Configuring FTP User Security

Creating a new site for anonymous access isn't much use for many FTP needs, which require Write access for only specific users. You can configure a range of security options in FTP, including authorization and authentication security to provide restricted access for specific users. For example, let's remove Write access for anonymous users and add Read and Write access for the administrator account on our FTP site. Start by selecting the FTP site in the sites tree of the Connections pane.

Because we configured this site for both Read and Write access for Anonymous, or unauthenticated, users, Authentication and Authorization must be configured for the Administrator account, and it must be granted both Read and Write access. We will also remove Write access for the Anonymous users. Start by adding Basic authentication in addition to the existing Anonymous authentication so that there is a method for authenticating a user account that logs in. To do this, open the FTP Authentication feature, and you'll see that, as shown in Figure 10.16, although Anonymous authentication was enabled when the site was created, Basic authentication is disabled. Highlight Basic Authentication and enable it by choosing Enable in the Actions pane. Now you have a method for authenticating a user account.

After enabling the authentication method, you need to authorize ...

Get Professional Microsoft IIS 8 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.