Allowing non-admin users to deploy web applications on IIS 7 using web deploy 2.0

  • Article

One of the main features of web deploy is integration with the IIS 7.0 Web Management Service (WMSVC) for remote deployment by non-administrators. Lets see how to do that.

1. Installing Web Management Service (WMSVC)

Click Server Manager in the Start menu, select the Roles node in the left-hand tree view, and scan down to find the Web Server (IIS) role. Click Add Role Services and select the Management Service component.

2. Installing WebDeploy 2.0.

Following link lists down steps to install web Deploy: https://learn.iis.net/page.aspx/421/installing-web-deploy/

3. Configure WMSvc Settings

  • Open IIS Manager.
  • In the Connections pane, click the server node in the tree.
  • In Features View, double-click Management Service.
  • On the Management Service page, in the Actions pane, click Stop to stop the service.
  • Select Enable remote connections. This enables server administrators to connect remotely to the server, sites, and applications.
  • Optionally, if you want to allow non-administrators to connect to sites and applications by using IIS Manager, configure the options under Identity Credentials:
  • Select Windows credentials only if you want to limit connections to users who have Windows credentials.
  • Select Windows credentials or IIS Manager credentials if you want to accept connections from users who have Windows credentials and users who have IIS Manager credentials.
  • In the Actions pane, click Apply and then click Start.

 

 

4. Configure Management Service Delegation rule

  • Open IIS Manager.
  • In the Connections pane, click the server node in the tree.
  • In Features View, double-click Management Service Delegation.
  • On the Management Service page, in the Actions pane, click "Add rule".
  • Select Blank Rule template.
  • Configure the rule as per below mentioned settings:
  • Providers: setAcl, createApp, contentPath, iisApp
  • Actions: *
  • Path Type: Path Prefix
  • Identity type: ProcessIdentity
  • Click ok.
  • Add the non-admin user to this rule.

 

 

 

 5. Adding permissions for non-admin user on the website. 

 

  • Open IIS Manager.
  • In the Connections pane, click the desired Website in Sites tree.
  • In Features View, double-click IIS Manager Permissions.
  • On the IIS Manager Permissions page, in the Actions pane, click "Allow User".
  • Add non-admin user here.

6. Verify if remote delegation has been set correctly for the user.

- Open IIS Manager.

- In the Connections pane, select Connect to Site.

  

- Enter the Server and Site names and press next.

-  Enter the User Credentials and press next.

-  Enter a name for your Connection.

- Right Click on Website connection, and you would get "Deploy Option". 

 

 - We will get options under Deploy Section based on the Providers added to management service delegation rule.

Try adding different providers and explore more options that are available with Web Deploy. 

Fig1.jpg