Web Deploy and ACL Permissions Fix

Published: at 04:40 AM

Web Deploy is a fantastic tool for streamlining website deployments, allowing you to push updates from your development environment to your live server. However, when deploying using Web Deploy, the process might inadvertently reset file and folder permissions on your website to read-only. This can lead to errors and prevent your website from functioning correctly.

While you typically have full permissions on your website files, Web Deploy might have accidentally reset them. As a quick fix, simply set the required permissions. But then the issue will repeat itself when you deploy again.

Method 1: .wpp.targets File

Let’s create a .wpp.targets file in the root of your website. We’ll assume the folder which required write access is UserUploads. You can modify the path to match your needs.

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

  <Target Name="SetupCustomAcls" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">
    <ItemGroup>
      <MsDeploySourceManifest Include="setAcl">
        <Path>$(_MSDeployDirPath_FullPath)\UserUploads</Path>
        <setAclAccess>Read,Write</setAclAccess>
        <setAclResourceType>Directory</setAclResourceType>
        <AdditionalProviderSettings>setAclResourceType;setAclAccess</AdditionalProviderSettings>
      </MsDeploySourceManifest>
    </ItemGroup>
  </Target>

  <Target Name="DeclareCustomParameters" AfterTargets="AddIisAndContentDeclareParametersItems">
    <ItemGroup>
      <MsDeployDeclareParameters Include="UserUploadsSetAclParam">
        <Kind>ProviderPath</Kind>
        <Scope>setAcl</Scope>
        <Match>^$(_EscapeRegEx_MSDeployDirPath)\\UserUploads$</Match>
        <Description>Add write permission to the UserUploads folder.</Description>
        <DefaultValue>{$(_MsDeployParameterNameForContentPath)}/UserUploads</DefaultValue>
        <Value>$(_DestinationContentPath)/UserUploads</Value>
        <Tags>Hidden</Tags>
        <Priority>$(VsSetAclPriority)</Priority>
        <ExcludeFromSetParameter>True</ExcludeFromSetParameter>
      </MsDeployDeclareParameters>
    </ItemGroup>
  </Target>

</Project>

Method 2: Manifest.xml File

We’ll assume the folder which required write access is UserUploads. You can modify the path to match your needs.

<?xml version="1.0" encoding="utf-8" ?>
<msdeploy.iisApp>
  <iisApp path="ApplicationName" />
  <setAcl path="ApplicationName/UserUploads" setAclResourceType="Directory" setAclAccess="Write, ReadAndExecute" />
</msdeploy.iisApp>

Next, provide a hidden parameter to make sure the ACL gets applied.

<parameter name="SetAclParameterUserUploads" defaultValue="{AppPath}/UserUploads" tags="Hidden">
  <parameterEntry type="ProviderPath" scope="setAcl" match="Application/UserUploads" />
</parameter>
Previous Post
Python, Ruby and Node + PHP
Next Post
Old Tumblr Theme Template