I have an ASP MVC app that I'm deploying to intranet servers via TeamCity, and I need some appSettings to be parametrized on deploy, so that client secrets stay hidden from developers etc.
I have the Parameters.xml file in the root of my project, the SetParameters.xml that is built with the package correctly contains all these parameters and their default values. However changing these values (even passing them to MSDeploy with -setParam) doesn't result in any changes in deployed web.config.
When I change the values in the SetParameters.xml file (which is passed to MSDeploy correctly afaik), the settings in the deployed web.config don't change and while there are "Verbose: Parameter entry 'IIS Web Application Name/1' is applicable" entries in log (IIS Web Application Name being another, standard, parameter), there's no mention of my appSettings parameters.
Also When I import the application with IIS Manager, it asks me for the values for these parameters, but I don't see them mentioned in verbose logs either, and the web.config doesn't get updated at all unless there really were some changes, and in that case the parameters aren't replaced.
My parameters.xml look like this:
<?xml version="1.0" encoding="utf-8" ?>
<parameters>
<parameter name="PiwikToken" defaultValue="__PIWIKTOKEN__">
<parameterEntry type="XMLFile" scope="\\web\.config$" match="/configuration/appSettings/add[#key='PiwikToken']/#value"/>
</parameter>
<parameter name="LoginClientSecret" defaultValue="__LOGINSECRET__">
<parameterEntry type="XMLFile" scope="\\web\.config$" match="/configuration/appSettings/add[#key='LoginClientSecret']/#value"/>
</parameter>
<parameter name="SecondClientSecret" defaultValue="__SECONDSECRET__">
<parameterEntry type="XMLFile" scope="\\web\.config$" match="/configuration/appSettings/add[#key='SecondClientSecret']/#value"/>
</parameter>
</parameters>
I've tried other scope variations ("web.config$", "web.config", "\\web.config$", "\\web\.config$", "Portal\web.config$"...) and it didn't change a thing.
The XPath expressions tested against my web.config work OK.
web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="LoginClientId" value="portalLocal" />
<add key="RedirectAfterAuthUrl" value="https://localhost:44321/" />
<add key="PiwikSiteId" value="12" />
<add key="PiwikToken" value="__PIWIKTOKEN__" />
<add key="LoginClientSecret" value="__LOGINSECRET__" />
<add key="SecondClientSecret" value="__SECONDSECRET__" />
</appSettings>
<connectionStrings>
<add name="appDB" connectionString="..." />
</connectionStrings>
...
Other things I've checked:
Parametrization in MSDeploy is switched on
The file "parameters.xml", which is generated inside the .zip package, contains
<parameters>
<parameter name="IIS Web Application Name" defaultValue="Portal" tags="IisApp">
<parameterEntry kind="ProviderPath" scope="IisApp" match="^D:\\BuildAgent\\work\\fec2f9c37ed1ec8e\\Portal\\obj\\DEV\\Package\\PackageTmp$" />
<parameterEntry kind="ProviderPath" scope="setAcl" match="^D:\\BuildAgent\\work\\fec2f9c37ed1ec8e\\Portal\\obj\\DEV\\Package\\PackageTmp$" />
</parameter>
<parameter name="Add write permission to App_Data Folder" description="Add write permission to App_Data folder" defaultValue="{IIS Web Application Name}/App_Data" tags="Hidden">
<parameterEntry kind="ProviderPath" scope="setAcl" match="^D:\\BuildAgent\\work\\fec2f9c37ed1ec8e\\Portal\\obj\\DEV\\Package\\PackageTmp\\App_Data$" />
</parameter>
<parameter name="PiwikToken" defaultValue="__PIWIKTOKEN__" />
<parameter name="LoginClientSecret" defaultValue="__LOGINSECRET__" />
<parameter name="SecondClientSecret" defaultValue="__SECONDSECRET__" />
</parameters>
According to various sources across the net, the common cause for this would be that the scope is wrong or that the match regexp is wrong, but I've tried all kinds of variants without success.
If anyone has any ideas about what to try, or what could be the cause, I'll be glad to explore further or try it out, but right now I've spent a few days on this and cannot think of what else to try. Thanks!
EDIT: Now I've created a fresh WebAPI project with MVC, added just parameters.xml, added those parameters to web.config, and the web.config still doesn't get parametrized on deploy. So is it some IIS setting somewhere?
EDIT2: After experimenting I found out that the generated parameters.xml inside the zip package really should containt "match" and "scope" attributes and they don't - since when I rewrite the xml so that it contains parameterEntry with proper match and scope, and repackage it into the zip, it starts working.
EDIT3: And the problem seems to be having attribute named "type", when it should've been named "kind". Now I only wonder, where did I first get that example I used...
The problem was I had an attribute named "type" in my parameters.xml, when it should've been named "kind".
Found out thanks to https://forums.iis.net/t/1177518.aspx
Related
Our Azure Web App's applicationhost.config contains the desired server variables in <allowedServerVariables>, but we're still seeing the error message:
The server variable "HTTP_X_UNPROXIED_URL" is not allowed to be
set. Add the server variable name to the allowed server variable list.
(Viewed via Kudu) Assumed relevant section from D:\local\Config\applicationhost.config on the Azure Web App:
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_UNPROXIED_URL" />
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" />
<add name="HTTP_X_ORIGINAL_HOST" />
<add name="HTTP_ACCEPT_ENCODING" />
</allowedServerVariables>
<globalRules />
<outboundRules />
<providers />
<rewriteMaps />
<rules />
</rewrite>
HTTP_X_UNPROXIED_URL is there in the section "allowedServerVariables". Is the error message referring to some other location that also has to be edited?
I have this web.config file i place in the root of my project that is built by azure devops here:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\ManagementStudio.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout">
<environmentVariables>
<environmentVariable name="MS_CONNECTIONSTRING" value="" />
<environmentVariable name="CENTRAL_APPLICATION_SETTINGS" value="" />
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="" />
<environmentVariable name="MS_COOKIEEXPIRYTIMEINMINUTES" value="" />
<environmentVariable name="MS_STATICFILECACHEINSECONDS" value="" />
<environmentVariable name="MS_COOKIEDOMAIN" value="" />
</environmentVariables>
</aspNetCore>
</system.webServer>
</location>
</configuration>
I then set these bunch of variables in the release section:
ASPNETCORE_ENVIRONMENT
Development
CENTRAL_APPLICATION_SETTINGS
csa
CLOUDFRONT_DOMAIN
csd
MS_CONNECTIONSTRING
connstring
MS_COOKIEDOMAIN
dev.website.com
I set them as settable at release time.
In my IIS Web App Deploy, I ticked XML Variable Substitution.
However, it doesn't seem like any of my variables are changed at all.
Only the section appSettings, connectionStrings and applicationSettings are substitued (see the documentation), and section must contain configuration element with key or name like:
<connectionStrings>
<add name="MyDB" connectionString="..." />
</connectionStrings>
where you can define a variable MyDB to set the connection string
--Update--
For environmentVariables section you could test this suggestion from the documentation :
If you are looking to substitute values outside of these elements you
can use a (parameters.xml) file, however you will need to use a 3rd
party pipeline task to handle the variable substitution.
For the reason of why it does not be applied successfully, I agree with Troopers.
But, it does not mean you could not use environment variable anymore. If environment variable is the preferred choice you want, you can consider to use replace token task to achieve what you want.
For detailed used about this task, you can refer to my previous reply.
I recently added grial nuget packages to a xamarin solution.
It works fine locally but the build fails on mobile.azure.com.
I have used the nuget command line to add the new package source, including the credentials as a username / encrypted password.
It still breaks the build though, but this time with the error
"Data unprotection failed."
Has anyone come across this before, and do you have any possible solution?
thanks
You need to consider adding a nuget.config file. Below is an example that we used to include our Proget Feed.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageRestore>
<add key="enabled" value="true" />
<add key="automatic" value="true" />
</packageRestore>
<packageSources>
<add key="NRTH Proget" value="http://proget.nrth.com/nuget/nuget" />
</packageSources>
</configuration>
Just drop this file in the same folder as your solution (.sln) file.
elmah.mvc should work with mvc5 smoothly?
To rule out any other problem, I created a new Web mvc project (with VS2015).
I added with nuget the Elmah.mvc package, and the configuration looks like this:
<add key="elmah.mvc.disableHandler" value="false" />
<add key="elmah.mvc.disableHandleErrorFilter" value="false" />
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.IgnoreDefaultRoute" value="false" />
<add key="elmah.mvc.allowedRoles" value="super" />
<add key="elmah.mvc.allowedUsers" value="*" />
<add key="elmah.mvc.route" value="elmah" />
<add key="elmah.mvc.UserAuthCaseSensitive" value="true" />
From what I gathered documentation, that all that is needed to enable the user which have the super role, to access elmah page remotaly.
But when i publish to server, and i try access http://mysite/elmah page, if i not logged so I redicated to login page.
but after login as a user with the role requried, i get:
403 - Forbidden: Access is denied.
<elmah>
<security allowRemoteAccess="1"/>
</elmah>
It solved the problem (i.e: the elmha page accessible for user with the specified role). But that's not mentioned in the elmah.mvc documentation.
I am trying to log in to Azure Active Directory from my web page in cloud services. The log in screen comes up and I am able to log in OK. However when it sends me to my homepage it says "page cannot be displayed". In the Azure Active Directory configuration I added SSL localhost to the APP URI and Reply URL and configured the properties in VS2013 to show SSL = True and set the project URL to the localhost. I was able to access the page before I added the log in screen.
Relevant web.config settings:
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ida:FederationMetadataLocation" value="login.windows.net/conpro.com/FederationMetadata/2007-06/…; />
<add key="ida:Realm" value="localhost:44307/"; />
<add key="ida:AudienceUri" value="localhost:44307/"; />
</appSettings>
Your web.config URI values need to include https://. I'd suggest taking a look at this sample app as well.