Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FTP 7.5 Authentication ASP.NET membership Problem

Posted on 2010-09-21
1
Medium Priority
?
1,478 Views
Last Modified: 2013-12-02
I'm running a Windows 2008 R2 server with IIS and FTP 7.5.  I want to use ASP.NET membership authentication to authenticate FTP users.

Followed this article for configuration: http://learn.iis.net/page.aspx/389/configuring-ftp-with-net-membership-authentication/  I'm using a SQL authentication connection string since connecting from a DMZ web server through firewall to SQL server.  Using FTP 7.5 (64-bit site) with SQL 2008 as backend.  The ASPNETDB database is configured and IIS Manager can add and remove .NET users and roles to it without issue.  The issue comes when trying to initiate an FTP connection.  In IIS, the user has been granted privileges to the FTP site (Authorization Rule), Forms authentication is enabled, and FTP Authentication has been configured (all per the article), however, when a FTP connection is attempted, the FTP client returns error "530 User cannot log in" after the USER and PASS commands.  It shows the same in the FTP server logs:

2010-09-21 18:31:04 172.16.1.1 - 192.168.3.1 21 USER ftpuser 331 0 0 a851d7ec-e431-4295-9b23-031b03699371 -
2010-09-21 18:31:04 172.16.1.1 - 192.168.3.1 21 PASS *** 530 2148734217 41 a851d7ec-e431-4295-9b23-031b03699371 -
2010-09-21 18:31:04 172.16.1.1 - 192.168.3.1 21 ControlChannelClosed - - 0 0 a851d7ec-e431-4295-9b23-031b03699371 -

The login attempts are not iterating in the ASPNETDB table.  In fact, the application pool is not attempting to contact the membership database in SQL.  I confirmed this with SQL Profiler and Wireshark.  I expect the asp.net membership to authenticate the user by talking to the SQL server, but that's not happening.  Windows authentication is not an option due to the firewalled environment.  I've searched many articles, but I've not found a solution.  Nothing in event viewer.  I tried using ProcMon to see if any file or folder access problems....don't see any.  I also confirmed that I could authenticate via an aspx login page using the same user and password with forms authentication, which succeeded..  So, it's only the FTP part that won't authenticate through asp.net membership.  Here's the configuration section from the web.config (connection string excluded):

<membership defaultProvider="FtpSqlMembershipProvider">
         <providers>
            <add name="FtpSqlMembershipProvider"
               type="System.Web.Security.SqlMembershipProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
               connectionStringName="FtpMAG1603SQLServer"
               enablePasswordRetrieval="false"
               enablePasswordReset="true"
               requiresQuestionAndAnswer="false"
               applicationName="/"
               requiresUniqueEmail="false"
               passwordFormat="Hashed"
        minRequiredPasswordLength="7"
               minRequiredNonalphanumericCharacters="1"
  maxInvalidPasswordAttempts="50"
        passwordAttemptWindow="10" />
         </providers>
      </membership>


      <roleManager defaultProvider="FtpSqlRoleProvider" enabled="true">
         <providers>
            <add name="FtpSqlRoleProvider"
               type="System.Web.Security.SqlRoleProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
               connectionStringName="FtpMAG1603SQLServer"
               applicationName="/" />
         </providers>
      </roleManager>


FTP authentication has the Custom provider "AspNetAuth" enabled per the configuration article mentioned in the beginning of the post.  It seems there may be a missing connection between this provider and the custom providers configured above.  The article I followed assumes the SQL database is on the local host and it's using Windows Authentication, but I'm doing just the opposite...remote SQL with SQL authentication.  There's a section of the article that talks about giving the Application Pool identity permission to SQL, but I obviously can't do that in a DMZ/firewalled environment.  Also, Network Service is no longer used in Windows Server 2008 R2.  

 I verified the firewall wasn't causing the issue by disabling it.  Please give any insight possible.  Thanks.
0
Comment
Question by:Russell64
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
Russell64 earned 0 total points
ID: 33784002
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question