Adding FTP Custom Authentication Providers <add>

Overview

The <add> element adds a provider to the collection of custom authentication providers.

When custom authentication providers are added to FTP sites, the FTP service will attempt to authenticate a user with each custom authentication provider that is enabled in the order that the providers are specified in the FTP configuration settings. In the event that the user cannot be authenticated by using any of the custom authentication providers, the FTP service will attempt to Basic authentication, if it is enabled, to authenticate the user.

The main advantage of using custom authentication providers is that user accounts do not have to be created on your server or domain. This improves your network's security.

Note: FTP 7.0 and FTP 7.5 ship with two custom authentication providers:

Note: The custom authentication providers that are added to the <customAuthentication/providers> element must be registered in the <system.ftpServer/providerDefinitions> collection.

Note: Support for creating custom authentication providers was introduced in FTP 7.5. For additional information about how to create custom authentication providers, see the Developing for FTP 7.5 section of Microsoft's learn.iis.net Web site.

Compatibility

Version Notes
IIS 7.5 The <add> element of the <providers> element ships as a feature of IIS 7.5.
IIS 7.0 The <add> element of the <providers> element was introduced in FTP 7.0, which was a separate download for IIS 7.0.
IIS 6.0 The <ftpServer> element and its child elements replace the IIS 6.0 FTP settings that were located in the LM/MSFTPSVC metabase path.

Note: The FTP 7.0 and FTP 7.5 services shipped out-of-band for IIS 7.0, which required downloading and installing the modules from the following URL:

http://www.iis.net/expand/FTP

With Windows 7 and Windows Server 2008 R2, the FTP 7.5 service ships as a feature for IIS 7.5, so downloading the FTP service is no longer necessary.

Setup

To support FTP publishing for your Web server, you must install the FTP service. To do so, use the following steps.

IIS 7.5 for Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, expand FTP Server.
  5. Select FTP Service.

    Note: To support ASP.Membership authentication or IIS Manager authentication for the FTP service, you will also need to select FTP Extensibility.
  6. Click Next.
  7. On the Confirm Installation Selections page, click Install.
  8. On the Results page, click Close.

IIS 7.5 for Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. Expand Internet Information Services, and then FTP Server.
  4. Select FTP Service.

    Note: To support ASP.Membership authentication or IIS Manager authentication for the FTP service, you will also need to select FTP Extensibility.
  5. Click OK.

IIS 7.0 for Windows Server 2008 and Windows Vista

  1. Download the installation package from the following URL:
  2. Follow the instructions in the following walkthrough to install the FTP service:

How To

How to enable IIS Manager authentication for an FTP site

  1. Open Internet Information Services (IIS) Manager:
    • If you are using Windows Server 2008 or Windows Server 2008 R2:
      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows Vista or Windows 7:
      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, expand the Sites node, and then click the name of the site.
  3. In the site's Home pane, double-click the FTP Authentication feature.
  4. When the FTP Authentication page displays, click Custom Providers... in the Actions pane.
  5. When the Custom Providers dialog box displays, click to select IIS Manager Authentication. Click OK.
  6. Your FTP Authentication page should now show IIS Manager Authentication enabled.
  7. If desired, you can disable Basic Authentication or Anonymous Authentication by highlighting either mode and clicking Disable in the Actions pane.

For additional information about how to configure IIS Manager authentication for FTP, see the Configure FTP with IIS 7.0 Manager Authentication topic on Microsoft's learn.iis.net Web site.


How to add a managed-code custom authentication provider for an FTP site

Note: These steps assume that a custom FTP authentication provider has already been installed and registered on your server's Global Assembly Cache (GAC.) For more information about how to register managed assemblies, see the Global Assembly Cache Tool (Gacutil.exe) topic on Microsoft the MSDN Web site.

  1. Determine the assembly information for the extensibility provider:
    • In Windows Explorer, open your "C:\Windows\assembly" path, where C: is your operating system drive.
    • Locate the assembly. For example, FtpAuthenticationDemo.
    • Right-click the assembly, and then click Properties.
    • Copy the Culture value. For example, Neutral.
    • Copy the Version number. For example, 1.0.0.0.
    • Copy the Public Key Token value. For example, 426f62526f636b73.
    • Click Cancel.
  2. Add the extensibility provider to the global list of FTP authentication providers:
    • Open Internet Information Services (IIS) Manager.
    • Click your computer name in the Connections pane.
    • Double-click FTP Authentication in the main window.
    • Click Custom Providers... in the Actions pane.
    • Click Register.
    • Enter a friendly name for the custom authentication provider in the Name box. For example, FtpAuthenticationDemo.
    • Click Managed Provider (.NET).
    • Enter the assembly information for the extensibility provider using the information that you copied earlier. For example:
      FtpAuthentication.FtpAuthDemo, FtpAuthenticationDemo, version=1.0.0.0, Culture=neutral, PublicKeyToken=426f62526f636b73
    • Click OK.
    • Clear the check box for the custom authentication provider in the providers list.
    • Click OK.
  3. Add the custom authentication provider for an FTP site:
    • Open an FTP site in Internet Information Services (IIS) Manager.
    • Double-click FTP Authentication in the main window.
    • Click Custom Providers... in the Actions pane.
    • Check to select and enable the custom authentication provider in the providers list.
    • Click OK.

Configuration

The <add> element of the <providers> element is configured at the site level.

Attributes

Attribute Description
name Required string attribute.

Specifies the friendly name of the custom authentication provider.

There is no default value.
enabled Optional Boolean attribute.

true if the custom authentication provider is enabled; otherwise, false.

The default value is true.

Child Elements

None.

Configuration Sample

The following sample displays an FTP site with a <customAuthentication> element that enables a custom authentication provider that is named FtpAuthenticationDemo and disables the built-in authentication providers.

<site name="ftp.example.com" id="5">
   <application path="/">
      <virtualDirectory path="/" physicalPath="c:\inetpub\www.example.com" />
   </application>
   <bindings>
      <binding protocol="ftp" bindingInformation="*:21:" />
   </bindings>
   <ftpServer serverAutoStart="true">
      <security>
         <authentication>
            <basicAuthentication enabled="false" />
            <anonymousAuthentication enabled="false" />
            <customAuthentication>
               <providers>
                  <add name="FtpAuthenticationDemo" enabled="true" />
               </providers>
            </customAuthentication>
         </authentication>
         <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
      </security>
   </ftpServer>
</site>

Sample Code

The following examples add a custom authentication provider to an FTP site and enable it.

AppCmd.exe

appcmd.exe set config -section:system.applicationHost/sites /+"[name='ftp.example.com'].ftpServer.security.authentication.customAuthentication.providers.[name='FtpXmlAuthentication',enabled='True']" /commit:apphost

Note: You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.

C#

using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
         Configuration config = serverManager.GetApplicationHostConfiguration();
         ConfigurationSection sitesSection = config.GetSection("system.applicationHost/sites");
         ConfigurationElementCollection sitesCollection = sitesSection.GetCollection();
         ConfigurationElement siteElement = FindElement(sitesCollection, "site", "name", @"ftp.example.com");

         if (siteElement == null) throw new InvalidOperationException("Element not found!");

         ConfigurationElement ftpServerElement = siteElement.GetChildElement("ftpServer");
         ConfigurationElement securityElement = ftpServerElement.GetChildElement("security");
         ConfigurationElement authenticationElement = securityElement.GetChildElement("authentication");
         ConfigurationElement customAuthenticationElement = authenticationElement.GetChildElement("customAuthentication");
         ConfigurationElementCollection providersCollection = customAuthenticationElement.GetCollection("providers");

         ConfigurationElement addElement = providersCollection.CreateElement("add");
         addElement["name"] = @"FtpXmlAuthentication";
         addElement["enabled"] = true;
         providersCollection.Add(addElement);

         serverManager.CommitChanges();
      }
   }

   private static ConfigurationElement FindElement(ConfigurationElementCollection collection, string elementTagName, params string[] keyValues)
   {
      foreach (ConfigurationElement element in collection)
      {
         if (String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase))
         {
            bool matches = true;
            for (int i = 0; i < keyValues.Length; i += 2)
            {
               object o = element.GetAttributeValue(keyValues[i]);
               string value = null;
               if (o != null)
               {
                  value = o.ToString();
               }
               if (!String.Equals(value, keyValues[i + 1], StringComparison.OrdinalIgnoreCase))
               {
                  matches = false;
                  break;
               }
            }
            if (matches)
            {
               return element;
            }
         }
      }
      return null;
   }
}

VB.NET

Imports System
Imports System.Text
Imports Microsoft.Web.Administration

Module Sample
   Sub Main()
      Dim serverManager As ServerManager = New ServerManager
      Dim config As Configuration = serverManager.GetApplicationHostConfiguration
      Dim sitesSection As ConfigurationSection = config.GetSection("system.applicationHost/sites")
      Dim sitesCollection As ConfigurationElementCollection = sitesSection.GetCollection
      Dim siteElement As ConfigurationElement = FindElement(sitesCollection, "site", "name", "ftp.example.com")

      If (siteElement Is Nothing) Then
         Throw New InvalidOperationException("Element not found!")
      End If

      Dim ftpServerElement As ConfigurationElement = siteElement.GetChildElement("ftpServer")
      Dim securityElement As ConfigurationElement = ftpServerElement.GetChildElement("security")
      Dim authenticationElement As ConfigurationElement = securityElement.GetChildElement("authentication")
      Dim customAuthenticationElement As ConfigurationElement = authenticationElement.GetChildElement("customAuthentication")
      Dim providersCollection As ConfigurationElementCollection = customAuthenticationElement.GetCollection("providers")
      Dim addElement As ConfigurationElement = providersCollection.CreateElement("add")
      addElement("name") = "FtpXmlAuthentication"
      addElement("enabled") = True
      providersCollection.Add(addElement)

      serverManager.CommitChanges()
   End Sub

   Private Function FindElement(ByVal collection As ConfigurationElementCollection, ByVal elementTagName As String, ByVal ParamArray keyValues() As String) As ConfigurationElement
      For Each element As ConfigurationElement In collection
         If String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase) Then
            Dim matches As Boolean = True
            Dim i As Integer
            For i = 0 To keyValues.Length - 1 Step 2
               Dim o As Object = element.GetAttributeValue(keyValues(i))
               Dim value As String = Nothing
               If (Not (o) Is Nothing) Then
                  value = o.ToString
               End If
               If Not String.Equals(value, keyValues((i + 1)), StringComparison.OrdinalIgnoreCase) Then
                  matches = False
                  Exit For
               End If
            Next
            If matches Then
               Return element
            End If
         End If
      Next
      Return Nothing
   End Function

End Module

JavaScript

var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";
var sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST");
var sitesCollection = sitesSection.Collection;

var siteElementPos = FindElement(sitesCollection, "site", ["name", "ftp.example.com"]);
if (siteElementPos == -1) throw "Element not found!";
var siteElement = sitesCollection.Item(siteElementPos);

var ftpServerElement = siteElement.ChildElements.Item("ftpServer");
var securityElement = ftpServerElement.ChildElements.Item("security");
var authenticationElement = securityElement.ChildElements.Item("authentication");
var customAuthenticationElement = authenticationElement.ChildElements.Item("customAuthentication");
var providersCollection = customAuthenticationElement.ChildElements.Item("providers").Collection;

var addElement = providersCollection.CreateNewElement("add");
addElement.Properties.Item("name").Value = "FtpXmlAuthentication";
addElement.Properties.Item("enabled").Value = true;
providersCollection.AddElement(addElement);

adminManager.CommitChanges();

function FindElement(collection, elementTagName, valuesToMatch) {
   for (var i = 0; i < collection.Count; i++) {
      var element = collection.Item(i);
      if (element.Name == elementTagName) {
         var matches = true;
         for (var iVal = 0; iVal < valuesToMatch.length; iVal += 2) {
            var property = element.GetPropertyByName(valuesToMatch[iVal]);
            var value = property.Value;
            if (value != null) {
               value = value.toString();
            }
            if (value != valuesToMatch[iVal + 1]) {
               matches = false;
               break;
            }
         }
         if (matches) {
            return i;
         }
      }
   }
   return -1;
}

VBScript

Set adminManager = createObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST"
Set sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST")
Set sitesCollection = sitesSection.Collection

siteElementPos = FindElement(sitesCollection, "site", Array("name", "ftp.example.com"))
If siteElementPos = -1 Then
WScript.Echo "Element not found!"
WScript.Quit
End If

Set siteElement = sitesCollection.Item(siteElementPos)
Set ftpServerElement = siteElement.ChildElements.Item("ftpServer")
Set securityElement = ftpServerElement.ChildElements.Item("security")
Set authenticationElement = securityElement.ChildElements.Item("authentication")
Set customAuthenticationElement = authenticationElement.ChildElements.Item("customAuthentication")
Set providersCollection = customAuthenticationElement.ChildElements.Item("providers").Collection

Set addElement = providersCollection.CreateNewElement("add")
addElement.Properties.Item("name").Value = "FtpXmlAuthentication"
addElement.Properties.Item("enabled").Value = True
providersCollection.AddElement(addElement)

adminManager.CommitChanges()

Function FindElement(collection, elementTagName, valuesToMatch)
   For i = 0 To CInt(collection.Count) - 1
      Set element = collection.Item(i)
      If element.Name = elementTagName Then
         matches = True
         For iVal = 0 To UBound(valuesToMatch) Step 2
            Set property = element.GetPropertyByName(valuesToMatch(iVal))
            value = property.Value
            If Not IsNull(value) Then
               value = CStr(value)
            End If
            If Not value = CStr(valuesToMatch(iVal + 1)) Then
               matches = False
               Exit For
            End If
         Next
         If matches Then
            Exit For
         End If
      End If
   Next
   If matches Then
      FindElement = i
   Else
      FindElement = -1
   End If
End Function
Deprecated Elements