Solved

Adding user to ftp folder (IIS)

Posted on 2000-02-29
22
740 Views
Last Modified: 2013-12-25
I would be grateful if you could tell me how to associate a user to an ftp folder.

What i want to do is:

A user that has a username and a password should be able to access his specific folder via ftp.

He should be able to write:
ftp://username:password@xxx.xxx.xxx.xxx/ in the internet explorer and access his folder.

The question is how do i set up the permission, network or IIS so that i can add users that could access his folder that way.

Is this a problem if i'm behind a proxy?

Please help me.

Regards
Andreas
0
Comment
Question by:andla
  • 11
  • 11
22 Comments
 
LVL 18

Expert Comment

by:mgfranz
ID: 2570821
If the user has permission to access the folder on the server, you hsold be able to use the string you suggest to connect him/her to the folder.  It is easy to go into eithe rthe folder permissions or the MMC to add the user.  If your proxy has blocked port 20 and 21 you will not be able to connect to the server from outside the firewall if the server is behind the proxy, or through the firewall if behind it.

More than likely though, it's just a permission issue.

Mark
0
 
LVL 1

Author Comment

by:andla
ID: 2572277
Thanks Mark but i have really tried without success.

Test phases:

1. The server has a inetpub/ftproot.
the ftproot is the folder you access when you write ftp://xxx.xxx.xxx.xxx.

If i create a new folder called 'NewFolder' in ftproot this folder will be shown when i access the ftp and i can enter this folder without any permission.

2. I can create a folder outside the ftproot but this folder will not be accessed with ftp. I can set the property on this folder to share it on the web. Now i can access it with http but not ftp ?

3. I can assign the ip number to a folder by using the Microsoft Managment Console and i think this is the IIS. This is done by right click and select new.

4. In the MMC (Microsoft Managment Console) i can under bransh on 'phase 3' i can create a virtual directory or a site. If i choose to select a site then i have to assign a new ip number. I would like to avoid using new ip-numbers. If i select a new virutal directory and assign it a folder i can access this folder outside the ftproot via ftp and that is nice.

5. Now if i choose phase 4 i can change the local path to a network path and the i have the option to select a username and a password.

I was hoping phase 5. should do the thing with 'username:password@xxx.xxx.xxx.xxx' but when i test this i got a proxy report that the password was not allowed.

6. I can change the permission on security. If i add my own account i was hoping that 'username:password@xxx.xxx.xxx.xxx' should work but when i test this i got a proxy report that the password was not allowed.

7. If do the phase 5 and change the permission in the sharing tab adding my account and removing everyone i was hoping that 'username:password@xxx.xxx.xxx.xxx' should work but when i test this i got a proxy report that the password was not allowed.
________________________________________________________________________________
Questions:

What phase are intresting to look further?

I know that permission allows me add many things like groups, users, network,,, but what should i use.

What do you suggest?

Regards
Andreas.
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2573615
Look at the MMC again, do you see a FTP folder listed?  Is it running?  I must assume so since in 1 and 2 you say you can access them.  Your problem sounds like a NT permission issue more than a FTP issue, when you state in 5 and 6 that you geta proxy error, I must guess that ports 20 & 21 are open due to the fact that you can get to the site via ftp://xx.xx.xx.xx/ by not stating login:password, what are the security accounts and Directory security on the ftp in MMC?
0
 
LVL 1

Author Comment

by:andla
ID: 2573771
"Look at the MMC again, do you see a FTP folder listed?  Is it running?  I must assume so since in 1 and 2 you say you can access them."

Yes no problem when accessing through ftp.




Your problem sounds like a NT permission issue more than a FTP issue, when you state in 5 and 6 that you geta proxy error, I must guess that ports 20 & 21 are open due to the fact that you can get to the site via ftp://xx.xx.xx.xx/ by not stating login:password, what are the security accounts and Directory security on the ftp in MMC?


I checked the 'FTP Service Master Properties for TheServer'


Directory Security
By default all computers will be granted access.


Security Accounts
[x]Allow Anonymous Connection
UserName IUSR_INTERNET
No password

[x] Allow only anonymous connection
[x] Enable Automatic Password Sync

FTP Site operators
Grant operator privileges to Windows NT User Accounts for this ftp site only
[Administrators]


0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2574241
Let me get this straight, you can access the base ftp directory using ftp://username:password@xx.xx.xx.xx. but if you try ftp://username:password@xx.xx.xx.xx./virtual_directory you get a proxy error?
0
 
LVL 1

Author Comment

by:andla
ID: 2575719
No

I have not ever been able to use the username:password@xxx.xxx.xxx.xxx and that is the sad story :-)

The most important thing is that i can create virtual directorys that has an authentication check (popping up an user /pass window or just skip that by using user:pass@ on the url...same thing)

Regards
Andreas
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2577358
Oh... it's not the same thing, when you are using the the authentication check on the virtual directory, you are requesting NT authentication, when you try passing the username:password through the browser, I believe you are bypassing the NT authentication.

Have you tried FTP via the DOS prompt, or with WS_FTP?

M
0
 
LVL 1

Author Comment

by:andla
ID: 2583178
What do you mean with WS_FTP?
Isn't accessing ftp with user:pass@ and using a FTP client the same thing but with the client you can upload files.

Regards
Andreas
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2583373
Not exactly sure 'bout this, but I bet the browser has some control over connections and such.  Which is why I ask if you can connect through a DOS prompt?  This completely by-passes the browser.   Have you checked with your IS dept. to see what resrictions are set on the proxy server or firewall?  
0
 
LVL 1

Author Comment

by:andla
ID: 2591009
If i run the FTP command on the dos prompt and write open xxx.xxx.xxx.xxx it says that i'm connected. But if i whant to get a list of files with 'dir' i says i must enter the password. I don't know what password it does need  because i don't have any password configured on the folder the ip is assigned with. If i try to enter a password nothing happends (normally the cursor moves but nothing happends at all until i press enter). The truth is that i never use the FTP commando.
What shall i do?
What do you mean with IS dept? Not very good with English.

Don't give up on me :-)

Regards Andreas
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2592453
Are you logging onto a NT domain?  When FTP is asking you for a password, it is saying you do not have access to the directory.

Try this;

1) DOS prompt, type 'ftp xxx.xxx.xxx.xxx' (without the quotes and with your ftp server IP address)
2) It will tell you you are connected to xxx.xx.xxx.xxx and ask you to enter a username.
3) Enter a valid username
4) if the server states, 'enter your email as a password', this means the anonymous account is open for the directory, if it asks for a password, enter a valid password for the user you entered above.

If all goes well you will see a prompt that looks like 150>  You can now type 'ls'  FTP has it's own set of commands, UNIX type if your familiar with it, you cna always type ? to ge ta list of commands.

When I say 'IS dept', I am refering to your Information Systems dept, these are the guys who handle all the networking and peripherial systems.

Good luck,

Mark
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:andla
ID: 2595289
1) Enterning ftp xxx.xx.xxx.xxx
2)
3) Entering username 'anonymous'
4) Entering password (nothing happends)

Ok i can use the ls or dir commando.




1) Enterning ftp xxx.xx.xxx.xxx
2)
3) Entering my account username(adminstrator level)
4) Entering my account password

This ends up with a fail to access.


Ok i hope we are on the way :-)

Regards
Andreas
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2597090
Check the FTP permissions, I find it wierd that anonymous can access the directory but administrator cannot.  You need to make sure that you have rights to access the FTP directory.  From the MMC, right click on the ftp folder, select the properties listing.  Check the permissions on the directory, ensure that you have access to it.
0
 
LVL 1

Author Comment

by:andla
ID: 2599891
When you enter something on the password field in the ftp in the dos prompt, can you se that you type anything or is it like me that the cursor doesn't move at all until the enter key is pressed ?

One reason of a problem accesing a directory is that the FTP is not configured in the right manner or that the wrong version of the FTP commando is installed.


Ok i'm in the MMC and press the right key on the ftp folder.

Oops! I had in the security account, 'allow only anonymous account' checked. When unchecking it i could access the directory with my account with the FTP commando. I had my account added in the site operators list.
I even tried to access the folder with internet explorer user:pass@xxx.xxx.xxx.xxx and that worked fine to, but (always a but) how do i access different folder with differnet users. I don't think i can add a new ftp item to the same ip. I can only add new sites or virtual directories ?

Regards
Andreas
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2601616
The folders have to reside under the FTP root path, I am not sure if you can assign certain folders to certain users, but play with the permissions in the FTP properties.  You really do want to turn off anonymous access to the FTP directory, allow only users who have been granted access.

You can have as many FTP folders as you want, right click on the server icon inn the MMC, select 'New' 'FTP Site', I'm not sure if you can have multiple accounts set-up for the directories, but paly with it...
0
 
LVL 1

Author Comment

by:andla
ID: 2604561
I have played with the controls but i found no options to do what i whant to do.
If i create a new site it will ask for the ip number. If i enter the same ip number as the default ftp site the new site will be stopped. When trying to start it i will not work.

When creating a virtual folder with a network share i must enter username and password. But this will have no effect when using ftp://.

What are admins using when hosting webpages? Is the IIS the wrong alternative?

Regards Andreas
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2605312
Don't enter the same IP address, use "All Unassigned"
0
 
LVL 1

Author Comment

by:andla
ID: 2622924
It does the same even if i use "All Unassigned"

If i try to create a new site in the working directory the new site will not be in that tree node instead a new node is created. That new node will be automatically stopped and if i try to start it, a message telling me that this site's ip is in collision with another.
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2624673
Yup, you can only have one FTP site active at any one time.  You will need to play with group and user privilagees on the FTP directory in order to get it right.
0
 
LVL 1

Author Comment

by:andla
ID: 2635870
Thanks mqfranz!

I added a folder in the running ftp folder.

I accessed the folder setting and in the security tab i exchanged the 'everybody full control' setting with only my user account. After that change i can access the folder with user:pass@ but i have to add the folder name.

I have not tested if this work from outside the firewall. Perhaps instead of using LAN i must use a dialup connection to internet to enter the ftp simulation a normal user login.
 
How do i automatically make the user dropped in the folder associated with the user?
 
Regards
Andreas.
0
 
LVL 18

Accepted Solution

by:
mgfranz earned 100 total points
ID: 2636996
This is the default path specified by the directory setting in the ftp folder.  I am not sure of the procedure on setting up a directory for a default user, but I'm sure it can be done.  Check folder and permissions stuff again.
0
 
LVL 1

Author Comment

by:andla
ID: 2639438
Thanks! :-)

Regards
Andreas
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Uploading files to the web server has become common part of almost any kind of web application. People use different technologies to solve this, but regardless of the technology used, it is always useful to have some kind of progress indicator shown…
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now