new build process

Build/Build.ps1

@@ -2,16 +2,17 @@ $ErrorActionPreference = "Stop"
 $buildpath = $PSScriptRoot
 
 $buildbin = "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\amd64\msbuild.exe"
-$publishtemp = "$buildpath\temp"
+$publishtemp = "$buildpath\Release"
 $solutionpath = resolve-path "$buildpath\..\webjea"
 $solutionfile = "$solutionpath\webjea.sln"
-$publishpath = "$solutionpath\bin"
-$packagepath = "$buildpath\Package"
+$publishpath = "$solutionpath\bin\app.publish"
+$packagepath = "$buildpath\template"
 $assemblyFile = "$solutionpath\My Project\AssemblyInfo.vb"
 # $projpath = "C:\prj\webjea ce\WebJEA\WebJEA\WebJEA.vbproj"
-$dllfile = "$publishpath\webjea.dll"
+$dllfile = "$publishpath\bin\webjea.dll"
 # $projxml = [xml](gc $projpath -raw)
-$outpath = "C:\prj\webjea ce\Release"
+$outpath = resolve-path "$buildpath\..\Release"
+New-Item $outpath -ItemType directory -ea 0
 
 $buildDT = get-date
 $Major = 1
@@ -25,8 +26,12 @@ $assemblyinfo = gc $assemblyfile | ?{$_ -notlike '*AssemblyVersion*'}
 $assemblyinfo += '<Assembly: AssemblyVersion("{0}")>' -f $ver
 $assemblyinfo | out-file $assemblyfile -Encoding UTF8
 
+#clean folders folder
+Get-ChildItem $publishpath -Recurse -ea 0 | Remove-Item -Recurse -Confirm:$false -Force -ea 0
+Get-ChildItem $publishtemp -Recurse -ea 0| Remove-Item -Recurse -Confirm:$false -force -ea 0
+
 #call build process
-& $buildbin $solutionfile "/t:Restore;Rebuild" "/property:Configuration=Release" #"/v:diag"
+& $buildbin $solutionfile "-m" "/p:DeployOnBuild=true;PublishProfile=FolderProfile;Configuration=Release" #"/v:diag" "/t:Restore;Rebuild"
 if ($LASTEXITCODE -ne 0) { Write-Warning "Build Failed"; return}
 
 $curver = [System.Diagnostics.FileVersionInfo]::GetVersionInfo($dllfile).FileVersion
@@ -36,17 +41,20 @@ $outfile = "$outpath\webjea-$curver.zip"
 if ((Test-Path $outfile)) { Remove-Item $outfile }
 Write-Host "Target File; $outfile"
 
+write-host "Copy to temp directory"
 & robocopy.exe /mir $publishpath $publishtemp\site
-Push-Location $publishtemp
-& "$buildpath\zip.exe" -D -r -o $outfile .
-Pop-Location
 
-Push-Location $packagepath
+write-host "Merge starter files"
+copy-item $packagepath\* -dest $publishtemp -recurse -force
+
+write-host "Archive temp directory"
+Push-Location $publishtemp
 & "$buildpath\zip.exe" -D -r -o $outfile .
 Pop-Location
 
 
 write-host -foreground cyan "Output file: $outfile"
+write-output $outfile
 #####zip structure
 #dscConfig.inc.ps1
 #dscDeploy.ps1

Build/Template/DSCConfig.inc.ps1

@@ -0,0 +1,195 @@
+$ErrorActionPreference = "Stop"
+Configuration WebJEADeployment {
+
+    Import-DscResource -ModuleName PSDesiredStateConfiguration
+    #Import-DSCResource -ModuleName WebAdministrationDSC
+    Import-DSCResource -ModuleName xWebAdministration
+    Import-DSCResource -ModuleName xXMLConfigFile
+    Import-DscResource -ModuleName cUserRightsAssignment
+
+    Node $AllNodes.where{$_.role -eq "WebJEAServer"}.nodename {
+
+        #Install Necessary Windows Features
+        $WFs = @("Web-WebServer","Web-Default-Doc","Web-Http-Errors","Web-Static-Content","Web-IP-Security","Web-Security","Web-Windows-Auth","Web-Net-Ext45","Web-Asp-Net45","NET-Framework-45-Core","NET-Framework-45-ASPNET","Web-Stat-Compression","Web-Dyn-Compression","Web-HTTP-Redirect")
+        foreach ($WF in $WFs) {
+            WindowsFeature "WF_$WF" {
+                Ensure = 'Present'
+                Name = $WF
+            }
+        }
+
+        #build app pool
+        xWebAppPool "WebJEA_IISAppPool" {
+            Name = $node.WebAppPoolName
+            Ensure = 'Present'
+            State = 'Started'
+            autoStart = $true
+            managedPipelineMode = 'Integrated'
+            managedRuntimeVersion = 'v4.0'
+            identityType = 'SpecificUser'
+####1/3
+            loadUserProfile = $true #this is necessary to be able to create remote pssessions and import them
+        }
+
+####2/3
+        #this is how we use the GMSA without specifying a PW we don't know.  If using a regular user account, disable this and use the built-in credential support in xWebAppPool
+        Script ChangeAppPoolIdentity {
+            GetScript = { return @{ AppPoolName = "$($using:Node.WebAppPoolName)" }}
+            TestScript = {
+                import-module webadministration -verbose:$false
+                $pool = get-item("IIS:\AppPools\$($using:Node.WebAppPoolName)")
+                return $pool.processModel.userName -eq $using:Node.AppPoolUserName
+            }
+            SetScript = {
+                import-module webadministration -verbose:$false
+
+                $pool = get-item("IIS:\AppPools\$($using:Node.WebAppPoolName)");
+
+                $pool.processModel.identityType = [String]("SpecificUser");
+                $pool.processModel.userName = [String]($using:Node.AppPoolUserName)
+                $pool.processModel.password = [String]($using:Node.AppPoolPassword)
+
+                $pool | Set-Item
+            }
+            DependsOn = "[xWebAppPool]WebJEA_IISAppPool"
+        }
+
+
+        #add webjea content
+        File WebJEA_WebContent {
+            Ensure  = "Present"
+            SourcePath = $node.WebJEASourceFolder + "\site"
+            DestinationPath = $node.WebJEAIISFolder
+            Recurse = $true
+            Type = "Directory"
+			MatchSource = $true #always copy files to ensure accurate
+			Checksum = "SHA-256"
+        }
+
+        #build webjea web app subdirectory
+        xWebApplication "WebJEA_IISWebApp" {
+            Website = 'Default Web Site'
+            Name = $node.WebJEAIISURI
+            WebAppPool = $node.WebAppPoolName
+            PhysicalPath = $node.WebJEAIISFolder
+            AuthenticationInfo = MSFT_xWebApplicationAuthenticationInformation {
+                Anonymous = $false
+                Basic = $false
+                Digest = $false
+                Windows = $true
+            }
+            PreloadEnabled = $true
+            ServiceAutoStartEnabled = $true
+            SslFlags = @('ssl')
+
+            DependsOn='[WindowsFeature]WF_Web-WebServer'
+        }
+
+
+
+
+        #configure SSL
+        xWebsite "DefaultWeb" {
+            Ensure = "Present"
+            Name = "Default Web Site"
+            State = "Started"
+            BindingInfo = @(MSFT_xWebBindingInformation {
+                Protocol = 'https'
+                Port = '443'
+                CertificateStoreName = 'MY'
+                CertificateThumbprint = $node.CertThumbprint
+                HostName = $node.machinefqdn
+                IPAddress = '*'
+                SSLFlags = '1'
+            }#;
+            # MSFT_xWebBindingInformation {
+            #     Protocol = 'https'
+            #     Port = '443'
+            #     CertificateStoreName = 'MY'
+            #     CertificateThumbprint = $node.CertThumbprint
+            #     HostName = $node.nodename
+            #     IPAddress = '*'
+            #     SSLFlags = '1'
+            # };
+            #MSFT_xWebBindingInformation {
+            #     Protocol = 'http'
+            #     Port = '80'
+            #     HostName = $null
+            #     IPAddress = '*'
+            # }
+            )
+            DependsOn=@('[WindowsFeature]WF_Web-WebServer','[File]WebJEA_WebContent')
+        }
+
+
+        #set json config location in web.config
+        XMLConfigFile "WebJEAConfig" {
+            Ensure = 'Present'
+            ConfigPath = "$($node.WebJEAIISFolder)\web.config"
+            XPath = "/configuration/applicationSettings/WebJEA.My.MySettings/setting[@name='configfile']"
+            isElementTextValue = $true
+            Name = "value"
+            Value = $node.WebJEAConfigPath
+            DependsOn=@('[File]WebJEA_WebContent','[xWebsite]DefaultWeb')
+        }
+
+        #set nlog log location in nlog.config in iis site
+        XMLConfigFile "WebJEA_NLOGFile" {
+            Ensure = 'Present'
+            ConfigPath = "$($node.WebJEAIISFolder)\nlog.config"
+            XPath = "/nlog/targets/target[@name='file']/target"
+            isAttribute = $true
+            Name = "fileName"
+            Value = $node.WebJEA_Nlog_LogFile
+            DependsOn=@('[File]WebJEA_WebContent')
+        }
+        XMLConfigFile "WebJEA_NLOGUsageFile" {
+            Ensure = 'Present'
+            ConfigPath = "$($node.WebJEAIISFolder)\nlog.config"
+            XPath = "/nlog/targets/target[@name='fileSummary']/target"
+            isAttribute = $true
+            Name = "fileName"
+            Value = $node.WebJEA_Nlog_UsageFile
+            DependsOn=@('[File]WebJEA_WebContent')
+        }
+
+        #assign permissions to scripts folder?
+
+        #Configure Default Web Site to support SSL
+
+####3/3
+        #add to logon as service
+        cUserRight WebJEA_Batch {
+            ensure = 'Present'
+            constant = 'SeServiceLogonRight'
+            principal = 'IIS APPPOOL\' + $node.AppPoolPoolName
+            dependson = @('[xWebAppPool]WebJEA_IISAppPool')
+        }
+
+        #add gmsa to iusrs
+        Group WebJEA_IISIUSRS {
+            GroupName = 'IIS_IUSRS'
+            MembersToInclude = $node.AppPoolUserName
+            Ensure = 'Present'
+        }
+
+
+        #apppool timeout in webconfig
+
+        #add starter scripts
+        File WebJEA_ScriptsContent {
+            Ensure  = "Present"
+            SourcePath = $node.WebJEASourceFolder + '\StarterFiles'
+            DestinationPath = $node.WebJEAScriptsFolder
+            Recurse = $true
+            Type = "Directory"
+			MatchSource = $true #always copy files to ensure accurate
+			Checksum = "SHA-256"
+        }
+
+
+    } #/WebJEAServer
+
+
+}
+

Build/Template/DSCDeploy.ps1

@@ -0,0 +1,61 @@
+param ([switch]$fast)
+$ErrorActionPreference = "Stop"
+
+$MyData = @{
+    AllNodes = @(
+        @{
+            NodeName = '*'
+            WebAppPoolName = 'WebJEA'
+            AppPoolUserName = 'domain1\gmsa2$'
+            AppPoolPassword = "" #no credential data is actually password because we're using gMSAs
+            #if you use a non-msa, use another method to set the apppool identity
+            WebJEAIISURI = 'WebJEA'
+            WebJEAIISFolder = 'C:\inetpub\wwwroot\webjea'
+            WebJEASourceFolder = 'C:\source'
+            WebJEAScriptsFolder = 'C:\scripts'
+            WebJEAConfigPath = 'C:\scripts\config.json' #must be in webjeascriptsfolder
+            WebJEALogPath = 'c:\scripts'
+            WebJEA_Nlog_LogFile = "c:\scripts\webjea.log"
+            WebJEA_Nlog_UsageFile = "c:\scripts\webjea-usage.log"
+        },
+        @{
+            NodeName = 'WEB1'
+            Role = 'WebJEAServer'
+            MachineFQDN = 'web1.domain1.local'
+            CertThumbprint = '50495F09B2DC05DB9BB47D834623D38508A50524'
+        }
+    )
+}
+
+
+if (-not $fast) {
+    #install necessary powershell modules
+    write-host "Configuring Package Provider"
+    install-packageprovider -name nuget -minimumversion 2.8.5.201 -force
+    write-host "Trusting PSGallery"
+    set-psrepository -Name psgallery -InstallationPolicy trusted
+    #####install-module WebAdministrationDSC
+    write-host "Installing DSC Modules"
+    install-module xwebadministration
+    install-module xXMLConfigFile
+    install-module cUserRightsAssignment
+}
+
+#create the group MSA account
+#add-kdsrootkey -effectivetime ((get-date).addhours(-10))
+#new-ADServiceAccount -name gmsa1 -dnshostname (get-addomaincontroller).hostname -principalsallowedtoretrievemanagedpassword mgmt1
+#install-adserviceaccount gmsa1
+#add-adgroupmember -identity "domain1\domain admins" -members (get-adserviceaccount gmsa1).distinguishedname
+#at a later time, grant gmsa1 the permissions you want.
+
+#cd wsman::localhost\client
+#Set-Item TrustedHosts * -confirm:$false -force
+#restart-service winrm
+
+
+write-host "Building Configuration"
+. $PSScriptRoot\DSCConfig.inc.ps1
+WebJEADeployment -ConfigurationData $MyData -verbose -OutputPath .\WebJEADeployment
+
+write-host "Starting DSC"
+Start-DscConfiguration -ComputerName $env:computername -Path .\WebJEADeployment -verbose -Wait -force

Build/Template/StarterFiles/config.json

@@ -0,0 +1,15 @@
+{
+    "Title": "WebJEA Demo",
+    "defaultcommandid": "overview",
+    "basepath": "c:\\scripts",
+    "LogParameters": true,
+    "permittedgroups": [".\\Administrators"],
+    "commands": [{
+        "id": "overview",
+        "displayname": "Overview",
+        "synopsis": "Congratulations, WebJEA is now working!  We've pre-loaded a demo script that will help you verify everything is working.  <br/><i>Tip: You can use the synopsis property of default command to display any text you want.  Including html.</i>",
+        "permittedgroups": [".\\Administrators"],
+        "script": "validate.ps1",
+        "onloadscript": "overview.ps1"
+    }]
+}

Build/Template/StarterFiles/overview.ps1

@@ -0,0 +1,36 @@
+$VerbosePreference = "Continue"
+$DebugPreference = "Continue"
+
+write-host "You can also specify a script to run each time the page loads."
+
+write-host "WebJEA supports some basic formatting like:
+Links: [[a |url|display]] -[[a|?cmdid=sample1|go to sample1]]-
+CSS tags in a span: [[span |cssclasses|content]] -[[span|psvariable|this span uses a variable width font and italicised]]-.
+Img: [[img |cssclasses|url]] [[img||./content/ps.png]]
+Nesting: [[a |url|[[img |cssclasses|url]]]] [[a|//powershell.org|[[img||./content/ps.png]]]]"
+
+Write-Host "We html encode script output for safety, <a href='see?'></a>"
+
+Write-Host "Each script runs in its own instance, so load any scripts you need each time."
+
+write-host "We honor spaces like a <pre>."
+write-host (Get-Process svchost | select -First 2 | out-string)
+
+Write-Host "WebJEA generates a usage log that documents all scripts that are run, with user and ip."
+write-host "You can also send messages directly to this log by prefixing a line with 'WEBJEA:'."
+write-host "The next write-host will not be shown but will appear in the logs."
+Write-Host "WEBJEA:This is an NLOG message"
+
+Write-Host "We also format Warning, Error, Verbose, and Debug messages."
+Write-Warning "This is a warning message"
+Write-Host "'natural' ps error:"
+12/0
+Write-Host "write-error:"
+Write-Error "This is an error message with a [[a|?cmdid=overview|link]] in it"
+Write-Verbose "This is a verbose message"
+Write-Debug "This is a debug message"
+write-host ""
+Write-Host "All of this is exposed in [[a|psoutput.css|psoutput.css]]."
+Write-Host $null
+write-host "PSVersion: $($PSVersionTable.psversion.tostring())"
+Write-Host (Get-Date).tostring()