CACLS "C: inetpubftprootftp.iis-digest.com" / G IUSR: R / T / E
Figure A: Command prompt window and cacls command
The above command changes the permissions on the ftp.ii-digest.com directory and adds the read and execute permissions for the IUSR account.
IUSR user is a new account in Windows Server 2008 that is used for IIS 7.0, replacing the old IUSR_machinename account that was included with Windows Server 2003 and IIS 6.0 previously.
FTP configuration
1. Start IIS Manager at Start - Administrative Tools - Intern et Information Service (IIS) Manager .
2. In IIS Manager, under Sites, click Add FTP Site .
Figure B: Adding FTP Site .
3. Add FTP Site Wizard to be called and in the first dialog box, enter the FTP Site name and physical path, created earlier:
Figure C: Add FTP Site Wizard - enter the site information
Figure D: Add FTP Site Wizard - Enter Binding and SSL settings
4. Enter the IP address information for the FTP Site and pair the port, using the default port 21. In case you know that you are working and if your application may need to use another port instead of this default port, you can change it here.
5. There is a new problem with FTP Publishing Service that it supports virtual host naming, which is similar to using host headers on a website. A virtual host (virtual host) like ftp.iis-digest.com means that it allows multiple FTP sites to be configured on an IP address and there are no conflicts with the connection.
6. SSL is also a new feature supported by FTP Publishing Service, by combining SSL and FTP, the server will provide FTPS support. By selecting an SSL certificate during the configuration process, the FTP Site will be provided as a secure site, so all traffic will be encrypted. Since there is no SSL certificate for this FTP site, the above example will be ' Allow SSL '.
7. Set up anonymous authentication to provide anonymous access to the new ftp site used as an example in this article.
Figure E: Add FTP Site Wizard - Set up authentication and permissions information
8. Add the permissions settings used for this ftp site, set it to ' Anonymous users ' and Read (only) terms.
9. The new ftp site has been configured and can be seen in IIS Manager
Figure F: IIS Manager - the image of the new ftp site
10. Check the new FTP site: in this example we log into the test site ftp.iis-digest.com with an anonymous user. With FTP 7 using virtual headers, the login needs to be formatted like this: ' ftp.iis-digest.com | anonymous ':
Figure G: Command prompt window - ftp connection test
There are many ways to configure users for an ftp site in a secure way and it is not recommended to use anonymous authentication levels in production. The FTP protection issue will be covered in the next part of this series.
Configure the new FTP site with script and command line
With IIS 7.0 and the new FTP 7, you can completely script and automate a lot of management operations of IIS and FTP. This section will show you how to perform the creation and configuration of the new FTP site using the command line and script.
Using the new command line tool AppCMD.exe, the command and parameters for creating a new FTP site are:
appcmd add site /name:"ftp.iis-digest.com ftpsite "/bindings:ftp://ftp.iis-digest.com:21 /physicalpath:"c:inetpubftprootftp.iis-digest.com /ftpServer.security. ssl.dataChannelPolicy: SslAllow "
Figure H: Command prompt window - using appcmd management tool
Also, it can be done using new PowerShell and PowerShell Provider for IIS 7.0. You need to install PowerShell 1.0 on Windows Server 2008 with the new PowerShell Provider for IIS 7.0. PowerShell Provider can be downloaded from www.iis.net. Both need to be installed to provide connectivity and commands to manage IIS 7.0 and FTP 7 using PowerShell.
There is also a more programmable interface for IIS 7.0 management, the interface is Microsoft.Web.Administration. For more information about this interface, please look at the official IIS website (www.iis.net), in this article we will not mention it.
Add FTP Publishing to an existing website
With IIS 7.0 and the new FTP Publishing Service, it is possible to add FTP to an existing website directly from within IIS Manager. This is a great new feature in IIS. This means that in existing hosting environments, it will be much easier to add FTP access to a website running on the web server.
With the new FTP Publishing Service, you can easily publish an FTP to an existing website and this can be done directly from within IIS Manager. In the example below, an FTP site will be added to the default website.
1. Open ' Sites ' and find the website you want to add the FTP function to, in this example, the site name is ' Default Web Site '
2. Check the website (Default Web Site) and click or from the Action panel, select ' Add FTP Publishing . ':
Figure I: IIS Manager - Select Add FTP Publishing .
3. An Add FTP Publishing Wizard dialog box will appear with the first page as ' Binding and SSL Settings ':
Figure J: Add FTP Site Wizard - Enter Binding and SSL settings
4. IP Address : Select the IP address for your new FTP site, where you can select ' All Unassigned ' or enter the IP address, or choose from the drop-down menu. In this example we used ' All Unassigned '.
5. Port : The default FTP port is Port 21, which is also the port used in this example.
6. Virtual Name : It is possible to use the host header for the FTP site as we know from the host header on the website and from the first example. In this example, it will be left blank, which means that it will respond to the IP address.
7. Select ' Allow SSL ' because there is no SSL certificate to add to the ftp site.
Figure K: Add FTP Site Wizard - Enter authentication and permissions
8. Select Basic or Anonymous authentication method for your ftp site, do not use anonymous. However, in this example we put anonymously because it is just a test site.
FTP is currently added to the existing Default web site. Check the ftp connection by connecting to the IP address or with the server using localhost.
Figure L: Check the FTP connection
Conclude
This article showed you how to configure a new FTP site and how to add FTP Publishing to an existing website. Configuration is done using IIS Manager and is also shown that it can be done via the new command line interface appcmd.exe.
In Part 3 and the last part of this series, we will introduce you to FTP security and how to secure the FTP Publishing Service.