DiscountASP.NET

Visual Studio deployment with webdeploy causes permission issue

For certain applications, you might need to write/modify files on your site, e.g., logging, file based database, etc.  Recently, we have seen some customers reporting an access denied error when their application tries to write/modify files within their website.

We found that when you deploy your website using the WebDeploy feature of Visual Studio 2010, the deployment package actually contains couple of SetAcl rules

  1. change the aspnet user to only have read access.
  2. Change the aspnet user to have change (RW) access to the app_Data directory

This means that if the file you are trying to change is not within the app_Data directory, you’ll get an access denied error.

In theory, this concept is good because it makes your site more secure, however, there are some problems associated with it.

So…what do we do?

After some research, it looks like you can configure VS.NET to not change the NTFS permission when deploying using webdeploy.  The process is not very straightforward, but works nonetheless:

I am sure Microsoft will make some enhancements to VS.NET in the future releases.  In the meantime, you’ll have to use this rather tedious workaround.

Frank Cheung
CTO

Exit mobile version