Professional Documents
Culture Documents
Authentication in IIS 7
If you are using Windows Server 2008 you can download and install the FTP service from the
http://www.iis.net/ web site using one of the following links:
FTP 7.5 for IIS 7.0 (x64)
The "Network Service" account is used by the COM process that handles authentication
extensibility; therefore, you must grant the account specific permissions to certain folders to
enable this form of authentication. To grant the "Network Service" account "read" permissions to
the IIS "config" folder:
1. Open a command prompt.
2. Type the following command:
ICACLS "%SystemDrive%\Windows\System32\inetsrv\config" /Grant "Network
Service":R /T
ICACLS "%SystemDrive%\Windows\System32\inetsrv\config\administration.config"
/Grant "Network Service":R
ICACLS "%SystemDrive%\Windows\System32\inetsrv\config\redirection.config"
/Grant "Network Service":R
2. Click Roles in the tree view, locate the Web Server role and click Add Role Services.
3. If Management Service is not checked, check the box next to it and click Next. Otherwise, click
Cancel.
5. When the service installation is complete, click Close to exit the wizard and close Server
Manager.
Step 2: Configure the IIS Management Service and Add an IIS 7 Manager
In this second step, you configure the IIS 7 management service for IIS 7 Managers.
1. Go to the IIS 7 Manager. In the Connections pane, click the server-level node in the tree.
Double-click the Management Service icon.
2. Select the option for Windows credentials or IIS Manager credentials. Click Apply in the Actions
pane.
3. Go to the IIS 7 Manager. In the Connections pane, click the server-level node in the tree.
Double-click the IIS Manager Users icon.
4. In the IIS Manager Users feature, click Add User in the Actions pane.
5. When the Add User dialog appears, enter "ftpmanager" for User Name and "P@ssw0rd" for
Password. Click OK.
Summary
2. Right-click the Sites node in the tree and click Add FTP Site, or click Add FTP Site in the Actions
pane.
1. Go to the IIS 7 Manager. Click the node for the FTP site that you created earlier. Double-click the
FTP Authentication icon to open the FTP authentication feature page.
2. When the FTP Authentication page displays, click Custom Providers in the Actions pane.
3. When the Custom Providers dialog displays, click the check box for IIS Manager Authentication.
Click OK.
4. Your FTP Authentication page should now show both Basic Authentication and IIS Manager
Authentication enabled. If desired, disable Basic Authentication by highlighting it and clicking
5. You now must enable access for the IIS 7 manager account. Click the node for the FTP site in the
tree view. Double-click the IIS Manager Permissions icon to open that feature.
6. On the IIS Manager Permissions page, click Allow User in the Actions pane.
7. When the Allow User dialog displays, choose the IIS Manager option. Click Select.
8. When the Users dialog box displays, select the "ftpmanager" user. Click OK.
10. You must add an authorization rule so that the IIS 7 manager account can log in. Click the node
for the FTP site in the tree view. Double-click the FTP Authorization Rules icon to open the FTP
11. When the FTP Authorization Rules page displays, click Add Allow Rule in the Actions pane.
12. When the Add Allow Authorization Rule dialog box opens:
o Select Specified users, then type "ftpmanager" in the text box.
o For Permissions, select both Read and Write.
o Click OK.
Summary
Additional Information
After completing all of the steps in the Configuring the IIS 7 Management Service and
Creating a New FTP Site and Configuring an IIS Manager account sections of this
walkthrough, you are now able to log in using the "ftpmanager" account that you created. To use
the command-line FTP.EXE client on your IIS server:
1. Open a command prompt.
FTP localhost
3. When prompted for your USER name, enter your user name and password. For example:
USER ftpmanager
PASS ********
4. The FTP service should log you into the FTP site using the IIS 7 Manager account.