This tutorial is about setting up IIS Ftp 7.5 using IIS Manger Users under Window 7 or Windows 2008. I also assume you want to use User Isolation of "User name directory" or similar. The documentation I have found has been scarce or incomplete. Note that this tutorial is not about showing you how to use the IIS Management UI for IIS 7.0. I assume you know how to use the IIS Management UI for IIS 7.0
Setting up an Ftp Site
Make sure you've installed
Ftp 7.5 for your operating system (32bit or 64 bit). Then set up an Ftp site. you can find a step by step
here. It's not the greatest tutorial but it should work.
User Isolation
Besides, actually setting up user isolation using the UI in IIS Manager, you also need to create a few folders and then give the user NetworkService the proper rights to these folders and to the IIS config files.
You need to create the following folders as sub folder of your Ftp site's root folder. First create a folder called
LocalUser
Then under LocalUser, create a folder called
public
Under LocalUser again, create a folder with the name of the username of a windows user on the machine. You'll use this to test the ftp site. In order to test a with a windows user, you also need o have Basic Authentication turned on for yout ftp site. Do this using the Ftp Authentication icon for the Ftp you created.
Setting up the correct permissions
To grant Special permissions to the user NetworkService to the Ftp Root folder (using a command prompt):
CACLS "%SystemDrive%\inetpub\ftproot" /G "Network Service":C /T /E
Next the user NetworkService needs to be given permission to the config folder and two config files
CACLS "%SystemDrive%\Windows\System32\inetsrv\config" /G "Network Service":R /E
CACLS "%SystemDrive%\Windows\System32\inetsrv\config\administration.config" /G "Network Service":R /E
CACLS "%SystemDrive%\Windows\System32\inetsrv\config\redirection.config" /G "Network Service":R /E
Now you should be able to log on to the ftp site you created using the credentials of a windows user.
IIS Manager Authentication
For Windows 2008 you can follow this tutorial in order to configure Ftp with IIS Manager Authentication
Configure FTP with IIS 7.0 Manager Authentication
Windows 7 does not have the UI that you'll find in Windows 2008. The other issue is that you can't simply modify the administration.config file because the password is normally saved in a hashed format.
But you can create IIS Manager Users using Managed Code. Below is a simple method you can add to your class of choice. In order for this code to work a few references need to be added to your project.
Add the following Reference Path to your project
C:\Windows\System32\inetsrv\
Then added the following References:
Microsoft.Web.Administration
Microsoft.Web.Management
Next, add the following namspaces to
using Microsoft.Web.Management.Server;
using Microsoft.Web.Administration;
The following is an explanation of the parameters this method expects.
configurationPath - This is the name of the Ftp site. So you if called your Ftp site "Default Ftp Site", then pass in this string as the first parameter
username - The username of the new user you want to create
password - the password for the new user
private void CreateFtpUser(string configurationPath, string username, string password)
{
/* First Create the User for the ftp site */
ManagementUserInfo userInfo = ManagementAuthentication.CreateUser(username, password);
ManagementAuthorization.Grant(userInfo.Name, configurationPath, false);
/* Next set up the permissions for this user (Read/Write) */
using (ServerManager serverManager = new ServerManager())
{
Configuration config = serverManager.GetApplicationHostConfiguration();
ConfigurationSection authorizationSection =
config.GetSection("system.ftpServer/security/authorization", configurationPath);
ConfigurationElementCollection authorizationCollection =
authorizationSection.GetCollection();
ConfigurationElement newElement =
authorizationCollection.CreateElement("add");
newElement["accessType"] = @"Allow";
newElement["users"] = username;
newElement["permissions"] = @"Read, Write";
authorizationCollection.Add(newElement);
serverManager.CommitChanges();
}
}
Be sure to create a sub folder under the LocalUser folder (under your ftp site's root folder)for the users you create using the code above. The username of the user and the folder name should be the same.
In order to be able to use IIS Manager Users with your Ftp site, you need to have the IisManagerAuth provider enabled for your Ftp site. Do this using the Ftp Authentication icon for your Ftp site and choose Customer Providers... from the actions pane.
At this point, you should be able to log in to your Ftp site using the users
