FTP Authentication

 

Applies To: Windows Server 2012 R2, Windows Server 2012

Use the FTP Authentication feature page to configure the authentication methods that FTP clients can use to gain access to your content. You can sort this list by name, status, or type by clicking the appropriate column heading. By using the Group by drop-down list, you can also group authentication features by type or status.

By default, no authentication methods are enabled. Enable an authentication method if you want to allow FTP users to access your content. There are two types of authentication methods: Built-In and Custom.

  • Built-In authentication methods are integral parts of the FTP server. These authentication methods can be enabled or disabled, but cannot be removed from the FTP server.

  • Custom authentication methods are implemented through an installable component. These authentication methods can be enabled or disabled, and they can be added to or removed from the FTP server.

    Note

    Clicking Custom Providers in the task list displays the FTP Custom Providers Dialog Box dialog box.

    Note

    Basic authentication works with Active Directory (AD) user isolation. However, if you enable Custom authentication or any other form of authentication when AD user isolation is already enabled, that other form of authentication will not work. For more information on FTP user isolation, including AD user isolation, see Configuring FTP 7 User Isolation.

    Note

    "FTP" and "Anonymous" are reserved words. You cannot create IIS Manager user accounts that contain these names.

Related scenarios

In this document

UI Elements for FTP Authentication

The following tables describe the UI elements that are available on the feature page and in the Actions pane.

Feature Page Elements

Element Name

Description

Anonymous Authentication

Anonymous authentication is a built-in authentication method that allows any user to access any public content by providing an anonymous user name and password. By default, Anonymous authentication is disabled.

Note

Use Anonymous authentication when you want all clients who visit your FTP site to be able to view its content.

ASP.NET Authentication

ASP.NET authentication is a custom authentication method that requires users to provide a valid .NET user name and password to gain access to content. The .NET account can be from an ASP.NET user database that is shared with your web content, or from a separate ASP.NET user database.

Note

ASP.NET authentication requires that a provider and possibly a connection string be configured for access to an ASP.NET user database.

Basic Authentication

Basic authentication is a built-in authentication method that requires users to provide a valid Windows user name and password to gain access to content. The user account can be local to the FTP server, or a domain account.

Note

Basic authentication transmits unencrypted passwords across the network. Use Basic authentication only when you know that the connection between the client and the server is secured using SSL.

IIS Manager Authentication

IIS Manager authentication is a custom authentication method that requires users to provide a valid IIS Manager user name and password to gain access to content. IIS Manager authentication requires that the IIS Management Service is installed and configured to use both Windows credentials and IIS Manager credentials. (The IIS Management Service does not have to be running when you use IIS Manager authentication.)

Note

IIS Manager authentication transmits unencrypted passwords across the network. Use IIS Manager authentication only when you know that the connection between the client and the server is secured using SSL.

Actions Pane Elements

Element Name

Description

Custom Providers

Opens the Custom Providers dialog box so that you can enable the default custom providers or your own custom providers.

Enable

Enables the selected provider. This option is only available if the selected provider is disabled.

Disable

Disables the selected provider. This option is only available if the selected provider is enabled.

Edit

Enables you to edit settings for Built-In providers.

Note

To edit settings for Custom providers, access the Custom Providers dialog box from the global level and click Edit.

Remove

Removes the selected provider. This option is not available for Built-in providers.

Note

When you configure your FTP authentication settings, also configure your FTP authorization settings.

Custom Providers Dialog Box

Use the Custom Providers dialog box to add or remove FTP custom authentication providers for your FTP server.

Element Name

Description

Select one or more registered providers

Displays the list of FTP custom authentication providers that have been registered on the FTP server. Selecting an FTP custom authentication provider from the list will enable that provider for the whole FTP server or for a specific FTP site depending on the node that is highlighted in the IIS Manager tree.

This element appears at both global and site levels.

Note

Custom authentication providers can be either a managed-code class or a native-code COM module.

Register

Displays the Add Custom Authentication Provider dialog box. You can use this dialog box to add new FTP custom authentication providers to your FTP server.

Edit

Displays the Edit Custom Authentication Provider dialog box. You can use this dialog box to edit the settings for an FTP custom authentication provider that you have already registered.

This element only appears at the global level.

Remove

Removes an FTP custom authentication provider that you have already registered.

This element only appears at the global level.

Add or Edit Custom Authentication Provider Dialog Box

Use the Add Custom Authentication Provider or Edit Custom Authentication Provider dialog boxes to add new FTP custom authentication providers to your FTP server, or to edit the settings for an FTP custom authentication provider that you have already added to your FTP server.

Element Name

Description

Name

Specifies the name that will be displayed in the Select one or more registered custom providers list for the FTP Custom Providers Dialog Box dialog box.

Class ID

Specifies the class name or GUID for a COM class when the Native Provider (COM) option is used.

Type

Specifies the managed-type for a .NET class when the Managed Provider (.NET) option is used.

Application Domain

Specifies the application domain for a .NET class when the Managed Provider (.NET) option is used.

Edit Anonymous Authentication Credentials Dialog Box

Use the Edit Anonymous Authentication Credentials dialog box to specify the credentials to use for anonymous user authentication.

Element Name

Description

User name

Specifies the user account for anonymous user authentication.

Password

Specifies the password for the user account.

Confirm password

Confirms the password for the user account.

Edit Basic Authentication Settings

Use the Edit Basic Authentication Settings dialog box to set the default realm for Basic authentication.

Element Name

Description

Default domain

Specifies the default domain for Basic authentication.