從 Visual Studio 發布並使用 aspnet_regiis 自動加密 appSettings
我有一個部署到我的本地 IIS 伺服器下的 Web 應用程序
Sites\Default,它工作正常,現在我想讓它更安全 - 我想加密連接字元串和 appSettings。在 pubxml 文件中,我添加了這一行:
<MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule>但這只會加密連接字元串。我知道我可以手動呼叫:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"部署後在我的伺服器上加密包含 appSettings 的外部文件,但我必須手動執行此操作。
我的問題是如何從 Visual Studio(建構 > 發布)部署網站並
aspnet_regiis在發布成功後自動執行該命令。我找到了我可以使用的資訊
runcommand和其他關於 bat 文件的資訊,但我沒有從命令行呼叫 MSDeploy。我還發現了我應該建構自定義提供程序並從 MSDeploy 呼叫它的資訊。
我應該如何編輯我的 pubxml 文件來獲得這種行為?
EDIT1:
我設法
After Deploy使用以下方法掛鉤目標:<Target Name="EncryptAppSettings" AfterTargets="MSDeployPublish" > <Message Text="Encrypting appSettings" /> <Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" /> <Message Text="AppPath: $(DeployIisAppPath)" /> </Target>但現在我得到這個錯誤:
命令 “aspnet_regiis -pe “appSettings” -site Default -app “/”” 以程式碼 9009 退出。
EDIT2:
我試過像這樣使用runCommand:
<ItemGroup> <MsDeploySourceManifest Include="runCommand"> <path>aspnet_regiis -pe "appSettings" -site Default -app "/"</path> <waitInterval>10000</waitInterval> <AdditionalProviderSettings>waitInterval</AdditionalProviderSettings> </MsDeploySourceManifest> </ItemGroup>但我沒有運氣。我找到了關於 postSync:runCommand 的部落格,但我想直接從 VS 呼叫它,所以我想將它添加到發布配置文件中。
EDIT3:
我在下面添加我的發布配置文件:
<?xml version="1.0" encoding="utf-8"?> <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <PropertyGroup> <WebPublishMethod>MSDeploy</WebPublishMethod> <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration> <LastUsedPlatform>Any CPU</LastUsedPlatform> <SiteUrlToLaunchAfterPublish /> <LaunchSiteAfterPublish>True</LaunchSiteAfterPublish> <ExcludeApp_Data>False</ExcludeApp_Data> <MSDeployServiceURL>192.168.5.50</MSDeployServiceURL> <DeployIisAppPath>Default</DeployIisAppPath> <RemoteSitePhysicalPath /> <SkipExtraFilesOnServer>False</SkipExtraFilesOnServer> <MSDeployPublishMethod>WMSVC</MSDeployPublishMethod> <EnableMSDeployBackup>True</EnableMSDeployBackup> <MSDeployEnableWebConfigEncryptRule>True</MSDeployEnableWebConfigEncryptRule> <UserName>LocalAdmin</UserName> <_SavePWD>True</_SavePWD> <PublishDatabaseSettings> <Objects xmlns=""> <ObjectGroup Name="ApplicationDbContext" Order="1" Enabled="False"> <Destination Path="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;Application Name=EntityFramework" Name="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework" /> <Object Type="DbCodeFirst"> <Source Path="DBContext" DbContext="Api.ApplicationDbContext, Api" Origin="Configuration" /> </Object> </ObjectGroup> </Objects> </PublishDatabaseSettings> </PropertyGroup> <PropertyGroup> <UseMsdeployExe>true</UseMsdeployExe> <AllowUntrustedCertificate>True</AllowUntrustedCertificate> </PropertyGroup> <ItemGroup> <MSDeployParameterValue Include="$(DeployParameterPrefix)ApplicationDbContext-Web.config Connection String"> <ParameterValue>metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework"</ParameterValue> </MSDeployParameterValue> </ItemGroup> <!--<ItemGroup> <MsDeploySourceManifest Include="runCommand"> <Path>dir</Path> </MsDeploySourceManifest> </ItemGroup>--> <!--<Target Name="EncryptImportantSettings" AfterTargets="MSDeployPublish" > <Message Text="Encrypting appSettings" /> --><!--<Exec Command="aspnet_regiis -pe "appSettings" -site Default -app "/"" />--><!-- <ItemGroup> <MsDeploySourceManifest Include="runCommand"> <path>dir/b >> C:\temp\log.txt</path> --><!--<waitInterval>10000</waitInterval>--><!-- --><!--<AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>--><!-- </MsDeploySourceManifest> </ItemGroup> <Message Text="AppPath: $(DeployIisAppPath)" /> </Target>--> </Project>我注意到,當我使用 MSDeploy 時,我可以看到在發布期間執行的命令:
“C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe” -source:manifest=‘D:\GameBit\API\obj\Release\Package\API.SourceManifest.xml’ -dest:auto ,ComputerName=“https://192.168.5.50:8172/msdeploy.axd?site=Default”,UserName=‘LocalAdmin’,Password=“MyRealPassword”,IncludeAcls=‘False’,AuthType=‘Basic’ -verb:sync -enableRule:EncryptWebConfig -enableRule:EncryptWebConfig -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:“D:\GameBit\API\obj\Release\Package\API.Publish.Parameters.xml” -allowUntrusted -retryAttempts= 2 -userAgent=“VS12.0:PublishDialog:WTE12.5.60612.0”
我可以
-postSync:runCommand=""從發布配置文件添加到該命令嗎?正如我在 MS 站點上發現的,這個參數允許在目標機器上執行命令。EDIT4:
我找到了有關Web Deploy Operation Settings和 postSync 設置的資訊,但我不知道在哪裡設置,我不想
Microsoft.Web.Publishing.targets從 MSBuild 文件夾中進行編輯發布成功後,我需要在遠端機器上執行命令。
經過您的所有編輯和我的一些研究後,您希望在從 Visual Studio 發布後執行以下命令
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"
ItemGroup如果我理解正確,您可以嘗試將目標 包裝為AfterTargets設置為AddIisSettingAndFileContentsToSourceManifest<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest"> <ItemGroup> <MsDeploySourceManifest Include="runCommand"> //here would be your path that need to run after the publish </MsDeploySourceManifest> </ItemGroup> </Target>因此,在您的情況下,這就是該部分的外觀:
<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest"> <ItemGroup> <MsDeploySourceManifest Include="runCommand"> <path>C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site $(DeployIisAppPath) -app "/"</path> </MsDeploySourceManifest> </ItemGroup> </Target>附加資訊:
AddIisSettingAndFileContentsToSourceManifest目標在 Web Deploy 將文件從本地複製到伺服器之前工作。- aspnet_regiis 可以在
<target>node by中執行<Exec>。前任:
<Exec Command="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef connectionStrings $(ProjectDir)obj\Debug\Package\PackageTmp" WorkingDirectory="$(publishUrl)" />