26 Apr 2011

IIS 7.0 - FTP Publishing Service – Part 2: Configuration

This article covers different configuration scenarios of the new FTP Publishing Service for IIS 7.0. The prerequisites of this article is that the FTP Publishing Service is already installed on Windows Server 2008. Part 1 of this article series covered how to download and install the new version of the FTP Publishing Service. This article will consist of two main configuration topics each divided into its own section:

  • How to configure a new FTP site
  • How to add FTP Publishing to an existing website

Both topics will cover configuring FTP using the GUI and the command line management tools.

The use of FTP can be different depending on the usage and the requirement for FTP in the organization. Therefore this article will cover some different scenarios.

Configure a new FTP site

There are numerous of ways to configure a new FTP site with IIS 7.0 and the new FTP Publishing Service, it is now possible to change or add an ftp site directly in the configuration xml files or by using scripting.

The first part of this section will cover configuring FTP "the GUI way" using IIS Manager and in the end I will cover configuring FTP using the command line interface. Both ways have the same end result, which is a new FTP site.

Creating a new folder

A folder needs to be prepared for FTP Publishing. It is easier to create the folder now, before continuing with the FTP configuration. Make sure the folder is configured with the correct permissions. The folder used in this example is: "D:\Inetpub\ftproot\ftp.iis-digest.com".

  1. Create the folder D:\Inetpub\ftproot\ftp.iis-digest.com
  2. Set folder permissions using calcs through a commandprompt:

CACLS "C:\inetpub\ftproot\ftp.iis-digest.com" /G IUSR:R /T /E


FIGURE A:
Command prompt and cacls command

The above command changes the permissions on the ftp.ii-digest.com folder and add read and execute permissions to the IUSR account.

The IUSR user is the new built-in account on Windows Server 2008 used for IIS 7.0, replacing the old IUSR_machinename account found previously in Windows Server 2003 and IIS 6.0.

Configuring FTP

  1. Start the IIS Manager found at Start – Administrative Tools – Internet Information Service (IIS) Manager.
  2. In IIS Manager under Sites, click Add FTP Site…


FIGURE B: Add FTP Site…

  1. The Add FTP Site Wizard starts and at the first dialog box, enter the name of the FTP Site and the physical path, created previously:


FIGURE C: Add FTP Site Wizard – Enter site information


FIGURE D: Add FTP Site Wizard – Enter Binding and SSL Settings

  1. Enter the IP address information for the FTP Site and binding on port, use default FTP port 21. In case you know what you are doing and if your application might need to use another port than the default one, you can change it here.
  2. As something new with FTP Publishing Service, it now support virtual host naming, which is the same as using host headers on website. A Virtual Host name like e.g. ftp.iis-digest.com means that it is now possible to have multiple FTP Sites configured on one IP address and no conflicting bindings on the port.
  3. SSL is also a new feature supported by FTP Publishing Service, by combining SSL and FTP, the server is providing FTPS support. By selecting a SSL certificate during configuration, the FTP Site is made available as a secure site, so all traffic will be encrypted. In the above example it should be "Allow SSL", since there is no SSL certificate for this ftp site.
  4. Set the Authentication to anonymous to provide anonymous access to the new ftp site used as example in this article.


FIGURE E: Add FTP Site Wizard – Set Authentication and Authorization Information

  1. Add the Authorization settings used for the ftp site, set it to "Anonymous users" and Read (only) permissions.
  1. The new ftp site has been configured and can been seen in the IIS Manager


FIGURE F: IIS Manager – view of the new ftp site

  1. Test the new FTP site: In this example we login to the test site ftp.iis-digest.com with an anonymous user. With FTP 7 using virtual headers, login needs to be formatted like this: "ftp.iis-digest.com|anonymous":


FIGURE G: Command prompt – test the ftp connection

There are numerous ways of configuring the users for an ftp site in a secure way and it is not recommended to use anonymous level of authentication for production. Securing FTP will be covered in my next article.

Configure a new FTP site using command line or scripting

With IIS 7.0 and the new FTP 7, it is now possible to script and automate a lot of management of IIS and FTP. This section will describe how to accomplish creating and configuring the same new FTP site as above, just using command line and scripting instead.

Using the new command line tool AppCMD.exe, the command and parameters for creating a new FTP site are:

appcmd add site /name:"ftp.iis-digest.com ftpsite" /bindings:ftp://ftp.iis-digest.com:21 /physicalpath:"c:\inetpub\ftproot\ftp.iis-digest.com /ftpServer.security.ssl.dataChannelPolicy:SslAllow"


FIGURE H: Command prompt – using the appcmd management tool

The same can be archived using PowerShell and the new PowerShell Provider for IIS 7.0. It is an requirement that PowerShell 1.0 is installed on the Windows Server 2008 along with the new PowerShell Provider for IIS 7.0. The PowerShell Provider can be downloaded from www.iis.net. Both needs to be installed to provide the connection and commands for managing IIS 7.0 and FTP 7 using PowerShell.

There is also another more programmatic interface for managing IIS 7.0, which is Microsoft.Web.Administration, more information about this interface can be found on the official IIS website (www.iis.net). The interface will not covered in this article.

Add FTP Publishing to an existing website

With IIS 7.0 and the new FTP Publishing Service it is now possible to add FTP to an existing website, directly from within the IIS Manager. This is a great new feature, not previously seen in IIS. This means that in e.g. hosting environments it is now a lot easier to add FTP access to a website already running on the web server.

With the new FTP Publishing Service it is easy to publish a FTP to an already existing website and this can be done directly within the IIS Manager. In the example below an FTP site will be added to the default website.

  1. Expand "Sites" and find the website, which you want to add FTP functionality to, in this example the site name is "Default Web Site"
  2. Mark the web site (Default Web Site) and right click or from the Action Pane choose "Add FTP Publishing…":


FIGURE I: IIS Manager – Choose Add FTP Publishing…

  1. A dialog with the Add FTP Publishing Wizard appears, first page "Binding and SSL Settings":


FIGURE J: Add FTP Site Wizard – Enter Binding and SSL Settings

  1. IP Address: Choose the IP address for your new FTP site, this can be either "All Unassigned" or you can enter the IP address or chose from the pull down menu. In this example "All Unassigned" are used
  1. Port: The default FTP port is TCP Port 21, which will also be used in this example
  1. Virtual Name: It is now possible to use host header for a FTP site, as we know from host headers on web sites and from my first example above. In this example it will be left blank, which means that it will respond to the IP address
  1. Select "Allow SSL" since there is no SSL certificate to add to the ftp site


FIGURE K: Add FTP Site Wizard – Enter Authentication and Authorization

  1. Select Basic or Anonymous authentication method for your ftp site, it is not recommended to use anonymous. In this example we use anonymous since it is a test site

FTP has now been added to the existing Default web site. Test the ftp connection by connecting to the server IP address or on the server using localhost.


FIGURE L: Testing the FTP connection

No comments:

Post a Comment