HugoHiasl
asked on
Set up AspNetAuth on FTP with IIS7 and FTP service 7.5
Hi,
since days I try to set up IIS7 (with ftp services 7.5) to use my AspNetSqlRoleProvider to allow and deny access to the ftp server.
I found some tutorials but with both I cannot get it up and running.
http://learn.iis.net/page.aspx/389/configuring-ftp-with-net-membership-authentication/
http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/
I set up the connection string, the defaultp Provider, the user role that shall be allowed to connect and the user isolation.
If I allow anonymous access it works. If I try to login with the user credentials that work on the website (and has additionally the role that is setup to allow access) it does not work.
It does only show "530 User cannot log in. Unable to establish connection"
Any help will be apreciated
since days I try to set up IIS7 (with ftp services 7.5) to use my AspNetSqlRoleProvider to allow and deny access to the ftp server.
I found some tutorials but with both I cannot get it up and running.
http://learn.iis.net/page.aspx/389/configuring-ftp-with-net-membership-authentication/
http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/
I set up the connection string, the defaultp Provider, the user role that shall be allowed to connect and the user isolation.
If I allow anonymous access it works. If I try to login with the user credentials that work on the website (and has additionally the role that is setup to allow access) it does not work.
It does only show "530 User cannot log in. Unable to establish connection"
Any help will be apreciated
ASKER
You're right. Now It works.
But now there is one other problem.
I use user isolation. When the user "aaa" tries to log in, I get the error "530 User cannot log in. Home directory inaccessible".
The directory structure is
LocalUser
aaa
Public
When I set a role base authorization in the user isolation in the way that users with the role "ftpupload" may log in, the user directory "aaa" inherits this setting. With this setting the user "aaa" cannot log in.
When I change the authorization setting for the "aaa" directory from role based to user based and allow the user "aaa" access to it, he can log in and anything works.
But I do this, I need to setup every new user manually. I did not want that because there can be lots of users that register for the web page. I would like to automatically create the home directory when a user registers.
But now there is one other problem.
I use user isolation. When the user "aaa" tries to log in, I get the error "530 User cannot log in. Home directory inaccessible".
The directory structure is
LocalUser
aaa
Public
When I set a role base authorization in the user isolation in the way that users with the role "ftpupload" may log in, the user directory "aaa" inherits this setting. With this setting the user "aaa" cannot log in.
When I change the authorization setting for the "aaa" directory from role based to user based and allow the user "aaa" access to it, he can log in and anything works.
But I do this, I need to setup every new user manually. I did not want that because there can be lots of users that register for the web page. I would like to automatically create the home directory when a user registers.
set this up in your sign up script
when you create the user also create the home directory. drop the home directory in the sql db along with user credentials.
have your authprovider pull the home dir
when you create the user also create the home directory. drop the home directory in the sql db along with user credentials.
have your authprovider pull the home dir
ASKER
Hi Greg,
I tried to figure your tips out. But I cannot find any place in the Role- or Membership-Providers where the homepage could be retrieved from the provider.
I also cannot find a setting in the ftp server to pull the home directory from the provider.
I tried to figure your tips out. But I cannot find any place in the Role- or Membership-Providers where the homepage could be retrieved from the provider.
I also cannot find a setting in the ftp server to pull the home directory from the provider.
does the directory exist?
ASKER
I can create it when the user gets activated.
I plan to have site where a user register. This site has different roles. One of it is "ftpupload". Users with this role shall be able to upload files with user isolation. They shall not be able to see the files of other users.
I realized that I probably will be able to set up the proper rights using the IIS Management API. At the moment I try to figure out how this works.
I plan to have site where a user register. This site has different roles. One of it is "ftpupload". Users with this role shall be able to upload files with user isolation. They shall not be able to see the files of other users.
I realized that I probably will be able to set up the proper rights using the IIS Management API. At the moment I try to figure out how this works.
http://learn.iis.net/page.aspx/598/how-to-use-managed-code-c-to-create-a-simple-ftp-authentication-provider/
i'm sure you've probably been here,
we used this and added code for the connection to sql db and logging
i'm sure you've probably been here,
we used this and added code for the connection to sql db and logging
ASKER
I'm very close to what I want to achieve :-)
I'm now able to create virtual directories with the Microsoft.Web.Administrati
I found nearly anything here: http://www.iis.net/ConfigReference/system.ftpServer/security/authorization
The only last problem I face is that I can setup authorization only for the main directory. I want to do it for single sub-directories. The attached code show the example for setting it for the main directory. But how to change if I want to set it for /aaa directory?
I'm now able to create virtual directories with the Microsoft.Web.Administrati
I found nearly anything here: http://www.iis.net/ConfigReference/system.ftpServer/security/authorization
The only last problem I face is that I can setup authorization only for the main directory. I want to do it for single sub-directories. The attached code show the example for setting it for the main directory. But how to change if I want to set it for /aaa directory?
using System;using System.Text;using Microsoft.Web.Administration;
internal static class Sample
{
private static void Main()
{
using (ServerManager serverManager = new ServerManager())
{
Configuration config = serverManager.GetApplicationHostConfiguration();
ConfigurationSection authorizationSection = config.GetSection("system.ftpServer/security/authorization", "Default Web Site");
ConfigurationElementCollection authorizationCollection = authorizationSection.GetCollection();
ConfigurationElement addElement = authorizationCollection.CreateElement("add");
addElement["accessType"] = @"Allow";
addElement["roles"] = @"administrators";
addElement["permissions"] = @"Read, Write";
authorizationCollection.Add(addElement);
ConfigurationElement addElement1 = authorizationCollection.CreateElement("add");
addElement1["accessType"] = @"Deny";
addElement1["users"] = @"guest";
addElement1["permissions"] = @"Read, Write";
authorizationCollection.Add(addElement1);
serverManager.CommitChanges();
}
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect... thanks a lot.. I'll try tomorrow.
If I have further questions I will open a new question with new points :-)
If I have further questions I will open a new question with new points :-)
do some packet inspection with wireshark to determine where the failure is occuring
it's either your connection to sql or the query/response
are you getting any events related to this on your sql server?