After the release of Windows
Server 2008 R2, gOxiA began to conduct related tests and evaluations. IIS is one of the key tests and evaluations! Today, I shared with you how to configure FTP7 on IIS7 to use IIS to manage credentials for authentication. Mentioned MSFTP service, I am afraid that there are many people who know, but there are fewer people who actually use it! In particular, most of the IDC environments will choose Serv-U FTP Server. gOxiA will not use Serv-U from Windows
Server 2008 for the simple reason! Serv-U is not free. This Serv-U has security risks by default. Moreover, the opening of FTP is also to facilitate the maintenance of the website, download and upload information! So using the system's own software is not better! Maintenance is also relatively easy! However, friends who have used MSFTP know that from the beginning of FTP7, Microsoft provides support for non-Windows
authentication for MSFTP design, which means that if we want to access MSFTP, we don't have to add users to the system. Account, you can use IIS to manage separate credentials! Now we don't have to worry anymore. Using MSFTP will have a security problem with user accounts.
This is a Step by Step, so the related principles and knowledge involved are not introduced too much! We will implement the FTP account for IIS administrative credentials through the IisManagerAuth authentication module provided by IIS7. The specific steps are as follows:
Before starting the configuration, we need to modify the directory security permissions of the relevant directory. This step is necessary. Otherwise, an error will occur when logging in to FTP. As shown in the following figure, we will see an error message that the configuration file could not be read due to insufficient permissions. Files that are not read by permission are the redirection.config file located under inetsrv\\config. After gOxiA's test, even if the corresponding permission is added to the file, the login fails. Finally, configure the config directory permission, and give the Network Service (the default account of the FTP7 process) read permission before logging in.
In order to simplify the process of setting up directory permissions, gOxiA refers to the command line of related articles in IIS.net, and the cacls involved can be directly run to get parameter help. The command line to execute is as follows:
cacls c:\\windows\\system32\\inetsrv\\config /G "Network Service":R /E
After configuring the config directory permissions, make sure "Network Service" has read access to the administration.config and redirection.config files in this directory, otherwise execute the following command line:
cacls c:\\windows\\system32\\inetsrv\\config\\administration. Config /G "Network Service":R /E cacls c:\\windows\\system32\\inetsrv\\config\
edirection.config /G "Network Service":R /E
Then create a default directory for FTP, be careful to add "Network Service" with full control.
Here, we started configuring IIS7, creating an FTP site, enabling IisManagerAuth for it, and creating an account with IIS administrative credentials to give FTP access.
Before you start, please make sure that the management service component of IIS7 is installed. Otherwise, please go to Server Management, click Add Role Service, select IIS7 Management Service Component to install.
C:\\Inetpub\\Ftproot can be used as the FTP home directory by default. Of course, you can create or select a directory according to your needs, but you need to pay attention, please Give "Network Service" full control.
Let's configure IIS7 to enable IIS Manager credentials and enable IisManagerAuth after it is enabled. To do this, open IIS Manager, double-click "Manage Services", select "Windows credentials or IIS Manager credentials", and finally click "Apps" under the list of operations on the right.
Use "IIS Manager User" to create a user account managed by IIS. To do this, double-click "IIS Manager User", click "Add User", and enter the username and password in the pop-up form.
Once the above operation is complete, you can start creating an FTP site. First select " in the navigation form on the left side of IIS Manager. ;website", then right click, left click "Add FTP Site…".
"Site Information" Enter the FTP site name, such as: Default FTP Site. And select the default content directory, in this case gOxiA uses C:\\inetpub\\ftproot, click "Next".
In the "Binding and SSL Settings", enable the virtual hostname as needed. Note: FTP"virtual hostname" may not be supported by some clients. Also change the SSL default configuration "required" to "allow", otherwise if you do not configure an SSL certificate and use the SSL FTP login method, the client connection will fail.
In the "authentication and authorization information" configuration, you need to choose the authentication method and specify a user and permissions. If you only allow IIS Manager users to access the FTP site, this step can be left unconfigured by clicking "Complete". It is convenient for everyone to learn. In this example, the Administrator in the system user is allowed to read and write to the FTP.
The FTP site with Windows authentication is now created. Below we can use Administrator to log in to FTP.
After testing, the created FTP site is up and running. Below we will add the previously created IIS Manager user &mdash for this FTP site; goxia has the appropriate access rights.
First, select "Default FTP Site", double-click "FTP Authentication" in the content form, go to "FTP Authentication" and click "Customize in the right operation after setting Provider …", check "IisManagerAuth" in the pop-up form.
After IisMangerAuth is enabled, open the "FTP authorization rule", add the specified user— goxia, and give it corresponding Access rights.
Let's finally use goxia, the IIS manager user to log in to FTP for testing.
If the first login fails and you are unable to authenticate the user and password, you will need to open the "IIS Manager Permissions" setting for the FTP site to add the account for goxia. After the test is successfully logged in, the account can be deleted from it. Look for the relevant guidance document of IIS.net and find that the default is to perform this step configuration, but gOxiA thinks that this step is to configure whether the user has remote management rights of the FTP. Once the remote management service of IIS is configured and enabled, the account is Permissions may pose a security risk. Currently gOxiA is not fully understood. I hope that some netizens will give pointers to one or two!
computer processor and graphics card is the computer hardware that netizens are most concerned about
Microsoft brought the Windows 10 we have been waiting for for a long time. After reading all the int
win10 wireless network card driver update tutorial you can come to understand, the following will de
Microsoft officially confirmed: Win10 supports native MKV file playback
The Windows 7 system deletes all the restore points (graphic tutorial)
Win10 patch KB3119142 always repeat the installation how to do?
Several gameplay skills of the mouse wheel under Windows7 system
How to open the calculator of Win10 system? Where is the calculator path
How Win10 9926 uses the new map app for more information
How to winxp directly upgrade win10? Win xp free upgrade win10 method
Win10 official version of the C drive inetpub folder can not be deleted how to do? How to solve?
How to disable IE browser plug-in in Win7 to achieve the effect of speeding up
Windows XP input method can not be converted
How to solve the win7 system can not connect to the remote desktop?
Linux user and user group settings
How to change the thumbnail size in the XP system
How to solve the problem of slow picture opening
Computer technology: Win8 Metro version IE10 mobile operating experience
Kingsoft Internet Security set up a regular anti-virus graphic tutorial
Win7 production and installation of U disk
Five strokes to solve Windows   XP post-operation delay problem