我在 Sites\Default
下部署到我的本地 IIS 服务器的 Web 应用程序,它工作正常,现在我想让它更安全 - 我想加密连接字符串和 appSettings。
在 pubxml 文件中,我添加了这一行:
<MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule>
但这只会加密连接字符串。
我知道我可以手动调用:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
部署后在我的服务器上加密包含 appSettings 的外部文件,但我必须手动执行此操作。
我的问题是如何从 Visual Studio(构建 > 发布)部署网站并拥有该
aspnet_regiis
发布成功后自动执行命令。我found information我可以使用
runcommand
和 other about bat files ,但我不是从命令行调用 MSDeploy。我还发现了我应该构建自定义提供程序并从 MSDeploy 调用它的信息。
我应该如何编辑我的 pubxml 文件以获得这种行为?
编辑 1:
我已经成功上钩
After Deploy
目标使用:<Target Name="EncryptAppSettings" AfterTargets="MSDeployPublish" >
<Message Text="Encrypting appSettings" />
<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />
<Message Text="AppPath: $(DeployIisAppPath)" />
</Target>
但现在我收到这个错误:
The command "aspnet_regiis -pe "appSettings" -site Default -app "/"" exited with code 9009.
编辑2:
我试过像这样使用 runCommand:
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>aspnet_regiis -pe "appSettings" -site Default -app "/"</path>
<waitInterval>10000</waitInterval>
<AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>
</MsDeploySourceManifest>
</ItemGroup>
但我没有运气。 I found blog关于 postSync:runCommand,但我想直接从 VS 调用它,所以我想将它添加到发布配置文件中。
EDIT3:
我在下面添加我的发布配置文件:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish />
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<MSDeployServiceURL>192.168.5.50</MSDeployServiceURL>
<DeployIisAppPath>Default</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>False</SkipExtraFilesOnServer>
<MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
<EnableMSDeployBackup>True</EnableMSDeployBackup>
<MSDeployEnableWebConfigEncryptRule>True</MSDeployEnableWebConfigEncryptRule>
<UserName>LocalAdmin</UserName>
<_SavePWD>True</_SavePWD>
<PublishDatabaseSettings>
<Objects xmlns="">
<ObjectGroup Name="ApplicationDbContext" Order="1" Enabled="False">
<Destination Path="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;Application Name=EntityFramework" Name="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework" />
<Object Type="DbCodeFirst">
<Source Path="DBContext" DbContext="Api.ApplicationDbContext, Api" Origin="Configuration" />
</Object>
</ObjectGroup>
</Objects>
</PublishDatabaseSettings>
</PropertyGroup>
<PropertyGroup>
<UseMsdeployExe>true</UseMsdeployExe>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
</PropertyGroup>
<ItemGroup>
<MSDeployParameterValue Include="$(DeployParameterPrefix)ApplicationDbContext-Web.config Connection String">
<ParameterValue>metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework"</ParameterValue>
</MSDeployParameterValue>
</ItemGroup>
<!--<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<Path>dir</Path>
</MsDeploySourceManifest>
</ItemGroup>-->
<!--<Target Name="EncryptImportantSettings" AfterTargets="MSDeployPublish" >
<Message Text="Encrypting appSettings" />
--><!--<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />--><!--
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>dir/b >> C:\temp\log.txt</path>
--><!--<waitInterval>10000</waitInterval>--><!--
--><!--<AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>--><!--
</MsDeploySourceManifest>
</ItemGroup>
<Message Text="AppPath: $(DeployIisAppPath)" />
</Target>-->
</Project>
我注意到,当我使用 MSDeploy 时,我可以看到在发布期间执行的命令:
"C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:manifest='D:\GameBit\API\obj\Release\Package\API.SourceManifest.xml' -dest:auto,ComputerName="https://192.168.5.50:8172/msdeploy.axd?site=Default",UserName='LocalAdmin',Password="MyRealPassword",IncludeAcls='False',AuthType='Basic' -verb:sync -enableRule:EncryptWebConfig -enableRule:EncryptWebConfig -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"D:\GameBit\API\obj\Release\Package\API.Publish.Parameters.xml" -allowUntrusted -retryAttempts=2 -userAgent="VS12.0:PublishDialog:WTE12.5.60612.0"
我可以加
-postSync:runCommand=""
从发布配置文件到该命令?如 I found on MS site此参数允许在目标机器上执行命令。编辑4:
我找到了关于Web Deploy Operation Settings的信息和postSync设置,但我不知道在哪里设置,我不想编辑
Microsoft.Web.Publishing.targets
从 MSBuild 文件夹发布成功后我需要在远程机器上执行命令。
最佳答案
在完成所有编辑和我的一些研究后,您希望在从 Visual Studio 发布后执行以下命令
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
如果我理解正确,您可以尝试包装
ItemGroup
在与 AfterTargets
的目标中设置为 AddIisSettingAndFileContentsToSourceManifest
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
//here would be your path that need to run after the publish
</MsDeploySourceManifest>
</ItemGroup>
</Target>
因此,在您的情况下,这就是该部分的外观:
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
<ItemGroup>
<MsDeploySourceManifest Include="runCommand">
<path>C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site $(DeployIisAppPath) -app "/"</path>
</MsDeploySourceManifest>
</ItemGroup>
</Target>
附加信息:
AddIisSettingAndFileContentsToSourceManifest
target 正好在 Web Deploy 将文件从本地复制到服务器之前工作。 <target>
中运行节点来自 <Exec>
. 例如:
<Exec Command="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef connectionStrings $(ProjectDir)obj\Debug\Package\PackageTmp" WorkingDirectory="$(publishUrl)" />
关于asp.net - 从 Visual Studio 发布并使用 aspnet_regiis 自动加密 appSettings,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38693113/