MSDeploy remote permissions needed for Windows 2003 Server / IIS 6 - iis

What are the permissions needed for running delegated deployments, using MSDeploy, targeting a Windows 2003 Server / IIS 6.0 ?
EDIT: this is a duplicate of ... How to allow non-admin user to deploy web applications on IIS 6 using web deploy

IIS6 can't be published to directly via Web Deploy, so you will need to use Web Deployment Agent. Once you have setup the agent, the endpoint address should look something like this:
http://myserver/MsDeployAgentService
Note this is not an HTTPS address and does not explicitly specify a port. Also, the account publishing to this endpoint must have admin rights on the server (nasty, but necessary). Finally, make sure the "Web Deployment Agent Service" is actually running because it's not set to start automatically by default.

Related

Connecting to an Azure App Service via IIS Manager (inetmgr)

Is it possible to remote-connect to an Azure App Service running on Windows with my IIS Manager?
This seems to have been possible according to this blog post by clicking in IIS Manager File -> Connect to a site.
I refer to the steps mentioned in the link shared by you and in the last step I got an error below.
I did some research on it and it looks like managing the App Service from IIS is not supported anymore. I have not got any official link but the below links might give you some information on it.
Microsoft.Web.Configuration.AppHostFileProvider not found after configured Remote IIS Administration for Microsoft Azure Web App
Can no longer manage any Web Apps with IIS Remote Manager - Could not load file or assembly - AppHostFileProvider
I'm not sure for what purpose why you want to. My thoughts is you shouldn't be doing that as it defeat the purpose of PaaS services. Cannot access the iis layer in app service however you can still configure in web.config of your web app.

Web Deploy unable to validate connection

I am trying to learn how to setup Web Deploy functionality on both sides Server and host/client computer. Created a Windows Server 2012 Web Server in Hyper-V and able to access default web page in host/client computer. On server installed Web Maintenance Service, Web Deploy 3.5 and performed all the required steps e.g. "Configure Web Deploy Publishing" and added Administrator to IIS Manager Permission for the website in IIS. I disabled Firewall totally to make it work for the first time.
On client computer I created a dummy MVC Application in Visual Studio and trying to create publish profile for this app. As soon as I hit the Validate Connection I got the option to receive and save the security certificate from server but after that in gives me following warning (snapshot):
Tried doing all the steps all over but no luck.
I am open to all feedback. Thanks in advance.
Found the solution. Instead of adding publish information manually, I am suppose to use publishsetting file generated in server through "Configure Web Deploy Publishing" feature of IIS. Server address ends with file name which ends with .axd

Minimum install of Shibboleth on IIS, when Deamon is on Separate Computer

I have a Shibboleth service provider (SP) served by a web farm with no outbound internet access (for security reasons). The web farm forwards authentication requests to the shibboleth daemon running on a computer that does have outbound internet.
Because of this separation, I'd like to minimize the installation on each box in the web farm. I have the following questions:
Is it possible to xcopy-deploy Shibboleth to the web farm, rather than using the installer? If so, what are the minimum files in addition to the isapi_shib.dll?
If using the installer on each server in the web farm is necessary, what folders/files can be removed post-installation? (For instance, I see I can disable the "Shibboleth 2 Daemon" service...)
And by-the-way I am using using http://www.testshib.org for integration testing.

ERROR_USER_UNAUTHORIZED when deploy to IIS 7.5 when using IIS manager user

I'm trying to deploy from a teamcity server to my iis server but I get unauthorized when I use an IIS Manager user set up in IIS. If I use a Windows account it works just fine. Am I missing something?
I thought it was enough to create an IIS Manager User in ISS, or do I have to add that user to the domain or server I'm trying to deploy to?
In the Management Service Delegation I have added two rules, it could probably be combined into one. The first rule is for contentPath and iisApp and the second is for createApp. Both rules are run as an administrator user. I have added that all users (*) are allowed to execute the rule.
Is it something else I need to enable on the target server for it to work with IIS Manager Users?
I get the following message in my event viewer:
IISWMSVC_AUTHORIZATION_SERVER_NOT_ALLOWED
Only Windows Administrators are allowed to connect using a server connection.
Other users should use the 'Connect To Site or Application' task to be able to connect.
Process:WMSvc
Ok, I've been looking for an answer for some time and couldn't find it... but of course I figure it out myself as soon as I post the question here. The answer to my problem was that I have to add the IIS Manager User to the site which I want to deploy to. So if I selected the sites and then opened up the "IIS Manager Permissions" and added my user it all started working just as expected.

WMSVC works, Web Deploy Agent throws 401

I'm trying to get msdeploy working from the command line, and can successfully test against the WMSVC directly (using HTTPS, port 8172) with both a local admin account and using an IIS Manager user account. Here's the command line:
> msdeploy -verb:dump -source:appHostConfig=MyWebsite,wmsvc=myserver,username=iisuser,password=password -allowuntrusted
So, wmsvc= directs msdeploy to use https://myserver:8172/msdeploy.axd . However, because the target host firewall doesn't allow port 8172, I'd really like to use the Web Deployment Agent Service over port 80. But, it responds with a 401 when I change wmsvc to computerName:
> msdeploy -verb:dump -source:appHostConfig=MyWebsite,computername=myserver,username=myserver\localadmin,password=password
where computername= directs msdeploy to use http://myserver/MSDEPLOYAGENTSERVICE . In a browser, that URL prompts for username/password, and returns a blank page (if authenticated), so it seems to be listening and authenticating properly. Also, I've added full rights to the site root for NETWORK SERVICE.
What's the difference in using the Web Deployment Agent Service over the standard WMSVC? Thanks in advance!
As far as I've discovered so far, the differences are:
WMSVC is tightly bound with IIS, whereas the remote agent appears not to be
WMSVC users can be windows or IIS users, and you can delegate permissions via the IIS manager so they can run some tasks under other security accounts etc. You can also control the paths that they are allowed to do things under.
Remote agent users can only execute tasks within the context of their own account on the machine: you control what they can do directly through the windows security mechanism.

Resources