Publish from Visual Studio and automatically encrypt appSettings using aspnet_regiis

I have web application that is deployed to my local IIS server under Sites\Default, it works fine and right now I want to make it more secure - I want to encrypt connection strings and appSettings.
Inside pubxml file I've added this line:

<MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule> 

but that only encrypts connections strings. I know that I can manually call:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/" 

on my server after deploy to encrypt external file containing appSettings, but I must do that manually.

My question is how can I deploy website from Visual Studio (Build > Publish) and have that aspnet_regiis command execute automatically after publish succeeded.

I found information that I could use runcommand and other about bat files, but I'm not calling MSDeploy from command line.
I've also found information that I should build custom provider and call it from MSDeploy.

How should I edit my pubxml file to get this behaviour?

EDIT1:
I've managed to hook After Deploy Target using:

<Target Name="EncryptAppSettings" AfterTargets="MSDeployPublish" >   <Message Text="Encrypting appSettings" />   <Exec Command="aspnet_regiis -pe &quot;appSettings&quot; -site Default -app &quot;/&quot;" />   <Message Text="AppPath: $(DeployIisAppPath)" /> </Target> 

But now I get this error:

The command "aspnet_regiis -pe "appSettings" -site Default -app "/"" exited with code 9009.

EDIT2:
I've tried using runCommand like this:

<ItemGroup>   <MsDeploySourceManifest Include="runCommand">     <path>aspnet_regiis -pe &quot;appSettings&quot; -site Default -app &quot;/&quot;</path>     <waitInterval>10000</waitInterval>     <AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>   </MsDeploySourceManifest> </ItemGroup> 

but I had no luck. I found blog about postSync:runCommand, but I'd like to call that directly from VS so I'd like to add that to publish profile.

EDIT3:
I'm adding my publish profile below:

<?xml version="1.0" encoding="utf-8"?> <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">   <PropertyGroup>     <WebPublishMethod>MSDeploy</WebPublishMethod>     <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>     <LastUsedPlatform>Any CPU</LastUsedPlatform>     <SiteUrlToLaunchAfterPublish />     <LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>     <ExcludeApp_Data>False</ExcludeApp_Data>     <MSDeployServiceURL>192.168.5.50</MSDeployServiceURL>     <DeployIisAppPath>Default</DeployIisAppPath>     <RemoteSitePhysicalPath />     <SkipExtraFilesOnServer>False</SkipExtraFilesOnServer>     <MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>     <EnableMSDeployBackup>True</EnableMSDeployBackup>     <MSDeployEnableWebConfigEncryptRule>True</MSDeployEnableWebConfigEncryptRule>     <UserName>LocalAdmin</UserName>     <_SavePWD>True</_SavePWD>     <PublishDatabaseSettings>       <Objects xmlns="">         <ObjectGroup Name="ApplicationDbContext" Order="1" Enabled="False">           <Destination Path="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;Application Name=EntityFramework" Name="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework" />           <Object Type="DbCodeFirst">             <Source Path="DBContext" DbContext="Api.ApplicationDbContext, Api" Origin="Configuration" />           </Object>         </ObjectGroup>       </Objects>     </PublishDatabaseSettings>   </PropertyGroup>    <PropertyGroup>     <UseMsdeployExe>true</UseMsdeployExe>     <AllowUntrustedCertificate>True</AllowUntrustedCertificate>   </PropertyGroup>    <ItemGroup>     <MSDeployParameterValue Include="$(DeployParameterPrefix)ApplicationDbContext-Web.config Connection String">       <ParameterValue>metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=192.168.5.51;Initial Catalog=GameBit;User ID=GUser;Password=MyRealPassword;MultipleActiveResultSets=True;Application Name=EntityFramework"</ParameterValue>     </MSDeployParameterValue>   </ItemGroup>    <!--<ItemGroup>   <MsDeploySourceManifest Include="runCommand">     <Path>dir</Path>   </MsDeploySourceManifest> </ItemGroup>-->     <!--<Target Name="EncryptImportantSettings" AfterTargets="MSDeployPublish" >     <Message Text="Encrypting appSettings" />     --><!--<Exec Command="aspnet_regiis -pe &quot;appSettings&quot; -site Default -app &quot;/&quot;" />--><!--   <ItemGroup>     <MsDeploySourceManifest Include="runCommand">       <path>dir/b >> C:\temp\log.txt</path>       --><!--<waitInterval>10000</waitInterval>--><!--       --><!--<AdditionalProviderSettings>waitInterval</AdditionalProviderSettings>--><!--     </MsDeploySourceManifest>   </ItemGroup>   <Message Text="AppPath: $(DeployIisAppPath)" />   </Target>--> </Project> 

I've noticed that when I use MSDeploy I can see command that is executed during publish:

"C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:manifest='D:\GameBit\API\obj\Release\Package\API.SourceManifest.xml' -dest:auto,ComputerName="https://192.168.5.50:8172/msdeploy.axd?site=Default",UserName='LocalAdmin',Password="MyRealPassword",IncludeAcls='False',AuthType='Basic' -verb:sync -enableRule:EncryptWebConfig -enableRule:EncryptWebConfig -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"D:\GameBit\API\obj\Release\Package\API.Publish.Parameters.xml" -allowUntrusted -retryAttempts=2 -userAgent="VS12.0:PublishDialog:WTE12.5.60612.0"

Can I add -postSync:runCommand="" to that command from publish profile? As I found on MS site this parameter allows to execute command on destination machine.

EDIT4:
I found information about Web Deploy Operation Settings and postSync setting, but I don't know where to set it, I don't want to edit Microsoft.Web.Publishing.targets from MSBuild folder

I need to execute command on remote machine after publish succeeded.

1 Answers

Answers 1

After going through your all edits and a bit of research from me , you want to execute the following command after the publish from the Visual Studio

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site Default -app "/"  

If i understood right , You can try wrapping the ItemGroup in a Target with AfterTargets set to AddIisSettingAndFileContentsToSourceManifest

<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">     <ItemGroup>       <MsDeploySourceManifest Include="runCommand">          //here would be your path that need to run after the publish       </MsDeploySourceManifest>     </ItemGroup>   </Target> 

So in Your case this is how that part should look:

<Target Name="executeinHosts" AfterTargets="AddIisSettingAndFileContentsToSourceManifest">     <ItemGroup>       <MsDeploySourceManifest Include="runCommand">          <path>C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pe "appSettings" -site $(DeployIisAppPath) -app "/"</path>       </MsDeploySourceManifest>     </ItemGroup>   </Target> 

If You Enjoyed This, Take 5 Seconds To Share It

• Facebook
• Twitter
• Google+
• StumbleUpon
• Digg
• Delicious
• LinkedIn
• Reddit
• Technorati