This article describes special considerations to take when installing Sitecore modules and packages on a production site. The article presents two alternative approaches.
1. Granting Access Temporarily
If a production site is set up according to the installation guide including the post-requisites, it isn't allowed to install most packages, as the ASPNET User doesn't have Write access to /bin, /sitecore modules etc. In order to install a package on the production site, follow the steps below:
Backup databases and files from the website; remember files that are not located under the website root, for example, files in the data folder which may have been moved to a non-public folder.
The website should now be considered down for maintenance. You may want to provide an "Under Maintenance" page on your website.
Grant access rights to allow the installation to create new files and folders. Specifically:
Grant the ASPNET User List Folder Contents rights from the file system root folder (e.g. "d:\") and all the children.
Grant Full Control to the website root folder (for example, "c:\Inetpub\wwwroot\Sitecore") and all the children.
Install the package or module using the Sitecore Client.
Perform any custom actions required by the package, for example, make changes to the web.config.
Remove the temporarily granted access rights from step 3 above.
Make sure that the website is running.*
The website should no longer be considered down for maintenance, so the “Under Maintanance” page should be removed.
During installation any files that should be copied to the /bin directory are copied to the temporary directory /bin_install. On the last step of the installation process, the files from this directory are copied to the /bin folder. This is necessary to ensure that ASP.NET restarts not during the installation, but after. Make sure that you have read/write rights to such a temporary folder.
* After successful installation, the Packager may have uploaded dll's to the /bin folder, which potentially could cause errors. This might include the CS-0006 Compilation error. Restart the website until the website recovers – you may need to do this multiple times.
2. Using Impersonation
In situations where ASP.NET lacks sufficient security rights to install packages, we can take another approach to allow remote installation of packages:
Create a Windows user with necessary rights. The exact set of required rights depends on the package being installed, but full access to site's root directory and "List Folder Contents" to file system's root directory (for example, "d:\") will suffice for all packages.
In IIS manager, navigate to the \sitecore folder
Choose Properties > Directory Security > Edit
Disable anonymous access
Enable Basic authentication (or Digest or Integrated Windows authentication - depending on your particular preferences).
Set impersonate=true in the web.config
Users are now asked for Login info when accessing the Sitecore Clients (for example, via http://www.mysite.com/sitecore). After typing the windows User info, login proceeds as usual, but the User will now have the security context of the Windows user with enough privileges to install the package.
This approach has one significant disadvantage - all editors trying to access the Sitecore Client will be required to enter login and password of a Windows User (unless it is intranet environment, and the Integrated Windows authentication is enabled).
3. Manually Installing a Package
If for some reason it is not possible to follow one of the preceding installation processes, a more manual process can be used. The package file is in fact a zip file which can be unpacked. The zip file contains both content Items and files. The zip file contains 3 folders: Items, files and metadata.
To manually install a package:
- Open the package file and extract files from the /files folder preserving folder structure.
- Delete /files folder from the zip file.
- You should now have a set of files and a package file, which contains only /items and /metadata.
- Backup databases and files from the website, remember files that are not located under the website root, for example, files in the data folder which may have been moved to a non-public folder.
- The website should now be considered down for maintenance. You may want to publish an "Under Maintenance" page on your website.
- Install the package with only Items and metadata using the client.
- Copy the extracted files to the website preserving the folder structure, so that existing files are overwritten.
- Perform any custom actions required by the package, for example, make changes to the web.config.
- Make sure that the website is running.
- The website should no longer be considered down for maintenance, so the “Under Maintanance” page should be removed.
The advantage of this approach is that the files are copied using the current Windows User, and you do not need to change any security settings.