Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Enabling metaKey="siteName" Syntax

Updated: August 6, 2010

Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008 R2, Windows Vista, Windows XP

This topic shows the delegation rules that are required to allow the metaKey provider to take a virtual path argument instead of a metabase path argument when you use the Web Deployment handler.

The Web Deployment Handler

The Web Deploy handler uses the Web Management Service (WMSvc) to allow non-administrative users to access the sites and applications to which they have been delegated access by using a URL argument with the computerName provider setting (for example, computername=https://serverName/agent.mwd?Site=Site1). The handler is useful for Web hosting because it gives users control over the publishing of their own content while preventing them from having administrative rights on the Web server that hosts their content.

The metaKey Provider

You can use the metaKey provider to publish IIS 6.0 sites and applications to an IIS 7 server. The metaKey provider can take as an argument either a valid metabase path (such as lm/w3svc/1/root), or a virtual path (such as "Fabrikam Site 1"). On IIS 6.0, the site or application name can be found in the MetaBase.xml file in the ServerComment property of the Web site or application.

Delegation Rules are Required

To enable the metaKey="Fabrikam Site 1" syntax when you use the metaKey provider with the handler, you must first put certain delegation rules in the Administration.config file on the IIS 7 server. By default, the Administration.config file is located in the %windir%\system32\inetsrv\config folder.

The rule sets required for sites and applications are different. Example commands and corresponding configuration settings are given for each.

The following command uses the metaKey provider to synchronize the IIS. 6.0 "Default Web Site" website on the source computer to the destination computer Server1 by using the Web Management Service handler.

msdeploy.exe -verb:sync -source:metaKey="Default Web Site" -dest:metaKey="Site1",computername=https://Server1:8172/msdeploy.axd?Site=Site1,username=<userName>,password=<password>,authType=basic -allowUntrusted

The following table displays the Administration.config file delegation settings that are necessary to implement the example command.

 

Provider Path Description Example Path Identities to Allow

metaKey

metabase path

lm/w3svc/1

user, runas identity

metaKey

virtual path

Site1

user

dirPath

physical content path

c:\inetpub\wwwroot

user

dirPath

physical php path

c:\php

user

rootwebconfig32

virtual path

Default Web Site

user

machineconfig32

virtual path

Default Web Site

user

rootwebconfig64

virtual path

Default Web Site

user

machineconfig64

virtual path

Default Web Site

user

The following XML shows how the example settings are implemented in the Administration.config file.


<delegation allowAdministrators="false">

   <rule providers="metaKey" actions="*" path="/lm/w3svc/1">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>

      <runAs identityType="SpecificUser" userName="administrator" password="<password>" />
   </rule>

   <rule providers="metaKey" actions="*" path="Site1">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>

   <rule providers="dirpath" actions="*" path="d:\inetpub\wwwroot">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>

   <rule providers="dirpath" actions="*" path="d:\php">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>

   <rule providers="rootwebconfig32" actions="*" path="Default Web Site">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>

   <rule providers="machineconfig32" actions="*" path="Default Web Site">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>

   <rule providers="rootwebconfig64" actions="*" path="Default Web Site">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>

   <rule providers="machineconfig64" actions="*" path="Default Web Site">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>
</delegation>

The following command uses the metaKey provider to synchronize the IIS. 6.0 "Default Web Site/root/App1" web application on the source computer to WebSite1/root/App1 on destination server Server1 by using the Web Management Service handler.

msdeploy –verb:sync -source:metaKey="Default Web Site/root/App1" -dest:metaKey="WebSite1/root/App1",computername=https://Server1:8172/msdeploy.axd?Site=WebSite1,username=<userName>,password=<password>,authType=basic -allowUntrusted

The following table displays the Administration.config file delegation settings that are necessary to implement the example command.

 

Provider Path Description Example Path Identities to Allow

metaKey

metabase path

lm/w3svc/1/root/App1

user, runas identity

metaKey

virtual path

WebSite1/root/App1

user

dirPath

physical php path

c:\php

user

The following XML shows how the example settings are implemented in the Administration.config file.


<delegation allowAdministrators="false">

   <rule providers="metaKey" actions="*" path="/lm/w3svc/1/root/App1">
      <permissions>
         <user name="<userName>" isRole="false" accessType="Allow" />
      </permissions>

      <runAs identityType="SpecificUser" userName="administrator" password="<password>" />
   </rule>

   <rule providers="metaKey" actions="*" path="WebSite1/root/App1">
      <permissions>
         <user name="<username>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>

   <rule providers="dirpath" actions="*" path="d:\php">
      <permissions>
         <user name="<username>" isRole="false" accessType="Allow" />
      </permissions>
   </rule>
</delegation>

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.