Configuring FTP With .NET

Author: Robert McMurrayPublished on March 09, 2008 by robmcmUpdated on November 01, 2011 by robmcmTags: FTP

Configuring FTP with .NET Membership Authentication in IIS 7

Home > Learn > Deploying Web Sites on IIS > Publishing Content to Web Sites > FTP 7 for IIS 7 > Configuring FTP with .NET MembershipAuthentication in IIS 7

Compatibility

Version NotesIIS 7.5 The FTP 7.5 service ships as a feature for IIS 7.5 in Windows 7 and Windows Server 2008 R2.

IIS 7.0 The FTP 7.0 and FTP 7.5 services were shipped out-of-band for IIS 7.0, which required downloading and installing the service fromthe following URL: http://www.iis.net/download/FTP (http://www.iis.net/download/FTP).

Introduction

Microsoft has created a new FTP service that has been completely rewritten for Windows Server® 2008. This new FTP service incorporatesmany new features that enable web authors to publish content better than before, and offers web administrators more security anddeployment options.

This document walks you through configuring your Default Web Site for FTP membership-based authentication.

Note: This document was written using an instance of SQL server that is installed on the local web server.

In This Walkthrough

Adding FTP Publishing to the Default Web Site (http://learn.iis.net/page.aspx/389/#001)

Configuring ASP.NET for Membership Authentication (http://learn.iis.net/page.aspx/389/#002)

Configuring FTP Membership Authentication (http://learn.iis.net/page.aspx/389/#003)

Prerequisites

The following items are required to complete the procedures in this article:

IIS 7.0 must be installed on your Windows Server 2008, and the following must be configured:

The Default Web Site that is created by the IIS 7.0 installation must still exist.

The Internet Information Services Manager must be installed.

1.

The new FTP service must be installed. You can download and install the FTP service from the http://www.iis.net/(http://www.iis.net/) web site using one of the following links:

FTP 7.5 for IIS 7.0 (x64) (http://go.microsoft.com/fwlink/?LinkId=143197)

FTP 7.5 for IIS 7.0 (x86) (http://go.microsoft.com/fwlink/?LinkId=143196)

2.

Set the content permissions to allow access for the extensibility COM process that handles authentication:3.

Configuring FTP with .NET Membership Authentication in IIS 7 : FTP 7 fo... http://learn.iis.net/page.aspx/389/configuring-ftp-with-net-membership-au...

1 of 9 5/13/2012 7:10 AM

Open a command prompt.

Type the following command:ICACLS "%SystemDrive%\inetpub\ftproot" /Grant "Network Service":M /T

Close the command prompt.

Adding FTP Publishing to the Default Web Site

In this first section, you add FTP publishing to the Default Web site, and add the required settings to allow the local administrator account toedit the content.

In IIS 7.0 Manager, in the Connections pane, expand the Sites node in the tree, then click the Default Web Site.1.

Click Add FTP Publishing in the Actions pane.

(/file.axd?i=823)

2.

When the Add FTP Site Publishing wizard appears:

Choose an IP address for your FTP site from the IP Address drop-down, or choose to accept the default selection of "AllUnassigned." For this walkthrough, enter the local loopback IP address for your computer by typing "127.0.0.1" in the IPAddress box. (Note: If you are using IPv6, you should also add the IPv6 localhost binding of "::1".)

Normally, you would enter the TCP/IP port for the FTP site in the Port box. For this walk-through, choose to accept the defaultport of 21.

For this walkthrough, we will not use a host name, so make sure that the Virtual Host box is blank.

3.


2 of 9 5/13/2012 7:10 AM

Make sure that the SSL Certificate drop-down is set to "Not Selected" and that the Allow SSL option is selected.

When you have completed these items, click Next.

(/file.axd?i=824) (/file.axd?i=1618)

On the next page of the wizard, you will not configure any authentication or authorization settings because these settings will beconfigured later. Click Finish to complete the wizard.

(/file.axd?i=825)

4.

Summary

To recap the items that you completed in this section -- we added FTP publishing to the "Default Web Site" by:


3 of 9 5/13/2012 7:10 AM

Adding an FTP binding for the Web site for the local loopback IP address on port 21

Choosing not to use Secure Sockets Layer (SSL) for the FTP site.

Note: You have not yet enabled any authentication or authorization settings.

Configuring ASP.NET for Membership Authentication

Configure your Local SQL Server for ASP.NET Membership

This section describes the basic process for configuring ASP.NET for membership authentication. For detailed information, please see the"Configure ASP.NET for Membership" section in the How To: Use Forms Authentication with SQL Server in ASP.NET 2.0(http://msdn2.microsoft.com/en-US/library/ms998317.aspx) topic on the MSDN web site.

If you do not have access to an existing SQL Server, you must install SQL Server.

If you do not already have an ASP.NET database created, you need to build the ASP.NET database on the SQL server using the appropriatecommand from the following list for the version of the framework that you are using:

32-bit Framework:

"%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe" -S localhost -A all -E

64-bit Framework:

"%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe" -S localhost -A all -E

Note: To use a remote SQL server instead of "localhost" as shown in the above example, see the "Deployment Considerations" section inthe How To: Use Forms Authentication with SQL Server in ASP.NET 2.0 (http://msdn2.microsoft.com/en-us/library/ms998317.aspx) topic onthe MSDN web site.

Because the COM process for FTP extensibility runs as "NT AUTHORITY\Network Service", you need to add the "NT AUTHORITY\NetworkService" account to the ASP.NET database on your SQL Server. To do so, use the following steps:

Open the SQL Server Enterprise Manager.1.

Create a SQL Server login for NT AUTHORITY\Network Service.2.

Grant the login access to the Aspnetdb database by creating a database user.3.

Add the database user to the aspnet_Membership_FullAccess database role.4.

Configure ASP.NET for FTP Membership

The following steps describe the process for configuring ASP.NET to allow membership authentication for FTP access.

Using a text editor such as Windows Notepad, open your root web.config file, which should be located at the appropriate path for theversion of the framework that you are using:

32-bit Framework:

"%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config"

64-bit Framework:

1.


4 of 9 5/13/2012 7:10 AM

"%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config"

Scroll to the bottom and paste the following code before the closing </configuration> tag:

<location path="GlobalFtpSite/ftpsvc"> <connectionStrings> <add connectionString="Server=localhost;Database=aspnetdb;Integrated Security=true" name="FtpLocalSQLServer" /> </connectionStrings> <system.web> <membership defaultProvider="FtpSqlMembershipProvider"> <providers> <add name="FtpSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FtpLocalSQLServer" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" /> </providers> </membership> <roleManager defaultProvider="FtpSqlRoleProvider" enabled="true"> <providers> <add name="FtpSqlRoleProvider" type="System.Web.Security.SqlRoleProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FtpLocalSQLServer" applicationName="/" /> </providers> </roleManager> </system.web></location>

2.

Save and close your root web.config file.3.

Summary

You have configured ASP.NET for membership authentication. To recap the items that you completed in this section, we configured yourserver by:

Configuring your Local SQL Server for ASP.NET Membership

Configuring ASP.NET for FTP Membership

Configuring FTP Membership Authentication

This section describes how to configure a membership database using the Default Web Site that is used for creating users that theFTP-based membership authentication will use later. To do so, use the following steps:

Prerequisite Steps

Open the Internet Information Services (IIS) Manager.1.

Expand your computer at the top node of the Connections tree.2.

Expand the Sites node in the tree.3.


5 of 9 5/13/2012 7:10 AM

Configuring .NET Membership Settings

Step 1: Add a Connection String

Highlight the Default Web Site in the tree and double-click Connection Strings, then follow these steps:

Click Add... in the Actions pane.1.

Configure the following options:

Name: "FtpLocalSQLServer"

Server: "localhost"

Database: "aspnetdb"

2.

Click OK.3.

Step 2: Add a Role Provider

Highlight the Default Web Site in the tree and double-click Providers, then follow these steps:

Choose .NET Roles from the drop-down.1.


Choose SqlRoleProvider from the drop-down.3.


Name: "FtpSqlRoleProvider"

Connection string name: "FtpLocalSQLServer"

Application name: "/"

4.

Click OK.5.

Step 3: Add a Membership Provider

Highlight the Default Web Site in the tree and double-click Providers, then follow these steps:

Choose .NET Users from the drop-down.1.


Choose SqlMembershipProvider from the drop-down.3.


Name: "FtpSqlMembershipProvider"

Connection string name: "FtpLocalSQLServer"

Application name: "/"

4.

Click OK.5.

Step 4: Add a Role for FTP Membership

Highlight the Default Web Site in the tree and double-click .NET Roles, then follow these steps:

You may see an error dialog about connecting. If so, click OK to close the error dialog, then configure the default provider using the1.


6 of 9 5/13/2012 7:10 AM

following steps:

Click Set Default Provider... in the Actions pane.

Choose FtpSqlRoleProvider from the drop-down.

Click OK.



Name: "ftprole"

3.

Click OK.4.

Step 5: Add a User Account for FTP Membership

Highlight the Default Web Site in the tree and double-click .NET Users, then follow these steps:

You may see an error dialog about connecting. If so, click OK to close the error dialog, then configure the default provider using thefollowing steps:

Click Set Default Provider... in the Actions pane.

Choose FtpSqlMembershipProvider from the drop-down.

Click OK.

1.



User Name: "ftpuser"

Email: "[email protected]"

Password: "P@ssw0rd"

3.

Click Next.4.

Add the user to "ftprole", then click Finish.5.

Enabling Membership Authentication for FTP

Configure FTP for Membership Authentication

Highlight the Default Web Site in the tree and double-click FTP Authentication, then follow these steps:

Click Custom Providers... in the Actions pane.1.

Check the box for AspNetAuth.2.

Click OK.3.

You can now authorize the FTP user using one of two methods:

Method 1: Configure an FTP Authorization Rule for a Membership Role

Highlight the Default Web Site in the tree and double-click FTP Authorization Rules, then follow these steps:

Click Add Allow Rule... in the Actions pane.1.


7 of 9 5/13/2012 7:10 AM

Select Specified roles or user groups for the access option.2.

Type "ftprole" for role name.3.

Select Read and Write for the Permissions option.4.

Click OK.5.

Method 2: Configure an FTP Authorization Rule for a Membership User

Highlight the Default Web Site in the tree and double-click FTP Authorization Rules, then follow these steps:

Click Add Allow Rule... in the Actions pane.1.

Select Specified users for the access option.2.

Type "ftpuser" for the user name.3.

Select Read and Write for the Permissions option.4.

Click OK.5.

Summary

To recap the items that you completed in this section, we configured your server by:

Configuring .NET Membership Settings:

Adding a Connection String

Adding a Role Provider

Adding a Membership Provider

Add a Role for FTP Membership

Adding a User Account for FTP Membership

Enabling Membership Authentication for FTP:

Configuring FTP Authentication for Membership

Configuring an FTP Authorization Rule for a Membership User

Configuring an FTP Authorization Rule for a Membership Role

Troubleshooting

If you are using Membership Roles, you may need to install the hotfix that is described in the following Microsoft Knowledgebase Article:

http://support.microsoft.com/kb/955136/ (http://support.microsoft.com/kb/955136/)

When attempting to log in, you receive the following reply:

530-User cannot log in.

Win32 error:

Error details: .Net SqlClient Data Provider: An error has occurred while establishing a connection to the server. When

connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not

allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)

530 End

Login failed.


8 of 9 5/13/2012 7:10 AM

This error is caused when you have not configured your SQL server to accept remote connections.

Related Content

Articles

Developing for FTP 7.5 and FTP 8.0 (/page.aspx/590/developing-for-ftp-75-and-ftp-80/)

FTP 7 for IIS 7 (/page.aspx/356/ftp-7-for-iis/)

FTP Extension - Video Walkthrough (/page.aspx/525/ftp-extension---video-walkthrough/)

What Is New for Microsoft and FTP in IIS 7? (/page.aspx/310/what-is-new-for-microsoft-and-ftp-in-iis-7/)


9 of 9 5/13/2012 7:10 AM

Configuring FTP With .NET

Documents

Transcript of Configuring FTP With .NET