IIS 应用程序池标识权限在每个 Visual Studio 应用发布时重置
IIS Application Pool Identity permissions reset on every Visual Studio app Publish
按照this questions中的说明,我可以成功更改应用程序池标识的权限
但是,在我发布网络应用后...
应用程序池标识已重置为只读
即使在重新发布 Web 应用程序后,我如何才能授予应用程序池标识完全权限?如果我授予 IUSR 完全权限,同样的行为也会发生。
据我所知,如果您使用来自 Visual Studio 的 Web 部署,发布将覆盖服务器上的 ACL,方法是将它们清除为父级的继承默认值。
避免每次发布 Web 应用程序时都更新 ACL。
您可以尝试在 PublishProfiles 的 pubxml 中添加以下命令。
<IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>
详情发布个人资料如下:
<?xml version="1.0" encoding="utf-8"?>
<!--
This file is used by the publish/package process of your Web project. You can customize the behavior of this process
by editing this MSBuild file. In order to learn more about this please visit https://go.microsoft.com/fwlink/?LinkID=208121.
-->
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish />
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<MSDeployServiceURL>http://localhost:9825/</MSDeployServiceURL>
<DeployIisAppPath>WebFormApplication</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
<MSDeployPublishMethod>InProc</MSDeployPublishMethod>
<EnableMSDeployBackup>False</EnableMSDeployBackup>
<UserName />
<_SavePWD>False</_SavePWD>
<IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>
<PublishDatabaseSettings>
<Objects xmlns="">
<ObjectGroup Name="DefaultConnection" Order="1" Enabled="False">
<Destination Path="" />
<Object Type="DbCodeFirst">
<Source Path="DBContext" DbContext="WebFromIdentityTest.Models.ApplicationDbContext, WebFromIdentityTest" Origin="Configuration" />
</Object>
</ObjectGroup>
</Objects>
</PublishDatabaseSettings>
</PropertyGroup>
<ItemGroup>
<MSDeployParameterValue Include="$(DeployParameterPrefix)DefaultConnection-Web.config Connection String" />
</ItemGroup>
</Project>
然后你会发现发布应用后权限不会改变
按照this questions中的说明,我可以成功更改应用程序池标识的权限
但是,在我发布网络应用后...
应用程序池标识已重置为只读
即使在重新发布 Web 应用程序后,我如何才能授予应用程序池标识完全权限?如果我授予 IUSR 完全权限,同样的行为也会发生。
据我所知,如果您使用来自 Visual Studio 的 Web 部署,发布将覆盖服务器上的 ACL,方法是将它们清除为父级的继承默认值。
避免每次发布 Web 应用程序时都更新 ACL。
您可以尝试在 PublishProfiles 的 pubxml 中添加以下命令。
<IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>
详情发布个人资料如下:
<?xml version="1.0" encoding="utf-8"?>
<!--
This file is used by the publish/package process of your Web project. You can customize the behavior of this process
by editing this MSBuild file. In order to learn more about this please visit https://go.microsoft.com/fwlink/?LinkID=208121.
-->
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish />
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<MSDeployServiceURL>http://localhost:9825/</MSDeployServiceURL>
<DeployIisAppPath>WebFormApplication</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
<MSDeployPublishMethod>InProc</MSDeployPublishMethod>
<EnableMSDeployBackup>False</EnableMSDeployBackup>
<UserName />
<_SavePWD>False</_SavePWD>
<IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>
<PublishDatabaseSettings>
<Objects xmlns="">
<ObjectGroup Name="DefaultConnection" Order="1" Enabled="False">
<Destination Path="" />
<Object Type="DbCodeFirst">
<Source Path="DBContext" DbContext="WebFromIdentityTest.Models.ApplicationDbContext, WebFromIdentityTest" Origin="Configuration" />
</Object>
</ObjectGroup>
</Objects>
</PublishDatabaseSettings>
</PropertyGroup>
<ItemGroup>
<MSDeployParameterValue Include="$(DeployParameterPrefix)DefaultConnection-Web.config Connection String" />
</ItemGroup>
</Project>
然后你会发现发布应用后权限不会改变