I control a server running IIS 8 on Windows Server 2012. I want to publish a few basic asp.net websites with the Publish option in Visual Studio 2012. There are no good/current Microsoft articles on the server configuration steps.
1) What exactly do I need to do on the server? I don't see any "web deploy" role option under the various IIS roles. I have read of some people downloading and installing "Web Deploy 3.0" from Microsoft but that file is one year old and it seems strange that I would have to download another file to use a promoted IIS file deployment option. If you are using IIS7 or IIS7.5 instead of IIS8 like me, please feel free to reply what YOU do, but let me know what version you are using.
2) Is the authentication process encrypted? For example, FTP would send passwords in plain text. FTP over SSL doesn't but setting up even a self-issued SSL cert is annoying just to get secure authentication. So what about Web Deploy? Is it safe or no?
3) Must I open port 8172 on the server's firewall? Microsoft's documentation says I "might need to".
4) On the Visual Studio side, it wants an account for authentication. Is this a Windows account on the server? Should I then right click the IIS website folder on the server and add this user there or is there some other preferred way of mapping users to websites? If so, what rights are required?
Please answer any or all of the above but please focus on the server side configuration and not the client (visual studio). Please don't suggest FTP as I am truly wanting to try Web Deploy. I am adding an IIS 7.5 tag too since some of the answers may be the same as for IIS 8.
It appears that one must still download the Web Deploy extension. Also, Version 3.5 is now available.
To download on a server, default IE security rules will require you add something like http://*.microsoft.com as a trusted site else you can't download the installer.
The whole package is rather large in its purpose and covers many deployment/backup/transfer type scenarios for IIS. So, when you install it, it turns into "Web Platform Installer 4.6" and installs roughly 10 prerequisites in addition to Web Deploy 3.5. Those prerequisites covers CLR Types, SQL Server framework (even if you don't have SQL Server installed), SQL Server shared management objects, etc. I did check afterwards if all these items are uninstallable through control panel (in case I changed my mind about web deploy) and they are there.
Finally, to configure web deploy on a site, I found this document:
http://www.iis.net/learn/publish/using-web-deploy/configure-the-web-deployment-handler
To find more information about this, google "web deployment handler".
It also does appear that you can configure secure authentication, which is the main reason I went down this Web Deploy publishing path instead of using plain clear-text FTP. However, http://www.iis.net/learn/publish/using-web-deploy/introduction-to-web-deploy says
Web Deploy is secure. Web Deploy supports transfer over HTTPS. Note that variants of FTP such as SFTP and FTPS are also secure.
I'm not sure if this means I will have to use an SSL certificate anyway. I was hoping Web Deploy provided more authentication options that were both secure and didn't need a certificate.