Configuring a Web Server for Web Deploy Publishing (Offline Deployment)
by Jason Lee
This topic describes how to configure an IIS web server to support offline web publishing and deployment.
When you work with Internet Information Services (IIS) Web Deployment Tool (Web Deploy) 2.0 or later, there are three main approaches you can use to get your applications or sites onto a web server. You can:
- Use the Web Deploy Remote Agent Service. This approach requires less configuration of the web server, but you need to provide the credentials of a local server administrator in order to deploy anything to the server.
- Use the Web Deploy Handler. This approach is a lot more complex and requires more initial effort to set up the web server. However, when you use this approach, you can configure IIS to allow non-administrator users to perform the deployment. The Web Deploy Handler is only available in IIS version 7 or later.
- Use offline deployment. This approach requires the least configuration of the web server, but a server administrator must manually copy the web package onto the server and import it through IIS Manager.
For more information on the key features, advantages, and disadvantages of these approaches, see Choosing the Right Approach to Web Deployment.
Yes, if your network infrastructure or security restrictions prevent remote deployment. This is most likely to be the case in Internet-facing production environments, where the web servers are isolated—either physically or by firewalls and subnets—from the rest of your server infrastructure.
Obviously, this approach becomes less desirable if your web applications are updated on a regular basis. If your infrastructure allows it, you may want to consider enabling remote deployment, using either the Web Deploy Handler or the Web Deploy Remote Agent Service.
To configure the web server to support offline import and deployment of web packages, you'll need to:
- Install IIS 7.5 and the IIS 7 recommended configuration.
- Install Web Deploy 2.1 or later.
- Create an IIS website to host the deployed content.
- Disable the Web Deployment Agent Service.
To host the sample solution specifically, you'll also need to:
- Install the .NET Framework 4.0.
- Install ASP.NET MVC 3.
This topic will show you how to perform each of these procedures. The tasks and walkthroughs in this topic assume that you're starting with a clean server build running Windows Server 2008 R2. Before you continue, ensure that:
- Windows Server 2008 R2 Service Pack 1 and all available updates are installed.
- The server is domain-joined.
- The server has a static IP address.
Install Products and Components
This section will guide you through installing the required products and components on the web server. Before you begin, a good practice is to run Windows Update to ensure that your server is fully up to date.
In this case, you need to install these things:
- IIS 7 Recommended Configuration. This enables the Web Server (IIS) role on your web server and installs the set of IIS modules and components that you need in order to host an ASP.NET application.
- .NET Framework 4.0. This is required to run applications that were built on this version of the .NET Framework.
- Web Deployment Tool 2.1 or later. This installs Web Deploy (and its underlying executable, MSDeploy.exe) on your server. Web Deploy integrates with IIS and lets you import and export web packages.
- ASP.NET MVC 3. This installs the assemblies you need to run MVC 3 applications.
This walkthrough describes the use of the Web Platform Installer to install and configure various components. Although you don't have to use the Web Platform Installer, it simplifies the installation process by automatically detecting dependencies and ensuring that you always get the latest product versions. For more information, see Microsoft Web Platform Installer 3.0.
To install the required products and components
Download and install the Web Platform Installer.
When installation is complete, the Web Platform Installer will launch automatically.
You can now launch the Web Platform Installer at any time from the Start menu. To do this, on the Start menu, click All Programs, and then click Microsoft Web Platform Installer.
At the top of the Web Platform Installer 3.0 window, click Products.
On the left side of the window, in the navigation pane, click Frameworks.
In the Microsoft .NET Framework 4 row, if the .NET Framework is not already installed, click Add.
You may have already installed the .NET Framework 4.0 through Windows Update. If a product or component is already installed, the Web Platform Installer will indicate this by replacing the Add button with the text Installed.
In the ASP.NET MVC 3 (Visual Studio 2010) row, click Add.
In the navigation pane, click Server.
In the IIS 7 Recommended Configuration row, click Add.
In the Web Deployment Tool 2.1 row, click Add.
Click Install. The Web Platform Installer will show you a list of products—together with any associated dependencies—to be installed and will prompt you to accept the license terms.
Review the license terms, and if you consent to the terms, click I Accept.
When the installation is complete, click Finish, and then close the Web Platform Installer 3.0 window.
If you installed the .NET Framework 4.0 before you installed IIS, you'll need to run the ASP.NET IIS Registration Tool (aspnet_regiis.exe) to register the latest version of ASP.NET with IIS. If you don't do this, you'll find that IIS will serve static content (like HTML files) without any problems, but it will return HTTP Error 404.0 – Not Found when you attempt to browse to ASP.NET content. You can use the next procedure to ensure that ASP.NET 4.0 is registered.
To register ASP.NET 4.0 with IIS
Click Start, and then type Command Prompt.
In the search results, right-click Command Prompt, and then click Run as administrator.
In the Command Prompt window, navigate to the %WINDIR%\Microsoft.NET\Framework\v4.0.30319 directory.
Type this command, and then press Enter:
If you plan to host 64-bit web applications at any point, you should also register the 64-bit version of ASP.NET with IIS. To do this, in the Command Prompt window, navigate to the %WINDIR%\Microsoft.NET\Framework64\v4.0.30319 directory.
Type this command, and then press Enter:
As a good practice, use Windows Update again at this point to download and install any available updates for the new products and components you've installed.
Configure the IIS Website
Before you can deploy web content to your server, you need to create and configure an IIS website to host the content. Web Deploy can only deploy web packages to an existing IIS website; it can't create the website for you. At a high level, you'll need to complete these tasks:
- Create a folder on the file system to host your content.
- Create an IIS website to serve the content, and associate it with the local folder.
- Grant read permissions to the application pool identity on the local folder.
Although there's nothing stopping you from deploying content to the default website in IIS, this approach is not recommended for anything other than test or demonstration scenarios. To simulate a production environment, you should create a new IIS website with settings that are specific to the requirements of your application.
To create and configure an IIS website
On the local file system, create a folder to store your content (for example, C:\DemoSite).
On the Start menu, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In IIS Manager, in the Connections pane, expand the server node (for example, PROWEB1).
Right-click the Sites node, and then click Add Web Site.
In the Site name box, type a name for the IIS website (for example, DemoSite).
In the Physical path box, type (or browse to) the path to your local folder (for example, C:\DemoSite).
In the Port box, type the port number on which you want to host the website (for example, 85).
The standard port numbers are 80 for HTTP and 443 for HTTPS. However, if you host this website on port 80, you'll need to stop the default website before you can access your site.
Leave the Host name box blank, unless you want to configure a Domain Name System (DNS) record for the website, and then click OK.
In a production environment, you'll likely want to host your website on port 80 and configure a host header, together with matching DNS records. For more information on configuring host headers in IIS 7, see Configure a Host Header for a Web Site (IIS 7). For more information on the DNS Server role in Windows Server 2008 R2, see DNS Server Overview and DNS Server.
In the Actions pane, under Edit Site, click Bindings.
In the Site Bindings dialog box, click Add.
In the Add Site Binding dialog box, set the IP address and Port to match your existing site configuration.
In the Host name box, type the name of your web server (for example, PROWEB1), and then click OK.
The first site binding allows you to access the site locally using the IP address and port or
http://localhost:85. The second site binding allows you to access the site from other computers on the domain using the machine name (for example, http://proweb1:85).
In the Site Bindings dialog box, click Close.
In the Connections pane, click Application Pools.
In the Application Pools pane, right-click the name of your application pool, and then click Basic Settings. By default, the name of your application pool will match the name of your website (for example, DemoSite).
In the .NET Framework version list, select .NET Framework v4.0.30319, and then click OK.
The sample solution requires .NET Framework 4.0. This is not a requirement for Web Deploy in general.
In order for your website to serve content, the application pool identity must have read permissions on the local folder that stores the content. In IIS 7.5, application pools run with a unique application pool identity by default (in contrast to previous versions of IIS, where application pools would typically run using the Network Service account). The application pool identity is not a real user account and does not show up on any lists of users or groups—instead, it's created dynamically when the application pool is started. Each application pool identity is added to the local IIS_IUSRS security group as a hidden item.
To grant permissions to an application pool identity on a file or folder, you have two options:
- Assign permissions to the application pool identity directly, using the format IIS AppPool(application pool name) (for example, IIS AppPool\DemoSite).
- Assign permissions to the IIS_IUSRS group.
The most common approach is to assign permissions to the local IIS_IUSRS group, because this approach lets you change application pools without reconfiguring file system permissions. The next procedure uses this group-based approach.
For more information on application pool identities in IIS 7.5, see Application Pool Identities.
To configure folder permissions for an IIS website
In Windows Explorer, browse to the location of your local folder.
Right-click the folder, and then click Properties.
On the Security tab, click Edit, and then click Add.
Click Locations. In the Locations dialog box, select the local server, and then click OK.
In the Select Users or Groups dialog box, type IIS_IUSRS, click Check Names, and then click OK.
In the Permissions for (folder name) dialog box, notice that the new group has been assigned the Read & execute, List folder contents, and Read permissions by default. Leave this unchanged and click OK.
Click OK to close the (folder name) Properties dialog box.
Disable the Remote Agent Service
When you install Web Deploy, the Web Deployment Agent Service is installed and started automatically. This service allows you to deploy and publish web packages from a remote location. You won't be using the remote deployment capability in this scenario, so you should stop and disable the service.
You don't need to stop the remote agent service in order to import and deploy a web package manually. However, it's a good practice to stop and disable the service if you don't plan to use it.
You can stop and disable a service in multiple ways, using various command-line utilities or Windows PowerShell cmdlets. This procedure describes a straightforward UI-based approach.
To stop and disable the remote agent service
On the Start menu, point to Administrative Tools, and then click Services.
In the Services console, locate the Web Deployment Agent Service row.
Right-click Web Deployment Agent Service, and then click Properties.
In the Web Deployment Agent Service Properties dialog box, click Stop.
In the Startup type list, select Disabled, and then click OK.
At this point, your web server is ready for offline web package deployment. Before you attempt to import web packages to an IIS website, you may want to check these key points:
- Have you registered ASP.NET 4.0 with IIS?
- Does the application pool identity have read access to the source folder for your website?
- Have you stopped the Web Deployment Agent Service?