IIS Application Pool Identity permissions reset on every Visual Studio app Publish

Question

Following the instructions in this questions I can successfully change the permissions for the application pool identity

However, after I publish the web app...

The application pool identity's has been reset to just Read

How can I give the application pool identity full permissions even after I re-publish the web app? The same behavior also occurs if I give IUSR full permissions.

Answer 1

As far as I know, if you use Web Deploy from Visual Studio, the publish will overwrite the ACLs on the server by clearing them to the inherited defaults of the parent.

To avoid update ACL each time when you publish your web application.

You could try to add below command in your PublishProfiles's pubxml.

 <IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>

Details publish profile as below:

<?xml version="1.0" encoding="utf-8"?>
<!--
This file is used by the publish/package process of your Web project. You can customize the behavior of this process
by editing this MSBuild file. In order to learn more about this please visit https://go.microsoft.com/fwlink/?LinkID=208121. 
-->
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <PropertyGroup>
    <WebPublishMethod>MSDeploy</WebPublishMethod>
    <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
    <LastUsedPlatform>Any CPU</LastUsedPlatform>
    <SiteUrlToLaunchAfterPublish />
    <LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
    <ExcludeApp_Data>False</ExcludeApp_Data>
    <MSDeployServiceURL>http://localhost:9825/</MSDeployServiceURL>
    <DeployIisAppPath>WebFormApplication</DeployIisAppPath>
    <RemoteSitePhysicalPath />
    <SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
    <MSDeployPublishMethod>InProc</MSDeployPublishMethod>
    <EnableMSDeployBackup>False</EnableMSDeployBackup>
    <UserName />
    <_SavePWD>False</_SavePWD>
     <IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>
    <PublishDatabaseSettings>
      <Objects xmlns="">
        <ObjectGroup Name="DefaultConnection" Order="1" Enabled="False">
          <Destination Path="" />
          <Object Type="DbCodeFirst">
            <Source Path="DBContext" DbContext="WebFromIdentityTest.Models.ApplicationDbContext, WebFromIdentityTest" Origin="Configuration" />
          </Object>
        </ObjectGroup>
      </Objects>
    </PublishDatabaseSettings>
  </PropertyGroup>
  <ItemGroup>
    <MSDeployParameterValue Include="$(DeployParameterPrefix)DefaultConnection-Web.config Connection String" />
  </ItemGroup>
</Project>

Then you will find the permission will not be changed after you publish the application.