue Include="$(DeployParameterPrefix)ApplicationDbContext-Web.config Connection String">
<ParameterValue>metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework"</ParameterValue>
</MSDeployParameterValue>
</ItemGroup>
<!--<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<Path>dir</Path>
</MsDeploySourceManifest>
</ItemGroup>-->
<!--<Target Name="EncryptImportantSettings" AfterTargets="MSDeployPublish" >
<Message Text="Encrypting appSettings" />
--><!--<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />--><!--
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>dir/b >> C:\temp\log.txt</path>
--><!--<waitInterval>10000</waitInterval>--><!--
--><!--<AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>--><!--
</MsDeploySourceManifest>
</ItemGroup>
<Message Text="AppPath: $(DeployIisAppPath)" />
</Target>-->
</Project>
我注意到,当我使用 MSDeploy 时,我可以看到在发布期间执行的命令:
"C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe"
-source:manifest='D:\GameBit\API\obj\Release\Package\API.SourceManifest.xml'
-dest:auto,ComputerName="https://192.168.5.50:8172/msdeploy.axd?site=Default",UserName='LocalAdmin',Password="MyRealPassword",IncludeAcls='False',AuthType='Basic'
-verb:sync -enableRule:EncryptWebConfig -enableRule:EncryptWebConfig -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"D:\GameBit\API\obj\Release\Package\API.Publish.Parameters.xml"
-allowUntrusted -retryAttempts=2 -userAgent="VS12.0:PublishDialog:WTE12.5.60612.0"
我可以从发布配置文件向该命令添加 -postSync:runCommand="" 吗?由于 I found on MS site 此参数允许在目标机器上执行命令。
编辑4:
我找到了有关 Web Deploy Operation Settings 和 postSync 设置的信息,但我不知道在哪里设置它,我不想从 MSBuild 文件夹
编辑 Microsoft.Web.Publishing.targets
发布成功后我需要在远程机器上执行命令。
在完成所有编辑和我的一些研究后,您想在 Visual Studio
发布后执行以下命令
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
如果我理解正确,您可以尝试将 ItemGroup 包装在 AfterTargets 设置为 AddIisSettingAndFileContentsToSourceManifest
的目标中
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
//here would be your path that need to run after the publish
</MsDeploySourceManifest>
</ItemGroup>
</Target>
所以在你的情况下,这部分应该是这样的:
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site $(DeployIisAppPath) -app "/"</path>
</MsDeploySourceManifest>
</ItemGroup>
</Target>
附加信息:
AddIisSettingAndFileContentsToSourceManifest 目标在 Web Deploy 将文件从本地复制到服务器之前就可以正常工作。 - aspnet_regiis 可以在
<target> 节点中被 <Exec> 运行。
例如:
<Exec Command="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef connectionStrings $(ProjectDir)obj\Debug\Package\PackageTmp" WorkingDirectory="$(publishUrl)" />
我在 Sites\Default 下将 Web 应用程序部署到我的本地 IIS 服务器,它工作正常,现在我想让它更安全 - 我想加密连接字符串和 appSettings。
在 pubxml 文件中,我添加了这一行:
<MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule>
但这只会加密连接字符串。 我知道我可以手动调用:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
部署后在我的服务器上加密包含 appSettings 的外部文件,但我必须手动执行此操作。
我的问题是如何从 Visual Studio 部署网站(构建 > 发布)并让 aspnet_regiis 命令在发布成功后自动执行。
我 found information that I could use runcommand and other about bat files,但我不是从命令行调用 MSDeploy。
我还找到了我应该构建自定义提供程序并从 MSDeploy 调用它的信息。
我应该如何编辑我的 pubxml 文件以获得此行为?
编辑 1:
我已经设法挂钩 After Deploy 目标使用:
<Target Name="EncryptAppSettings" AfterTargets="MSDeployPublish" >
<Message Text="Encrypting appSettings" />
<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />
<Message Text="AppPath: $(DeployIisAppPath)" />
</Target>
但现在我得到这个错误:
The command "aspnet_regiis -pe "appSettings" -site Default -app "/"" exited with code 9009.
编辑2:
我试过像这样使用 runCommand:
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>aspnet_regiis -pe "appSettings" -site Default -app "/"</path>
<waitInterval>10000</waitInterval>
<AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>
</MsDeploySourceManifest>
</ItemGroup>
但我运气不好。 I found blog 关于 postSync:runCommand,但我想直接从 VS 调用它,所以我想将其添加到发布配置文件中。
编辑3:
我在下面添加我的发布配置文件:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish />
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<MSDeployServiceURL>192.168.5.50</MSDeployServiceURL>
<DeployIisAppPath>Default</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>False</SkipExtraFilesOnServer>
<MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
<EnableMSDeployBackup>True</EnableMSDeployBackup>
<MSDeployEnableWebConfigEncryptRule>True</MSDeployEnableWebConfigEncryptRule>
<UserName>LocalAdmin</UserName>
<_SavePWD>True</_SavePWD>
<PublishDatabaseSettings>
<Objects xmlns="">
<ObjectGroup Name="ApplicationDbContext" Order="1" Enabled="False">
<Destination Path="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;Application Name=EntityFramework" Name="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework" />
<Object Type="DbCodeFirst">
<Source Path="DBContext" DbContext="Api.ApplicationDbContext, Api" Origin="Configuration" />
</Object>
</ObjectGroup>
</Objects>
</PublishDatabaseSettings>
</PropertyGroup>
<PropertyGroup>
<UseMsdeployExe>true</UseMsdeployExe>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
</PropertyGroup>
<ItemGroup>
<MSDeployParameterValue Include="$(DeployParameterPrefix)ApplicationDbContext-Web.config Connection String">
<ParameterValue>metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework"</ParameterValue>
</MSDeployParameterValue>
</ItemGroup>
<!--<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<Path>dir</Path>
</MsDeploySourceManifest>
</ItemGroup>-->
<!--<Target Name="EncryptImportantSettings" AfterTargets="MSDeployPublish" >
<Message Text="Encrypting appSettings" />
--><!--<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />--><!--
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>dir/b >> C:\temp\log.txt</path>
--><!--<waitInterval>10000</waitInterval>--><!--
--><!--<AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>--><!--
</MsDeploySourceManifest>
</ItemGroup>
<Message Text="AppPath: $(DeployIisAppPath)" />
</Target>-->
</Project>
我注意到,当我使用 MSDeploy 时,我可以看到在发布期间执行的命令:
"C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:manifest='D:\GameBit\API\obj\Release\Package\API.SourceManifest.xml' -dest:auto,ComputerName="https://192.168.5.50:8172/msdeploy.axd?site=Default",UserName='LocalAdmin',Password="MyRealPassword",IncludeAcls='False',AuthType='Basic' -verb:sync -enableRule:EncryptWebConfig -enableRule:EncryptWebConfig -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"D:\GameBit\API\obj\Release\Package\API.Publish.Parameters.xml" -allowUntrusted -retryAttempts=2 -userAgent="VS12.0:PublishDialog:WTE12.5.60612.0"
我可以从发布配置文件向该命令添加 -postSync:runCommand="" 吗?由于 I found on MS site 此参数允许在目标机器上执行命令。
编辑4:
我找到了有关 Web Deploy Operation Settings 和 postSync 设置的信息,但我不知道在哪里设置它,我不想从 MSBuild 文件夹
Microsoft.Web.Publishing.targets
发布成功后我需要在远程机器上执行命令。
在完成所有编辑和我的一些研究后,您想在 Visual Studio
发布后执行以下命令C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
如果我理解正确,您可以尝试将 ItemGroup 包装在 AfterTargets 设置为 AddIisSettingAndFileContentsToSourceManifest
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
//here would be your path that need to run after the publish
</MsDeploySourceManifest>
</ItemGroup>
</Target>
所以在你的情况下,这部分应该是这样的:
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site $(DeployIisAppPath) -app "/"</path>
</MsDeploySourceManifest>
</ItemGroup>
</Target>
附加信息:
AddIisSettingAndFileContentsToSourceManifest目标在 Web Deploy 将文件从本地复制到服务器之前就可以正常工作。- aspnet_regiis 可以在
<target>节点中被<Exec>运行。
例如:
<Exec Command="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef connectionStrings $(ProjectDir)obj\Debug\Package\PackageTmp" WorkingDirectory="$(publishUrl)" />