Automatically deploy a LightSwitch-ready application pool with ability to set the app pool Identity.


This post elaborates further on my previous post on Integrating hosting web site creation in an automated LightSwitch factory. There were still two important missing pieces:

  • setting the application pool identity to a specific windows user
  • attaching a server ssl certificate to the ssl port of your hosting LightSwitch website.

This post will focus solely on full-blown application pool deployment. In a next post I will cover the scenario of  the ssl certificate. We can functionally separate the application pool deployment and the hosting website deployment. It’s perfectly possible to deploy first a new application pool without prior knowledge about the website. Only, what you probably need when deploying a new website is the name of the newly created application pool and attach it to your new website.

The general approach with webdeploy is:

  1. create a pre-template package from an existing ‘model’ application pool and massage this package in such a way it is “open for extension”, meaning it can be used with some additional parameters (e.g. the app pool Identity credentials). The massaged pre-template package will be our template application pool package.
  2. use the template package in all further app pool deployments with specific parameters (from a web deploy script)

Generate a pre-template for an application pool

From the IIS manager, create a new application pool









Call the application pool “PreTemplateAppPool”:














The settings so far,  of the application pool, doesn’t really matter, because we will override the values later on based on a parameter file.

Go now to the the advanced settings:



















and change the Identity (which is by default an ApplicationPoolIdentity. This should become a “specific user”. Why?  The reason is because we connect to our sql server database via integrated security (much safer than using sql server authentication !). This means that our application pool must run under a specific domain account that has access to the sql server database.

So click on Identity and change to Custom Account:













We’ll need here an existing domain account, but the account may be deleted directly after the creation of our template application pool package. Remember, we will override these credentials anyhow in an actual application pool package. But we need this “placeholder” in the application pool manifest because webdeploy is very strong in overriding values, but not in creating values.


Export now the application pool:












Click on Manage components:























And update as follows:


















Make sure the path matches the name of our PreTemplateAppPool. Click next – next and provide as package name: Provide also a password (I use here as example: “secret”). You’ll need this password afterwards !


Massage the pre-template application pool package towards a template application pool package.

The result of this step will be our final This step exists in creating some attached parameters to our pre-template package in such a way we can introduce parameters when doing a real applicatin pool deployment.

First, make an xml file called DeclareAppPoolParameters.xml with following content:

 <parameter name="managedPipelineMode" description="managedPipelineMode Classic or Integrated" defaultValue="Integrated">
  <parameterValidation type = "RegularExpression" validationString = "(Integrated|Classic)"/>
  <parameterEntry type="DeploymentObjectAttribute" scope="appPoolConfig" match="//@managedPipelineMode" />
 <parameter name="identityType" description="Application Pool Identity type under which an application pool's worker process runs." defaultValue="NetworkService">
  <parameterValidation type = "RegularExpression" validationString = "(NetworkService|SpecificUser)"/>
  <parameterEntry type="DeploymentObjectAttribute" scope="processModel" match="/processModel/@identityType" />
 <parameter name="username" description="Domain user name" defaultValue="domainusername">
  <parameterValidation type = "RegularExpression" validationString = "(?=^.{8,}$)((?=.*d)|(?=.*W+))(?![.n])(?=.*[A-Z])(?=.*[a-z]).*$"/>
  <parameterEntry type="DeploymentObjectAttribute" scope="processModel" match="/processModel/@userName" />
 <parameter name="password" description="Password of the domain user" tags="password" defaultValue="DefaultPassword">
    <parameterEntry type="DeploymentObjectAttribute" scope="processModel" match="/processModel/@password" />
   <parameter name="managedRuntimeVersion" description="managedRuntimeVersion" defaultValue="v4.0">
         <parameterValidation kind="RegularExpression" validationString="(v2.0|v4.0)" />
    <parameterEntry kind="DeploymentObjectAttribute" scope="appPoolConfig" match="//@managedRuntimeVersion" />


Run following script over the preTemplate application pool package:

"C:Program FilesIISMicrosoft Web Deploy V3msdeploy.exe"  -verb:sync -source:package="",encryptpassword="secret" -dest:package="",encryptpassword="secret" -declareParamFile:"D:DeployAppPoolManagementDeclareAppPoolParameters.xml"


Note that the destination package is the “TemplateAppPoolPackage”, the base for our future application pool deployments !  This package is now “parameter-ready”.

You may also delete now the PreTemplateAppPool from IIS and you may also delete the user account we used as “placeholder” identity in this package.

It’s advised to place the path to the msdeploy version you use (note there is both a 64 and 32 bit version !) into your PATH environment variable of your server. 

Deploy an application pool fully automated

Create an new xml file with your application pool specific parameters (call the file AppPoolParameters.xml):

 <setParameter name="managedPipelineMode" value="Integrated" />
 <setParameter name="identityType" value="SpecificUser" />
 <setParameter name="username" value="myrealdomainmyrealappPoolUser" />
 <setParameter name="password" value="myRealPassword" />
 <setParameter name="managedRuntimeVersion" value="v4.0" />

For a LightSwitch application:

  • the pipeline mode should be “Integrated”;
  • the IdentityType should be “SpecificUser”;
  • the managedRunTimeVersion should be “v4.0”.

Note that this package is ready for future LightSwitch upgrades, which might run under version 4.5 or higher !

The followiing script will do the deployment (DeployNewAppPool.cmd):

SET TemplateAppPoolPackage=""
SET AppPoolName="MyAppPool"
SET ComputerName="localhost"
SET AppPoolParametersFile="AppPoolParameters.xml"

%comspec% /c msdeploy.exe -verb:sync -source:package=%TemplateAppPoolPackage%,encryptpassword="secret"  -dest:appPoolConfig=%AppPoolName%,computerName=%ComputerName%  -setParamFile=%AppPoolParametersFile% > output.log 2> erroutput.log
echo off
if %errorlevel%==0 (
echo successfully deployed the app pool
) else (
echo Problem installing the app pool, check the log file !

You should run this script from the folder where your template package and parameter file is stored !

You can integrate this script in anything you want, errors will be logged in a log file.
Note that the application pool name (in my example “MyNewAppPool”)  is not specified as a parameter in the AppPoolParameters.xml but it’s entered in the msdeploy script itself. (I didn’t find a way to incorporate this as a parameter, in fact I think it’s impossible anyhow)

Of course, the application pool name is quite import because this will be the “link” to the website package we’ll create in my next blog post.

So, these are the files needed:










Quite a bit of work to make the initial application pool package, but when it’s up and running, it is a huge time-saver !