How to set useAppPoolCredentials during Website Deployment?

Joseph's Avatar

Joseph

09 Aug, 2017 09:07 PM

In the Configuration Editor of an IIS Website
Section: system.webServer/security/authentication/windowsAuthentication
I need to set the useAppPoolCredentials property to true

Manual Example and explanation:
http://woshub.com/configuring-kerberos-authentication-on-iis-website/

Do I have to write a custom powershell script or is there something already built into Octopus Deploy?

  1. Support Staff 1 Posted by Kenneth Bates on 10 Aug, 2017 05:24 AM

    Kenneth Bates's Avatar

    Hi Joseph,

    Thanks for getting in touch! By default, the useAppPoolCredentials property is set to false, and we don't set that property directly. You would most likely need to write a custom PowerShell script to write it to true.

    However, you may be able to add this to your web.config to enable it:
    https://technet.microsoft.com/en-au/library/dd573004(v=office.13).aspx

    Though this section may require specific permissions, and the app pool user may not have them.

    I hope this helps. Let me know how you go and if you have any further questions at all.

    Kind regards,

    Kenny

  2. 2 Posted by Joseph on 10 Aug, 2017 04:10 PM

    Joseph's Avatar

    Authentication sections are usually locked, i.e. they can't be written to a web.config file but have to be written to the central applicationhost.config file instead.

    The easiest way to do this I find is to build the PowerShell/C#/etc from IIS configuration editor.

    To do this;

    1) Open Inetmgr (IIS)
    2) Click on the site you want to target.
    3) Feature View, Configuration Editor down at the bottom left.
    4) From here, browse to the section of the configuration you want to edit, and make the change
    5) Then click "Generate Script" on the top right.

    I then slighlty modified this code to go in a .csx file inside a nuget file (included Microsoft.Web.Administration.dll in the nuget file).
    Then I created a step template from that nuget file.

    Here is the code for the CSX file
    -----------------------------------------------
    #r "Microsoft.Web.Administration.dll";

    using System;
    using System.Text;
    using Microsoft.Web.Administration;

    string SiteName = Env.ScriptArgs[0];

    Console.WriteLine("Setting UseAppPoolCredentials to True");
    Console.WriteLine("-------------------------------------------");
    Console.WriteLine();
    Console.WriteLine();
    using(ServerManager serverManager = new ServerManager())
    {
    Configuration config = serverManager.GetWebConfiguration(SiteName);

    ConfigurationSection windowsAuthenticationSection = config.GetSection("system.webServer/security/authentication/windowsAuthentication");
    windowsAuthenticationSection["useAppPoolCredentials"] = true;

    serverManager.CommitChanges();
    }
    Console.WriteLine();
    Console.WriteLine();
    Console.WriteLine("-------------------------------------------");
    Console.WriteLine("End Setting UseAppPoolCredentials to True");
    --------------------------

    Thanks for making Octopus Deploy robust

  3. Support Staff 3 Posted by Kenneth Bates on 11 Aug, 2017 05:33 AM

    Kenneth Bates's Avatar

    Hi Joseph,

    That's really great to hear! Thanks for taking the time to outline your process so thoroughly. I'm sure other users will benefit from this, and I'll definitely refer to your solution in the future. :)

    Don't hesitate to reach out if you have any further questions going forward.

    Kind regards,

    Kenny

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac