The task was to create a FTP service for non-active directory users:
- Users have rights for all directories from the root down.
- Users have access only isolated directories under root.
Solution:
- Use windows 2008 sp 2 VM on Hyper-V
- IIS 7.0
- FTP 7.5
- IIS Manager Authentication
- FTP Virtual Host Names
- FTP User Isolation - "User Name directory (disable global virtual directories)
Notes:
- Do not forget to change security for "Network services" account (ref.3)
- Created 3 FTP sites - one for global access (ref.5) needed to enable IE connection, second for non separated FTP and third for isolated users.
- In IE7 and 8 you can use "Open FTP site in Windows Explorer" option under "Page", but you will need authenticate second time.
- To authenticate you need to type user name as pointed in (ref.4) - "ftpheader.yourdomain.com|username" or with (ref.4) "ftpheader.yourdomain.com\username". The authentiacation will take place after connection to the global FTP site (ref.5).
- Regular FTP clients can connect directly using "Virtual host names".
FTP certificate should be chosen on IIS 7.0 server level:
references:
- http://learn.iis.net/page.aspx/310/what-is-new-for-microsoft-and-ftp-75/
- http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/
- http://learn.iis.net/page.aspx/321/configure-ftp-with-iis-70-manager-authentication/
- http://blogs.iis.net/jaroslad/archive/2009/04/16/addressing-the-separator-problem-for-virtual-ftp-sites-ftp-7-5.aspx
- http://blogs.msdn.com/robert_mcmurray/archive/2008/12/17/ftp-clients-part-3-creating-a-global-listener-ftp-site.aspx
- http://learn.iis.net/page.aspx/320/using-ftp-virtual-host-names/
No comments:
Post a Comment