Where do I get my actual Azure Website Deployment password?

In Visual studio 2015, when I Publish my Website/Webapp to Azure, I'm able to create a new publishing profile automatically (by entering my personal Azure account credentials), this creates the .pubxml and .pubxml.user files. The deployment username is of the form "$websiteName" and the password is represented by a long series of bullet points. The .pubxml.user file contains the actual password, which is encrypted such that only my Visual Studio can read it, by decrypting it with my local Windows user account - I, as a human, have no way to see it. Also, the .user files are excluded from Source Control (but the .pubxml files are included in Source Control).

When another person on my team tries to deploy the website, they get the same deployment settings, but are prompted for the password for the "$website" account. I have no idea where to get this password from - the Azure Management portal does not display it.

If the person opens the portal and chooses to Reset the publishing profile, then they can download a new .pubxml file that contains an encrypted password that I understand only their personal Azure credentials can decrypt, but that breaks deployment for me and other users because now their saved passwords (in the .user files) is invalidated.

I understand this is a different username+password to the "Deployment Credentials" blade on the Azure portal because currently the website has no Deployment Credentials set, in addition if I were to set one, the username is different. The Portal states that those credentials are for FTP access anyway - no mention is made of the Web Deploy feature.

Solution 1:

You can get the current credentials via the Portal or PowerShell/CLI.

Azure Portal

On the portal, there is a button at the top of the webapp blade to download the publish profile (not the deployment credentials blade, but the main web app blade).

Screenshot of Azure Portal as of April 2019

Azure PowerShell

First, ensure the Azure PowerShell cmdlets are installed: https://docs.microsoft.com/en-us/powershell/azure/install-azurerm-ps?view=azurermps-6.3.0

  1. Open an elevated PowerShell window.
  2. Enter $PSVersionTable.PSVersion. Ensure the output shows you have Major version 5 or later. If this command gives you an error then you're running PowerShell v1 which is ancient at this point.
  3. Enter Install-Module -Name AzureRM (you may be prompted to update NuGet, in which case you should)
  4. Wait for it to finish installing.
  5. Enter Import-Module AzureRM
  6. Enter Connect-AzureRmAccount and complete the authentication process.
  7. Run this command to save the publishing profile to a file on disk (line-breaks added for readability, in reality put this on a single line). Set $WebAppName and $ResourceGroupName as appropriate:

        -ResourceGroupName $ResourceGroupName
        -Name $WebAppName
        -OutputFile creds.xml
        -Format WebDeploy

.publishsettings file

The .publishsettings file is an XML file (without line-breaks). Inside you'll find a document with this structure. Look for the userPWD attribute in the <publishProfile> element with publishMethod="MSDeploy". Don't use the FTP credentials (in the second <publishProfile> element) because the username is different.

The userPWD attribute value is not encrypted, but is the base64 (or base62?) encoding of completely random bytes. You can copy and paste this value directly into the credential prompt within Visual Studio's publishing wizard.

        profileName="SITE - Web Deploy"
        userPWD="YOUR PASSWORD IS HERE"                    <-- This attribute here
        <databases />

        profileName="SITE - FTP"
        <databases />

Solution 2:

If you are not familiar with PowerShell, you can try the below instruction to get the deployment username and password using the azure cli.

az webapp deployment list-publishing-profiles --name your_web_app_name --resource-group your_resource_group

enter image description here

You also add --query to retrieve the "userPWD"

az webapp deployment list-publishing-profiles --name your_web_app_name --resource-group your_resource_group --query '[].userPWD' -o tsv

Output will be like