I have setup an FTP site in IIS 7.5 with SSL using a self-signed certificate.
I can login and view my view my virtual directories, which are all setup as UNC paths. The problem is that I cannot write to any location through FTP.
I have 3 Active Directory groups setup. Each group has permissions set properly at the folder level. These permissions are verified through the "Effective Permissions" tab where it shows permissions for a given user.
But when I login as a user (designer1) that belongs to a group (Design) which has access to the folders that my virtual directories point to, I get Access is denied.
I tried nearly every configuration for this and cannot get it to work. The App Pool for my FTP site is it's own pool "FTP" with No Managed code, in Classic Pipeline Mode.
What should the Application Pool Identity be?
In the FTP "site" properties, I have the "Conect As" set to "Application user (pass-through authentication)" so that the file permissions will dictate whether that user has access to write or not.
Also under the FTP site properties, I have Anonymous Authentication disabled and Basic Authentication enabled. I have had zero luck setting the FTP Authorization rules since I can type in anything into the Specific Roles and Specific Users field and it doesn't validate if they are real users or groups.
Is there a cache mechanism by which I cannot change the settings and then test them right away? I always restart the IIS service and restart the site and recycle the app pool.
Best Answer
Ok, I have figured out my own problem. Wanted to share my insights briefly.
Application Pool : .NET = No Managed Code : Pipeline Mode = Integrated : Identity = NetworkService
The trick here is that the new FTP Authorization Rules do not verify Active Directory (or local) usernames or groups. Therefore, you could put in anything here, thinking you've got the right group name, and you wouldn't know except that permissions didn't work to allow the rule you've set.
I got this to work by
I hope this helps someone!