Configure IIS for an FTP Site - Part 4

In this article, I will conclude the series of tutorials on how to configure FTP sites by introducing permissions and permissions to work in IIS 7.

Picture 1 of Configure IIS for an FTP Site - Part 4
Configure IIS for an FTP Site - Part 1
Picture 2 of Configure IIS for an FTP Site - Part 4
Configure IIS for an FTP Site - Part 2
Picture 3 of Configure IIS for an FTP Site - Part 4
Configure IIS for an FTP Site - Part 3

Brien M. Posey

In this section, I will conclude the series of tutorials on how to configure FTP sites by introducing authorization and authorization to work in IIS 7.

Introduce

In this article, I have shown you how to create an FTP site so that users can access it through a secure SSL session. SSL encryption does not require anything like you can still assume. Without proper licensing mechanisms, we can still allow anonymous users to access the FTP site. In this section, we conclude this series by introducing permissions when applied to FTP sites in IIS 7.0.

Appraisal

You may not actually perform any type of authorization unless you also perform authentication.

Open Internet Information Services (IIS) Manager, and navigate in the interface tree to | Sites | . Next, double-click the FTP Authentication icon located in the middle of the interface. As you can see in Figure A, you can enable the Anonymous Authentication or Basis Authentication option. For the purposes of the article, we have enabled the Basic Authentication option. Right-click the Basic Authentication option and then select the Enable option.

Picture 4 of Configure IIS for an FTP Site - Part 4

Figure A: You must enable basic authentication mode

Licensing

Licensing will set up user identity, but we need some steps to specify whether users will be allowed to access FTP sites. If the user has access to the site, the authorization will tell the user to perform the action they are trying to do.

There are a number of differences in licensing issues that are supported for FTP sites. You can perform authorization by IP address and domain or by user and group name.

Domain and address restrictions

Restrictions of domain names and addresses are often used when users access the site anonymously, but can be used in conjunction with basic authentication to provide an extra level of security. The addition of domain or IP address restrictions is very easy. With the FTP site selected, double-click the FTP IPv4 Address and Domain Restrictions icon in the center column.

When the console switches to Features View, right-click an empty area in the center pane, then select Add Allow Entry or Add Deny Entry from the shortcut menu. Both options work the same, but an option will increase access to a specific address or domain, while the other option will block access.

When prompted, simply enter the IP address or desired domain name for the rule. As you can see in Figure B, you can specify one or more IP address ranges.

Picture 5 of Configure IIS for an FTP Site - Part 4

Figure B: You can create a licensing rule based on IP addresses or domains

When you look at the image above, you will see that there is no field to specify the domain name. The reason for that is that domain restriction rules will add to the server's burden because each connection will require a reverse DNS lookup to specify the domain name associated with the IP address. Therefore, Microsoft has hidden this option by default.

If you want to enable domain name rules, right-click an empty area of ​​the Features View panel, then select Edit Feature Settings. Windows will then display a dialog box to allow you to set the default behavior for non-specific connections with Allow or Deny options. Besides controlling the FTP server's default behavior, the dialog also has a checkbox that you can use to enable domain restrictions, as shown in Figure C.

Picture 6 of Configure IIS for an FTP Site - Part 4

Figure C: You can use the Edit IPv4 Addresses and Domain Restriction Settings dialog box to enable domain restrictions.

FTP licensing rules

Usually, if you are going to perform basic authentication on FTP connections, you use FTP authorization rules to control who can do what. You can access FTP licensing rules by selecting your FTP site in the IIS Manager interface, then double-clicking the FTP Authorization Rules icon in the middle pane of the interface.

When the interface switches to Features view, you can create an FTP Authorization Rule by right-clicking an empty area in the middle pane of the interface, then selecting the Add Allow Rule or Add Deny Rule.

Setting up a rule is quite simple. If you look at Figure D, you will notice that a basic rule will consist of a user or a group corresponding to the rule that will use and privilege. For example, a rule can be used for All Users, all anonymous users, specific user groups (such as Admins, Users, or Guests).

Picture 7 of Configure IIS for an FTP Site - Part 4

Figure D: You must specify the user or user group, and then specify privileges

Although you can do so, it is better not to use rules for individual individuals. Managing licensing can be a concern for you. Please assign to a group or use one of the other available options.

Setting permissions is also very simple. All you need to do is choose; Read box, write checkbox or both. One thing you should keep in mind is that there are many privilege levels here. Usually, NTFS permissions are used for the directory that the FTP site is using. You have to make sure that the privileges you set up throughout IIS won't matter.

Browse the directory

However, you cannot use permission rules to control directory browsing. With that, you need to select the FTP site in the IIS Manager console, then double-click the FTP Directory Browsing icon located in the middle column.

As you can see in Figure E, you can display directory listing in MS-DOS style or in UNIX style. There is no option to disable directory work. If you want to disable directory browsing, do not assign Read permissions to users when creating permission rules.

Picture 8 of Configure IIS for an FTP Site - Part 4

Figure E: You can customize directory browsing for FTP sites to make the server look like a DOS (Windows) or UNIX server

In addition to controlling folder types, you can also choose to display virtual folders, the number of bytes available in the directory, 4 numbers showing the number of years, all by selecting the corresponding checkboxes.

Conclude

As you can see from the day series, setting up an FTP site in IIS 7.0 is quite simple. The main things you need to remember are SSL encryption without authentication and authorization, and the permissions (permissions) that you set up through the IIS interface do not override NTFS permissions.

Update 25 May 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile