andla
asked on
Adding user to ftp folder (IIS)
I would be grateful if you could tell me how to associate a user to an ftp folder.
What i want to do is:
A user that has a username and a password should be able to access his specific folder via ftp.
He should be able to write:
ftp://username:password@xxx.xxx.xxx.xxx/ in the internet explorer and access his folder.
The question is how do i set up the permission, network or IIS so that i can add users that could access his folder that way.
Is this a problem if i'm behind a proxy?
Please help me.
Regards
Andreas
What i want to do is:
A user that has a username and a password should be able to access his specific folder via ftp.
He should be able to write:
ftp://username:password@xxx.xxx.xxx.xxx/ in the internet explorer and access his folder.
The question is how do i set up the permission, network or IIS so that i can add users that could access his folder that way.
Is this a problem if i'm behind a proxy?
Please help me.
Regards
Andreas
ASKER
Thanks Mark but i have really tried without success.
Test phases:
1. The server has a inetpub/ftproot.
the ftproot is the folder you access when you write ftp://xxx.xxx.xxx.xxx.
If i create a new folder called 'NewFolder' in ftproot this folder will be shown when i access the ftp and i can enter this folder without any permission.
2. I can create a folder outside the ftproot but this folder will not be accessed with ftp. I can set the property on this folder to share it on the web. Now i can access it with http but not ftp ?
3. I can assign the ip number to a folder by using the Microsoft Managment Console and i think this is the IIS. This is done by right click and select new.
4. In the MMC (Microsoft Managment Console) i can under bransh on 'phase 3' i can create a virtual directory or a site. If i choose to select a site then i have to assign a new ip number. I would like to avoid using new ip-numbers. If i select a new virutal directory and assign it a folder i can access this folder outside the ftproot via ftp and that is nice.
5. Now if i choose phase 4 i can change the local path to a network path and the i have the option to select a username and a password.
I was hoping phase 5. should do the thing with 'username:password@xxx.xxx
6. I can change the permission on security. If i add my own account i was hoping that 'username:password@xxx.xxx
7. If do the phase 5 and change the permission in the sharing tab adding my account and removing everyone i was hoping that 'username:password@xxx.xxx
__________________________
Questions:
What phase are intresting to look further?
I know that permission allows me add many things like groups, users, network,,, but what should i use.
What do you suggest?
Regards
Andreas.
Test phases:
1. The server has a inetpub/ftproot.
the ftproot is the folder you access when you write ftp://xxx.xxx.xxx.xxx.
If i create a new folder called 'NewFolder' in ftproot this folder will be shown when i access the ftp and i can enter this folder without any permission.
2. I can create a folder outside the ftproot but this folder will not be accessed with ftp. I can set the property on this folder to share it on the web. Now i can access it with http but not ftp ?
3. I can assign the ip number to a folder by using the Microsoft Managment Console and i think this is the IIS. This is done by right click and select new.
4. In the MMC (Microsoft Managment Console) i can under bransh on 'phase 3' i can create a virtual directory or a site. If i choose to select a site then i have to assign a new ip number. I would like to avoid using new ip-numbers. If i select a new virutal directory and assign it a folder i can access this folder outside the ftproot via ftp and that is nice.
5. Now if i choose phase 4 i can change the local path to a network path and the i have the option to select a username and a password.
I was hoping phase 5. should do the thing with 'username:password@xxx.xxx
6. I can change the permission on security. If i add my own account i was hoping that 'username:password@xxx.xxx
7. If do the phase 5 and change the permission in the sharing tab adding my account and removing everyone i was hoping that 'username:password@xxx.xxx
__________________________
Questions:
What phase are intresting to look further?
I know that permission allows me add many things like groups, users, network,,, but what should i use.
What do you suggest?
Regards
Andreas.
Look at the MMC again, do you see a FTP folder listed? Is it running? I must assume so since in 1 and 2 you say you can access them. Your problem sounds like a NT permission issue more than a FTP issue, when you state in 5 and 6 that you geta proxy error, I must guess that ports 20 & 21 are open due to the fact that you can get to the site via ftp://xx.xx.xx.xx/ by not stating login:password, what are the security accounts and Directory security on the ftp in MMC?
ASKER
"Look at the MMC again, do you see a FTP folder listed? Is it running? I must assume so since in 1 and 2 you say you can access them."
Yes no problem when accessing through ftp.
Your problem sounds like a NT permission issue more than a FTP issue, when you state in 5 and 6 that you geta proxy error, I must guess that ports 20 & 21 are open due to the fact that you can get to the site via ftp://xx.xx.xx.xx/ by not stating login:password, what are the security accounts and Directory security on the ftp in MMC?
I checked the 'FTP Service Master Properties for TheServer'
Directory Security
By default all computers will be granted access.
Security Accounts
[x]Allow Anonymous Connection
UserName IUSR_INTERNET
No password
[x] Allow only anonymous connection
[x] Enable Automatic Password Sync
FTP Site operators
Grant operator privileges to Windows NT User Accounts for this ftp site only
[Administrators]
Yes no problem when accessing through ftp.
Your problem sounds like a NT permission issue more than a FTP issue, when you state in 5 and 6 that you geta proxy error, I must guess that ports 20 & 21 are open due to the fact that you can get to the site via ftp://xx.xx.xx.xx/ by not stating login:password, what are the security accounts and Directory security on the ftp in MMC?
I checked the 'FTP Service Master Properties for TheServer'
Directory Security
By default all computers will be granted access.
Security Accounts
[x]Allow Anonymous Connection
UserName IUSR_INTERNET
No password
[x] Allow only anonymous connection
[x] Enable Automatic Password Sync
FTP Site operators
Grant operator privileges to Windows NT User Accounts for this ftp site only
[Administrators]
Let me get this straight, you can access the base ftp directory using ftp://username:password@xx.xx.xx.xx. but if you try ftp://username:password@xx.xx.xx.xx./virtual_directory you get a proxy error?
ASKER
No
I have not ever been able to use the username:password@xxx.xxx.
The most important thing is that i can create virtual directorys that has an authentication check (popping up an user /pass window or just skip that by using user:pass@ on the url...same thing)
Regards
Andreas
I have not ever been able to use the username:password@xxx.xxx.
The most important thing is that i can create virtual directorys that has an authentication check (popping up an user /pass window or just skip that by using user:pass@ on the url...same thing)
Regards
Andreas
Oh... it's not the same thing, when you are using the the authentication check on the virtual directory, you are requesting NT authentication, when you try passing the username:password through the browser, I believe you are bypassing the NT authentication.
Have you tried FTP via the DOS prompt, or with WS_FTP?
M
Have you tried FTP via the DOS prompt, or with WS_FTP?
M
ASKER
What do you mean with WS_FTP?
Isn't accessing ftp with user:pass@ and using a FTP client the same thing but with the client you can upload files.
Regards
Andreas
Isn't accessing ftp with user:pass@ and using a FTP client the same thing but with the client you can upload files.
Regards
Andreas
Not exactly sure 'bout this, but I bet the browser has some control over connections and such. Which is why I ask if you can connect through a DOS prompt? This completely by-passes the browser. Have you checked with your IS dept. to see what resrictions are set on the proxy server or firewall?
ASKER
If i run the FTP command on the dos prompt and write open xxx.xxx.xxx.xxx it says that i'm connected. But if i whant to get a list of files with 'dir' i says i must enter the password. I don't know what password it does need because i don't have any password configured on the folder the ip is assigned with. If i try to enter a password nothing happends (normally the cursor moves but nothing happends at all until i press enter). The truth is that i never use the FTP commando.
What shall i do?
What do you mean with IS dept? Not very good with English.
Don't give up on me :-)
Regards Andreas
What shall i do?
What do you mean with IS dept? Not very good with English.
Don't give up on me :-)
Regards Andreas
Are you logging onto a NT domain? When FTP is asking you for a password, it is saying you do not have access to the directory.
Try this;
1) DOS prompt, type 'ftp xxx.xxx.xxx.xxx' (without the quotes and with your ftp server IP address)
2) It will tell you you are connected to xxx.xx.xxx.xxx and ask you to enter a username.
3) Enter a valid username
4) if the server states, 'enter your email as a password', this means the anonymous account is open for the directory, if it asks for a password, enter a valid password for the user you entered above.
If all goes well you will see a prompt that looks like 150> You can now type 'ls' FTP has it's own set of commands, UNIX type if your familiar with it, you cna always type ? to ge ta list of commands.
When I say 'IS dept', I am refering to your Information Systems dept, these are the guys who handle all the networking and peripherial systems.
Good luck,
Mark
Try this;
1) DOS prompt, type 'ftp xxx.xxx.xxx.xxx' (without the quotes and with your ftp server IP address)
2) It will tell you you are connected to xxx.xx.xxx.xxx and ask you to enter a username.
3) Enter a valid username
4) if the server states, 'enter your email as a password', this means the anonymous account is open for the directory, if it asks for a password, enter a valid password for the user you entered above.
If all goes well you will see a prompt that looks like 150> You can now type 'ls' FTP has it's own set of commands, UNIX type if your familiar with it, you cna always type ? to ge ta list of commands.
When I say 'IS dept', I am refering to your Information Systems dept, these are the guys who handle all the networking and peripherial systems.
Good luck,
Mark
ASKER
1) Enterning ftp xxx.xx.xxx.xxx
2)
3) Entering username 'anonymous'
4) Entering password (nothing happends)
Ok i can use the ls or dir commando.
1) Enterning ftp xxx.xx.xxx.xxx
2)
3) Entering my account username(adminstrator level)
4) Entering my account password
This ends up with a fail to access.
Ok i hope we are on the way :-)
Regards
Andreas
2)
3) Entering username 'anonymous'
4) Entering password (nothing happends)
Ok i can use the ls or dir commando.
1) Enterning ftp xxx.xx.xxx.xxx
2)
3) Entering my account username(adminstrator level)
4) Entering my account password
This ends up with a fail to access.
Ok i hope we are on the way :-)
Regards
Andreas
Check the FTP permissions, I find it wierd that anonymous can access the directory but administrator cannot. You need to make sure that you have rights to access the FTP directory. From the MMC, right click on the ftp folder, select the properties listing. Check the permissions on the directory, ensure that you have access to it.
ASKER
When you enter something on the password field in the ftp in the dos prompt, can you se that you type anything or is it like me that the cursor doesn't move at all until the enter key is pressed ?
One reason of a problem accesing a directory is that the FTP is not configured in the right manner or that the wrong version of the FTP commando is installed.
Ok i'm in the MMC and press the right key on the ftp folder.
Oops! I had in the security account, 'allow only anonymous account' checked. When unchecking it i could access the directory with my account with the FTP commando. I had my account added in the site operators list.
I even tried to access the folder with internet explorer user:pass@xxx.xxx.xxx.xxx and that worked fine to, but (always a but) how do i access different folder with differnet users. I don't think i can add a new ftp item to the same ip. I can only add new sites or virtual directories ?
Regards
Andreas
One reason of a problem accesing a directory is that the FTP is not configured in the right manner or that the wrong version of the FTP commando is installed.
Ok i'm in the MMC and press the right key on the ftp folder.
Oops! I had in the security account, 'allow only anonymous account' checked. When unchecking it i could access the directory with my account with the FTP commando. I had my account added in the site operators list.
I even tried to access the folder with internet explorer user:pass@xxx.xxx.xxx.xxx and that worked fine to, but (always a but) how do i access different folder with differnet users. I don't think i can add a new ftp item to the same ip. I can only add new sites or virtual directories ?
Regards
Andreas
The folders have to reside under the FTP root path, I am not sure if you can assign certain folders to certain users, but play with the permissions in the FTP properties. You really do want to turn off anonymous access to the FTP directory, allow only users who have been granted access.
You can have as many FTP folders as you want, right click on the server icon inn the MMC, select 'New' 'FTP Site', I'm not sure if you can have multiple accounts set-up for the directories, but paly with it...
You can have as many FTP folders as you want, right click on the server icon inn the MMC, select 'New' 'FTP Site', I'm not sure if you can have multiple accounts set-up for the directories, but paly with it...
ASKER
I have played with the controls but i found no options to do what i whant to do.
If i create a new site it will ask for the ip number. If i enter the same ip number as the default ftp site the new site will be stopped. When trying to start it i will not work.
When creating a virtual folder with a network share i must enter username and password. But this will have no effect when using ftp://.
What are admins using when hosting webpages? Is the IIS the wrong alternative?
Regards Andreas
If i create a new site it will ask for the ip number. If i enter the same ip number as the default ftp site the new site will be stopped. When trying to start it i will not work.
When creating a virtual folder with a network share i must enter username and password. But this will have no effect when using ftp://.
What are admins using when hosting webpages? Is the IIS the wrong alternative?
Regards Andreas
Don't enter the same IP address, use "All Unassigned"
ASKER
It does the same even if i use "All Unassigned"
If i try to create a new site in the working directory the new site will not be in that tree node instead a new node is created. That new node will be automatically stopped and if i try to start it, a message telling me that this site's ip is in collision with another.
If i try to create a new site in the working directory the new site will not be in that tree node instead a new node is created. That new node will be automatically stopped and if i try to start it, a message telling me that this site's ip is in collision with another.
Yup, you can only have one FTP site active at any one time. You will need to play with group and user privilagees on the FTP directory in order to get it right.
ASKER
Thanks mqfranz!
I added a folder in the running ftp folder.
I accessed the folder setting and in the security tab i exchanged the 'everybody full control' setting with only my user account. After that change i can access the folder with user:pass@ but i have to add the folder name.
I have not tested if this work from outside the firewall. Perhaps instead of using LAN i must use a dialup connection to internet to enter the ftp simulation a normal user login.
How do i automatically make the user dropped in the folder associated with the user?
Regards
Andreas.
I added a folder in the running ftp folder.
I accessed the folder setting and in the security tab i exchanged the 'everybody full control' setting with only my user account. After that change i can access the folder with user:pass@ but i have to add the folder name.
I have not tested if this work from outside the firewall. Perhaps instead of using LAN i must use a dialup connection to internet to enter the ftp simulation a normal user login.
How do i automatically make the user dropped in the folder associated with the user?
Regards
Andreas.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks! :-)
Regards
Andreas
Regards
Andreas
More than likely though, it's just a permission issue.
Mark