Currently I study the IIS-customized FTP service toolkit and find it a little hard. I list some notes here for memorandum and share.
Introduction:
What Is New for Microsoft and FTP 7.5?
Installation & Creation:
Authentication & Authorization :
Ideally , IIS Manager Authentication is a good choice for a public per-user based FTP access environment.
Prerequisite :
Grant specific permissions to config files' directory !
%SystemDrive%\Windows\System32\inetsrv\config
---- \administration.config
---- \redirection.config
Or else IISWMSVC_AUTHENTICATION_UNABLE_TO_READ_CONFIG error might occur when a client is trying to login FTP site.
1. Choose "Windows credentials or IIS Manager credentials" in the "IIS Credentials" chrome of "Management Service" section.
IIS-HOME-->Management-->Management Service ( the Management Service should be pre-installed through "Add roles-features" operation ). What is worth mentioning is the Managment Service is unecessary to start for FTP purpose.
2. Add/Remove User for an IIS-root. A new user could only be added in the "IIS User Manager" section. This section inhabits an IIS' root and takes fundamental responsibility for "adding-removing" accounts.
4. For an "FTP Authentication" section ( locating at the FTP Site root ) , we add a "custom provider" : "IIS Manager Auth". We enable it and disable other two built-in providers ( based on windows authentication mechanism ) to ensure the whole FTP site pure IIS-based authentication policy.
3. Make permission plan for an FTP Root site . For those IIS-owned users, only the allowed are possible to access corresponding FTP site. Do this via "IIS Manager Permissions" panel. In the panel we can click "Allow user" action , select "IIS Manager" and enter a target username . Success of such operation means current location is basically visible to the account.
5. For each node of FTP Site , we should cautiously configurate it's authorization . ( FTP Authorization )
For more information please check :
Configure FTP with IIS 7.0 Manager Authentication
Isolation :
If you want a client automatically directed to his/her own directory once logining FTP site with his credentials info , meanwhile prevented from home directory , you are supposed to pick up :
Isolate Users -> User name directory ( diable global virtual directries )
in the FTP User Isolation section ( situated at FTP site root control panel )
For how to create iis-user-based / username-based virtual directory which is internally adapted assigned isolation policy , refer to :
Configuring FTP 7.5 User Isolation
Port & Firewall Configuration :
Important! Outer users are blocked from FTP site unless firewall is configged by following the guide :
Configuring FTP Firewall Settings
Note the "firewall support" in IIS-root / FTP Site-root sections.