/ 技术

使用Visual Studio Web Deploy发布ASP.NET Core至IIS

操作系统要求

  • Windows 7及以上
  • Windows Server 2008 R2及以上

IIS配置

在服务器管理器中,通过添加角色和功能的向导,在服务器角色中勾选Web服务器(IIS),并安装。

安装.NET Core Windows Server Hosting包

  1. 安装.NET Core Windows Server Hosting,这个包会安装.NET Core运行时、.NET Core库和ASP.NET Core模块,这个模块会在IIS和Kestrel服务器之间创建反向代理。
  2. 重启服务器,或者从命令行执行net stop was /y,接着执行net start w3svc

更多关于ASP.NET Core模块以及针对该模块的配置、web.config中系统变量的设置、app_ofline.htm的使用、模块日志的激活等,请参阅ASP.NET Core Module Configuration Reference

应用程序配置

添加对Microsoft.AspNetCore.Server.IISIntegration包的依赖,添加.UseIISIntegration()WebHostBuilder()中以引入IIS集成中间件。

var host = new WebHostBuilder()
  .UseKestrel()
  .UseContentRoot(Directory.GetCurrentDirectory())
  .UseIISIntegration()
  .UseStartup<Startup>()
  .Build();

需要指出的是,添加.UseIISIntegration()并不会影响代码的可移植性。

为IISIntegration服务设置IISOptions

为了配置IISIntegration服务,需要在ConfigureServices中为IISOptions添加服务器配置。

services.Configure<IISOptions>(options => {
  ...
});
Option Setting
AutomaticAuthentication If true, the authentication middleware will alter the request user arriving and respond to generic challenges. If false, the authentication middleware will only provide identity and respond to challenges when explicitly indicated by the AuthenticationScheme.
ForwardClientCertificate If true and the MS-ASPNETCORE-CLIENTCERT request header is present, the ITLSConnectionFeature will be populated.
ForwardWindowsAuthentication If true, authentication middleware will attempt to authenticate using platform handler windows authentication. If false, authentication middleware won’t be added.

publish-iis工具

The publish-iis tool can be added to any .NET Core application and will configure the ASP.NET Core Module by creating or modifying the web.config file. The tool runs after publishing with the dotnet publish command or publishing with Visual Studio and will configure the processPath and arguments for you. If you’re publishing a web.config file by including the file in your project and listing the file in the publishOptions section of project.json, the tool will not modify other IIS settings you have included in the file.

To include the publish-iis tool in your application, add entries to the tools and scripts sections of project.json.

"tools": {
  "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-preview2-final"
},
"scripts": {
  "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
}

Web Deploy配置

第一步需要确保你的服务器支持ASP.NET Core,必要的条件是:

  1. 安装了IIS 7.5+
  2. 安装了HttpPlatformHandler
  3. 安装了Web Deploy v3.6

HttpPlatformHandler是一个新的组件,用来连接IIS和ASP.NET Core应用程序,下载链接如下:

安装HttpPlatformHandler之前,需要先安装Web Deploy v3.6,可以通过Web Platform Installer(WebPI),或者直接从下载中心下载,不过推荐通过WebPI的方式下载,它提供了独立的安装并且包含了一些必要的配置。

在IIS中配置站点

  1. 在IIS管理器中新建一个网站,输入网站名、物理地址以及域名绑定的配置。
  2. 设置应用程序池的.NET CLR版本为无托管代码。
  3. 右键网站->部署->启用Web Deploy发布...,会在桌面生成一个.PublishSettings后缀的配置文件,复制出来,后续操作中需要导入到Visual Studio中。

配置数据保护

为了持久化数据保护的密钥,你必须为每个应用程序池创建注册表存储单元来存储这些密钥。需要为每个ASP.NET Core应用程序池执行这个PowerShell脚本Provisioning PowerShell

For web farm scenarios developers can configure their applications to use a UNC path to store the data protection key ring. By default this does not encrypt the key ring. You can deploy an x509 certificate to each machine and use that to encrypt the keyring. See the configuration APIs for more details.

Warning: Data Protection is used by various ASP.NET middlewares, including those used in authentication. Even if you do not specifically call any Data Protection APIs from your own code you should configure Data Protection with the deployment script or in your own code. If you do not configure data protection when using IIS by default the keys will be held in memory and discarded when your application closes or restarts. This will then, for example, invalidate any cookies written by the cookie authentication and users will have to login again.

关于配置IIS,可以前往Publishing to IIS查看更多详情。下面我们来看看Visual Studio中的步骤。

通过Visual Studio发布

在配置好服务器之后,下一步就是在Visual Studio中创建一个发布配置文件。将ASP.NET Core应用程序发布到标准的IIS服务器上最简单的方法就是使用发布配置文件。如果你的服务器支持创建发布配置文件,可以下载过来,然后在Visual Studio发布对话框中导入进来。

如果发现使用Web Deploy无法部署,可能是由于数据保护没有配置好,也可以不配置,在pubxml中添加如下两行:

<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
<UsePowerShell>False</UsePowerShell>

参考链接