How to create FTP User Accounts [Answered]RSS

18 replies

Last post Sep 27, 2012 01:02 PM by cdsJerry

  • How to create FTP User Accounts

    May 08, 2009 02:41 AM|DinuA|LINK

     

    I am setting up a new Windows Server 2008 x64.
    I downloaded and installed IIS 7.5.
    I have created an FTP site
    How can I assign User Accounts? The Features Pan does not contain an IIS Manager Users icon as expected.

    When I click on Edit Permissions...  I get the (E:) Properties box.  Is this normal?

    Thank you for your help.
    Dinu
  • Re: How to create FTP User Accounts

    May 08, 2009 06:09 AM|lextm|LINK

    Please don't double post.

    You can add local users to this Windows system or add new domain users if this server is in domain. Then FTP can authenticate those new users.

    Regards,

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: How to create FTP User Accounts

    May 08, 2009 09:04 AM|DinuA|LINK

     Thanks Lex Li.

    The solution with the Windows authentication is OK but it is not refined enough for the needs of our system.

    Indeed each user  has access to a different directory.  Each such directory has four subdirectories say \a \b \c \d.  The users have various permissions to these directories depending on the group they belong to.

    So, how can I get to the User Account feature in IIS Manager?

    Thanks again,

    Dinu

    Dinu
  • Re: How to create FTP User Accounts

    May 09, 2009 12:03 AM|lextm|LINK

    You may modify ACLs of the directories to prevent some users or groups from accessing them. That's a possible way I can think of at this moment.

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: How to create FTP User Accounts

    May 09, 2009 02:25 AM|DinuA|LINK

     Thanks Lex Li.

    But I am still interested in using the User Accounts described in the IIS7 literature.

    Dinu
  • Re: How to create FTP User Accounts

    May 18, 2009 03:17 AM|robmcm|LINK

    Are you referring to using the IIS Manager user accounts for FTP authentication? If so, see the following walkthrough:

    http://learn.iis.net/page.aspx/321/configure-ftp-with-iis-70-manager-authentication/

    For additional security when hosting sites with multiple users you can combine IIS Manager user accounts with FTP User Isolation, which is described in the following walkthrough:

    http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/

    FTP FTP 7 FTP7.5

    Robert McMurray [MSFT]
  • Re: How to create FTP User Accounts

    Nov 25, 2010 08:25 AM|AtronSeige|LINK

     Thanks. I knew I was missing something, but I was looking everywhere except at the local users!

  • Re: How to create FTP User Accounts

    Nov 30, 2010 11:31 AM|Tines|LINK

    Dear friends,

    When I started working with computers I was only 12 years old.

    My first computer was a Spectrum 48. After that I worked with Amstrad, Atari, XT, AT,...

    Today our company makes software with 100% Microsoft technologies (.NET, WPF, Silverlight).

    When I see how many people ask the simple question "How to create a new FTP user with FTP 7.5", realy I am scared.

    Is it realy so hard to make a user friendly IIS Manager, like thousands of simple applications on the world?

    Did you ask yourself how it is possbile and what is wrong?

    Best regards,

    Petar JASAK
    TINES - Paris - France

  • Re: How to create FTP User Accounts

    Dec 01, 2010 12:24 AM|kctt|LINK

    If you know how to use computer, i don't think it's that difficult to create ftp site and ftp user account in IIS manager.

    There's an option to  Add FTP Site and several other options like FTP Authenticaion, FTP Authentication Rules.

    Looking into details of those options will give an idea how to accomplish the mission setup ftp account.

  • Re: How to create FTP User Accounts

    Dec 02, 2010 09:03 AM|andreas205|LINK

    @Petar JASAK I register to the site, just to comment to your post (So Petar this is my first post also). Petar, I think this is one of the most IMPORTANT posts I read in a very long time. This question show us, why the last 5-10 years, we do have an explosion of Apple (iPhone), Google and other companies instead of Microsoft. This question actually is about the future of Microsoft and NOT about an ftp server issue !!!! I'm using computers and work in IT for a very long time, and I consider myself very experienced in technology in general. I ended up here looking for a simple/easy/quick way to add users to an IIS ftp server. Andreas Athens - Greece
  • Re: How to create FTP User Accounts

    Dec 02, 2010 09:05 AM|andreas205|LINK

    PS trying to register to the forum, I used my Microsoft live credentials. Then the site informed me that I'm a new user. So I had to enter a username/password and then i realise that I had to click on a another link to join. But the system already knew that I was a new user. Then while I was typing my details, I quickly click on the "Accept Terms of Agreement" link, and I went to the agreement (i didn't want to). And then I had to close the window and click on the checkbox to the left of the text. Do the developers work for Microsoft or what ? (also something is wrong and all the text appears in a single line)
  • Re: How to create FTP User Accounts

    Dec 02, 2010 01:54 PM|robmcm|LINK

    @Petar and @Andreas,

    Creating users for FTP is really very, very simple - and we have multiple ways to do that:

    • Create local or domain Windows accounts and set FTP authorization rules. (Very simple to set up and manage.)
    • Create IIS Manager users for FTP and set FTP authorization rules. (Very simple to set up and manage.)
    • Create .NET membership users for FTP. (More difficult to set up.)
    • Create custom authentication providers for FTP and implement your own security any way you want. (This is not difficult if you've done any basic .NET programming.)

    That being said, all of this is documented in multiple places, including the built-in FTP help file, so I will give you some things to look at. But please bear in mind - working with local or domain Windows accounts or IIS Manager users with FTP authorization rules usually takes less than a minute or so to set up. If you have not done this before, then I suggest looking at the walkthroughs that I will list in this post. Once you've gone through the walkthroughs, it will only take you a few seconds in the future to create accounts and set up authorization. If you're adept at scripting, you can automate all of the steps.

    First, I discuss how to configure FTP with IIS 7 Manager Authentication in the following walkthrough. Most of this walkthrough discusses installing the IIS Management Service and creating an FTP site from scratch. If you have already done both of those, you can skip all of that and just read the sections that are titled "Step 2: Configure the IIS Management Service and Add an IIS 7 Manager" and "Step 2: Configure the FTP Site to Use IIS 7 Manager Authentication" - those are the shortest parts of the walkthrough.

    You can also use .NET Membership authentication with the FTP service, although this is admittedly more difficult to set up originally. However, once you have it set up, it's pretty easy to manage.

    Although some might consider writing your own authentication provider more of an advanced topic, I've written several walkthroughs that discuss creating custom authentication providers in detail. This takes a little more work to do it the first time, but you will find that it's pretty easy to do. You can use the free Visual Studio Express packages to create your own authentication providers that store usernames and passwords anywhere that you want to manage them; for example, SQL databases, XML files, etc.

    (Notes: More often than not, I prefer to create my own custom authentication providers for FTP because it's very easy to do, and I don't like giving out Windows accounts if I don't have to. My favorite custom provider to use is the XML database provider, and I use a different XML file for each FTP site. In addition, I wrote a blog post titled that discusses using the free Visual Studio Express packages titled "FTP 7.5 Extensibility and Visual Studio Express Editions.")

    Lastly, I discuss the advantages and disadvantages of each different account type in the following blog that I wrote some time ago. I would suggest reading that blog if you ever have any question as to which type of accounts you should use.

    I would suggest trying out some of the walkthroughs that I have listed, and you will quickly discover that it's really very easy to create user accounts for FTP.

    Robert McMurray [MSFT]
  • Re: How to create FTP User Accounts

    Sep 23, 2011 01:55 PM|cdsJerry|LINK

     I've been running computers for 35 years now and have set up countless desktop systems and about half a dozen Windows servers.  It STILL isn't easy to set up FTP on a Windows machine.  IIS 7.5 doesn't handle it the way earlier versions do.   I've spent over 15 hours now trying to get this FTP server set up and it still doesn't work.  There's a permissions problem somewhere as I can log in but I can't get a directory listing.

    But even getting to this point has required reading dozens of pages and watching many help videos all of which stop short of telling all the steps and several of which required copying and pasting command prompts over to try to configure the Windows firewall.   

    Telling Windows to set up and FTP is simple. Making it actually work is not. Microsoft has failed when it comes to FTP.  Even the IIS.net official instructions point out that Microsoft has failed to come up with a way to set up and configure FTP without extensive command line modifications.

    Now... I need to get back to trying to get this to work.

  • Re: How to create FTP User Accounts

    Sep 23, 2011 02:20 PM|robmcm|LINK

    As you mentioned in your post, if you can log in but you can't get a directory listing, then more than likely you have an issue with a firewall - even if you're on the same machine. Yes - there are additional steps beyond installing the FTP that are required to enable FTP to work through a firewall, and those security settings are there by design; the alternative is leaving your server open to attack, which is even less desirable.

    You mentioned using command-line instructions in articles such as the following:

    http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/

    The reason why I chose to use the command-line in articles such as that is because of its simplified ease-of-use for end users; you could configure all of the same firewall settings through the Windows Firewall user interface, but in this particular scenario it was much, much easier to condense what might be thirty or forty user interface steps into a single command-line.

    There is also one additional item to consider - which FTP client are you using? If you are using the built-in Windows command-line FTP client, then you are likely to have issues when a firewall is involved, and here's why - the built-in Windows FTP client only uses Active FTP, which is very firewall-unfriendly. Most third-party FTP clients use Passive FTP, which works well with firewalls. So chances are, if you're using the FTP client that ships with Windows, you may already have your server correctly configured, and it's the client that's having issues.

    That being said, I wrote a blog series on FTP clients where I reviewed several clients and listed what worked well and what didn't, and here are the clients that I would currently recommend using instead of Windows' built-in command-line FTP client:

    Robert McMurray [MSFT]
  • Re: How to create FTP User Accounts

    Sep 23, 2011 03:54 PM|cdsJerry|LINK

     Thank you for the reply.  I FINALLY got it working.. mostly.  It was not the firewall after all, it was Windows permissions on the folder where the FTP files were located.  I had to manually add permissions for my Windows FTP user.   I would have thought Windows would have done that when it set the FTP Authorization Rules in IIS 7.5 but it did not.  Manually adding the user now allows the folders and files to display properly.

       I think it just reinforces the point that Windows isn't as easy as it probably should be.

      I still have one task to try to complete but I should probably start another thread. It's related to this topic however because Windows doesn't easily allow me to let a user SEE the contents of the folder but NOT be able to copy them.  This is very valuable in an FTP environment where you want them to be able to verify the file copied, but not allow someone else to download that file.   

    Customer uploads private data to us for our use. They don't want others to use it, just us. Need to be able to upload and verify.  Trouble is, in Windows IIS 7.5, if you can see it, you can download it.  Poor decision by Microsoft.

  • Re: How to create FTP User Accounts

    Sep 26, 2012 05:06 PM|atardio|LINK

    @cdsjerry - did you ever get this setup to work? I am trying to do the exact same thing. I want a mixed environment... 1. Full access for AD users (internal) 2. Read only access for local "guest" accounts (external)
  • Re: How to create FTP User Accounts

    Sep 27, 2012 08:18 AM|cdsJerry|LINK

     After doing a LOT of research and spending a couple of days trying different things I finally concluded that it could no longer be done.  It worked great in earlier verisons of Windows Server but I was unable to get it to work with Windows Server 2008.  

     I then installed Filezilla Server because in researching above so many people seemed happy with it.  It installed quickly, easily, and it's worked perfectly.  In addition it's much easier to set up FTP users in Filezilla than it was in any Windows version I have ever done.  It has worked so well in fact that I felt a bit stupid for having wasted so much time and effort trying to get Windows Server 2008 to do this.

     I should also mention that setting up a user in Filezilla is independent of setting up a Windows user so you have less risk because permissions of everything else is not touched.   All those FTP customers don't have Windows user names at all.

    It's also so simple to set up folder permissions that it's a piece of cake to create a folder for common customers and give them read/write access to only their folder but not someone else's.  This program works better than FTP ever has on any version of Windows.

     Being an IIS forum this comment may get deleted. I don't know.  I do know that I tried my best to solve this solution with Windows and  after investing much time and effort I learned there was a better way.  I've been using it since and am very happy with it.  Each time I use it I think about my efforts to get IIS to do the same thing and remember the frustration.

     I have NOTHING to gain from suggesting FileZilla. I do not own it, have no involvement with it other than mentioned above. I'm just a very happy user. 

    FTP filezilla Windows 2008 R2

  • Re: How to create FTP User Accounts

    Sep 27, 2012 12:28 PM|robmcm|LINK

    Thanks, cdsJerry - rest assured, your comments won't be deleted; hearing problems from customers is part of the reason for why these forums exist. I would like to point out, however, that everything that you mentioned in your last post that you are doing with FileZilla is 100% possible with the FTP server in Windows Server 2008; I have set up that same configuration literally hundreds of times on dozens of web servers.

    FWIW - I appear to be much like you in that I prefer not to hand out Windows accounts, which is why I often use either the IIS Managers authentication provider that we added in Windows Server 2008, or I use an authentication provider that I've written myself. In any case, that is why I posted the instructions for setting up authentication for IIS Managers earlier in this thread - I prefer not to hand out Windows user accounts if I don't need to.

    You are correct, however, that the FTP service does not set physical ACLs when you add users to the authorization settings; IIS has never set physical ACLs on the file system when you make changes to authorization settings, and there is a long list of reasons why this is the case. The closest feature that IIS has had to that is in the Windows Server 2000 version of IIS, which we had a Permissions Wizard that allowed customers to opt-in to setting ACLs through IIS; customers hated that feature, so we dropped it in Windows Server 2003.

    Thanks again for the feedback.

    Robert McMurray [MSFT]
  • Re: How to create FTP User Accounts

    Sep 27, 2012 01:02 PM|cdsJerry|LINK

     I struggled for so long to create the folders with restricted permissions like that.  I'd done it before with no problem but nothing I tried would make it work in Windows2008.  I read and posted threads about there here as well as other boards and was never able to make it work.

     I'm glad you could as it's something of a no-brainer in terms of need.  It was just so easy and I'd worked so hard and been unable to in iis.

    Thanks for all you do here btw.  I only own a couple of servers.  I really appreciate the help I've been able to get here.  It's an excellent source of good information.