Deployment with Web Deploy on localhost crashed after .net framework security updates.
I don't know how to contact the Web Deploy developers to fix this problem, so I'm posting this post here.
After recent .net framework security updates related to getting the path to a temporary directory using the System.IO.Path.GetTempPath()
method, a deployment using Web Deploy to localhost using the NT AUTHORITY\System
account broke.
The System.IO.Path.GetTempPath()
method started using the winapi GetTempPath2
method, which for the NT AUTHORITY\System account always returns the path C:\Windows\SystemTemp
.
The use case is as follows:
The Web Deployment Agent Service (MsDepSvc) is running from the NT AUTHORITY\Network Service
account (default).
The process that performs the deployment of the deployment package runs from the NT AUTHORITY\System
account and performs the deployment to localhost
.
<PackagePath>.deploy.cmd" /M:localhost /Y
The deployment process fails because the NT AUTHORITY\Network Service
account cannot create a temporary file in the NT AUTHORITY\System
account's temporary directory (C:\Windows\SystemTemp
) because it lacks permissions.
User: NT AUTHORITY\SYSTEM
Client IP: [::1]:80
Content-Type: application/msdeploy
Version: 9.0.0.0
MSDeploy.VersionMin: 7.1.600.0
MSDeploy.VersionMax: 9.0.8305.0
MSDeploy.Method: Sync
MSDeploy.RequestId: 41624330-f140-4d32-aa8c-f12ce18a8613
MSDeploy.RequestCulture: en-US
MSDeploy.RequestUICulture: en-US
ServerVersion: 9.0.8305.0
Skip: objectName="^configProtectedData$"
Provider: auto, Path:
A tracing deployment agent exception occurred that was propagated to the client. Request ID '41624330-f140-4d32-aa8c-f12ce18a8613'. Request Timestamp: '8/3/2024 12:24:16 PM'. Error Details:
System.UnauthorizedAccessException: Access to the path 'C:\Windows\SystemTemp\xpdvhkhm.tdj.params' is denied.
at Microsoft.Web.Deployment.NativeMethods.RaiseIOExceptionFromErrorCode(Win32ErrorCode errorCode, String maybeFullPath)
at Microsoft.Web.Deployment.FileStreamEx.CreateInstance(String path, FileMode fileMode, FileAccess fileAccess, FileShare fileShare, Nullable`1 fileLength, Nullable`1 lastModifiedTime)
at Microsoft.Web.Deployment.FileStreamEx.CreateInstance(String path, FileMode fileMode, FileAccess fileAccess)
at Microsoft.Web.Deployment.TempFileWithProcessIdentity..ctor(String fileName, String extension)
at Microsoft.Web.Deployment.TempFileWithProcessIdentity.CreateAutoDeletingTempFile(String extension, DeploymentBaseContext baseContext)
at Microsoft.Web.Deployment.DeploymentSyncParameterEntry.IsMatch(DeploymentSyncContext syncContext, DeploymentObject sourceObject, String value, DeploymentObject& replaceObject, String& errorMessage, String& valueRetreivalMessage)
at Microsoft.Web.Deployment.ParameterValueEntry.IsMatch(DeploymentSyncContext syncContext, DeploymentObject sourceObject, DeploymentObject& replaceObject)
at Microsoft.Web.Deployment.ParameterizationRuleHandler.GetObjectContext(DeploymentSyncContext syncContext, DeploymentObject sourceObject)
at Microsoft.Web.Deployment.ParameterizationRuleHandler.CompareAttribute(DeploymentSyncContext syncContext, DeploymentObject destinationObject, DeploymentObjectAttribute destinationAttribute, DeploymentObject sourceObject, DeploymentObjectAttribute sourceAttribute, Int32 currentComparison)
at Microsoft.Web.Deployment.DeploymentSyncContext.CompareAttribute(DeploymentObject destObject, DeploymentObjectAttribute destAttribute, DeploymentObject sourceObject, DeploymentObjectAttribute sourceAttribute)
at Microsoft.Web.Deployment.DeploymentSyncContext.CompareKeyAttributeHelper(DeploymentObject destObject, DeploymentObject sourceObject, Boolean compareObjectNames)
at Microsoft.Web.Deployment.DeploymentSyncContext.SyncDirPathChildren(DeploymentObject destRoot, DeploymentObject sourceRoot)
at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildrenNoOrder(DeploymentObject dest, DeploymentObject source)
at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildren(DeploymentObject dest, DeploymentObject source)
at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildrenNoOrder(DeploymentObject dest, DeploymentObject source)
at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildren(DeploymentObject dest, DeploymentObject source)
at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildrenOrder(DeploymentObject dest, DeploymentObject source)
at Microsoft.Web.Deployment.DeploymentSyncContext.ProcessSync(DeploymentObject destinationObject, DeploymentObject sourceObject)
at Microsoft.Web.Deployment.DeploymentObject.SyncToInternal(DeploymentObject destObject, DeploymentSyncOptions syncOptions, PayloadTable payloadTable, ContentRootTable contentRootTable, Nullable`1 syncPassId, String syncSessionId)
at Microsoft.Web.Deployment.DeploymentAgent.HandleSync(DeploymentAgentAsyncData asyncData, Nullable`1 passId, String user, String siteName)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequestWorker(DeploymentAgentAsyncData asyncData)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequest(DeploymentAgentAsyncData asyncData)
The NT AUTHORITY\Network Service
account was expected to get the path to the temporary directory in its user profile (C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
) and not the path (C:\Windows\SystemTemp
) that belongs to the NT AUTHORITY\System
account.