0

On a Windows IIS server I want to have FTP download available for anonymous users. And I want to be able to change the files myself and ensure that the authentication I provide is secure, i.e., FTPS, not just FTP.

This seems like it should be a standard configuration, and maybe it is, but I can't seem to find the correct information.

Can I do this by setting up both an FTP server and an FTPS server, both using the same data directory? Or is there a better way to do this?

RenniePet
  • 111
  • 4
  • I read the first part of your blog and think I understand what you wanted. What I have suggested also works. I use this approach to upload websites, services, etc... I wanted to make sure the upload was secure and only one authenticated user could upload, which is what you describe in your blog. This site https://forums.iis.net/t/653782.aspx states the IIS FTP passes the user name and password as text. This is why I went with WinScp. – Highdown Jan 09 '18 at 13:25
  • One more note, the difference in the approach that I suggested is that only one FTP server is required. Permissions on the server determine access privileges from clients. – Highdown Jan 09 '18 at 13:33

1 Answers1

2

@RenniePet, I had a similar need about five months back. After doing a lot of research, I decided on using the product described here at winscp.net for the secure uploads to my FTP sites.

On your FTP server, you can define privileges for yourself (i.e., SSL FTP user) by creating a new user name and password in IIS. You can give yourself read/write access to your FTP folders. WinSCP uses the privileged user/password to login and you can select SSL for your FTP uploads. The site has pretty good documentation and support. You can also use WinSCP to synchronize local and remote directories/subdirectories.

On your FTP server, you can setup a group for anonymous users and give them read only access.

Hope this gets you started. Let me know if you get stuck somewhere in the process.

Martin Prikryl
  • 7,327
  • 2
  • 36
  • 71
Highdown
  • 146
  • 9
  • Thanks for your answer. Not sure I understand how you define yourself to the IIS FTP server. Using a Windows account, or can you define some arbitrary ID not a part of Windows authentication? – RenniePet Jan 09 '18 at 01:49
  • I assume that the IIS server we are talking about is remote. I use Windows Remote Desktop Connection to connect to my servers. On the remote server, I open up IIS Manager, right-click on Sites and add an FTP site. Have you already done something like this? Need to understand a little more about what you have already done. You can create a new user name and assign the user read/write/modify privileges. The user may have to be an admin depending on where you are trying give read/write/modify privileges. I would try without admin first, but that's up to you. – Highdown Jan 09 '18 at 11:32
  • The user name and password that you create are used for WinScp to upload the files securely. In WinScp, you use FTP but select TLS/SSL Explicit Encryption, add your ftp.domain.com name, port number, user name, and password. If you SSL certificate does not match the name of your ftp domain, you will have to approve an override at the WinScp prompt. – Highdown Jan 09 '18 at 11:47
  • Thanks for the time you've taken to explain things. It's the "You can create a new user name and ..." part that I'm asking about. Are you talking about a Windows account, or any arbitrary user name that is local to the FTP server? – RenniePet Jan 09 '18 at 12:48
  • When I didn't get any answer here I plowed ahead and created a rather kludgy system with TWO FTP servers. I even blogged about it. https://renniestechblog.com/information/30-installing-iis-ftp-servers-for-an-azure-vm – RenniePet Jan 09 '18 at 12:50
  • I am talking about any arbitrary user or group of users on the FTP server. In your case, one user has read/write access, and the group of anonymous users would only have read access, assuming that is what you want. – Highdown Jan 09 '18 at 12:55
  • Tried to clarify my response above to address your question regarding the location of the user/users. – Highdown Jan 09 '18 at 13:05