FTP Custom Authorization <customAuthorization>
The <customAuthorization> element specifies the settings for custom authorization of an FTP site. This form of authorization uses custom authorization providers to validate user access.
If you enable a custom authorization provider, the built-in authorization provider will not be used, and you will not be able to manually add an allow rule or a deny rule to the configuration.
For information about how to create a custom provider, see How to Use Managed Code (C#) to Create a Simple FTP Home Directory Provider.
| Version | Notes |
|---|---|
| IIS 10.0 | The <customAuthorization> element was not modified in IIS 10.0. |
| IIS 8.5 | The <customAuthorization> element was not modified in IIS 8.5. |
| IIS 8.0 | The <customAuthorization> element was introduced in IIS 8.0. |
| IIS 7.5 | N/A |
| IIS 7.0 | N/A |
| IIS 6.0 | N/A |
To support FTP authorization using a custom provider on your FTP site, you must install the FTP Service with FTP Extensibity.
Press the Windows logo key, and then click Server Manager.
In Server Manager, click Manage and then click Add Roles and Features.
In the Add Roles and Features wizard:
- On the Before You Begin page, click Next.
- On the Installation Type page, select the installation type, and then click Next.
- On the Server Selection page, select the appropriate server, and then click Next.
- On the Server Roles page, ensure that Web Server (IIS) is selected, and then expand it.
- Expand FTP Server, then select both FTP Service and FTP Extensibility, and then click Next.
- On the Features page, click Next.
- On the Confirm Installation Selections page, click Install.
- On the Results page, click Close.
- Open the Windows Control Panel.
- In the Windows Control Panel, open Programs and Features.
- In Programs and Features, click Turn Windows features on or off.
- In the Windows Features dialog box, expand Internet Information Services, and then expand FTP Server.
- Under FTP Server, select FTP Service and FTP Extensibility, and then click OK.
Open Internet Information Services (IIS) Manager:
If you are using Windows Server 2012 or later:
- On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
If you are using Windows 8 or later:
- Hold down the Windows key, press the letter X, and then click Control Panel.
- Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
In the Connections pane, select the server name, expand Sites, and then select an FTP site.
In the Home pane, double-click the FTP Authorization Rules feature.
In the Actions pane, click Edit Feature settings.
In the Authorization Feature Settings dialog box, select Choose a custom authorization provider to enable FTP authorization by a custom provider. In the associated drop-down list, select a custom provider from the list.
Note
When a custom FTP authorization provider has been enabled, the FTP Authorization Rules feature is disabled.
Click OK.
None.
| Element | Description |
|---|---|
provider |
Optional element. Specifies the custom authorization provider. |
The following sample displays a <customAuthorization> element:
<ftpServer>
<security>
<customAuthorization>
<provider name="MyProvider" enabled="true" />
</customAuthorization>
</security>
</ftpServer>
The following sample displays a <providerDefinitions> element for the custom authorization provider in the preceding example:
<system.ftpServer>
<providerDefinitions>
<add name="MyProvider" type="MyProvider, MyProvider, version=1.0.0.0, Culture=neutral, PublicKeyToken=426f62526f636b73" />
</providerDefinitions>
</system.ftpServer>
The following code samples configure a custom authorization provider.
appcmd.exe set config -section:system.applicationHost/sites /[name='MyFTPSite'].ftpServer.security.customAuthorization.provider.name:"MyProvider" /commit:apphost
appcmd.exe set config -section:system.applicationHost/sites /[name='MyFTPSite'].ftpServer.security.customAuthorization.provider.enabled:"True" /commit:apphost
Note
You must be sure to set the commit parameter to apphost when using AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.
using System;
using System.Text;
using Microsoft.Web.Administration;
internal static class Sample {
private static void Main() {
using(ServerManager serverManager = new ServerManager()) {
Configuration config = serverManager.GetApplicationHostConfiguration();
ConfigurationSection sitesSection = config.GetSection("system.applicationHost/sites");
ConfigurationElementCollection sitesCollection = sitesSection.GetCollection();
ConfigurationElement siteElement = FindElement(sitesCollection, "site", "name", @"MyFTPSite");
if (siteElement == null) throw new InvalidOperationException("Element not found!");
ConfigurationElement ftpServerElement = siteElement.GetChildElement("ftpServer");
ConfigurationElement securityElement = ftpServerElement.GetChildElement("security");
ConfigurationElement customAuthorizationElement = securityElement.GetChildElement("customAuthorization");
ConfigurationElement providerElement = customAuthorizationElement.GetChildElement("provider");
providerElement["name"] = @"MyProvider";
providerElement["enabled"] = true;
serverManager.CommitChanges();
}
}
private static ConfigurationElement FindElement(ConfigurationElementCollection collection, string elementTagName, params string[] keyValues) {
foreach (ConfigurationElement element in collection) {
if (String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase)) {
bool matches = true;
for (int i = 0; i < keyValues.Length; i += 2) {
object o = element.GetAttributeValue(keyValues[i]);
string value = null;
if (o != null) {
value = o.ToString();
}
if (!String.Equals(value, keyValues[i + 1], StringComparison.OrdinalIgnoreCase)) {
matches = false;
break;
}
}
if (matches) {
return element;
}
}
}
return null;
}
}
Imports System
Imports System.Text
Imports Microsoft.Web.Administration
Module Sample
Sub Main()
Dim serverManager As ServerManager = New ServerManager
Dim config As Configuration = serverManager.GetApplicationHostConfiguration
Dim sitesSection As ConfigurationSection = config.GetSection("system.applicationHost/sites")
Dim sitesCollection As ConfigurationElementCollection = sitesSection.GetCollection
Dim siteElement As ConfigurationElement = FindElement(sitesCollection, "site", "name", "MyFTPSite")
If (siteElement Is Nothing) Then
Throw New InvalidOperationException("Element not found!")
End If
Dim ftpServerElement As ConfigurationElement = siteElement.GetChildElement("ftpServer")
Dim securityElement As ConfigurationElement = ftpServerElement.GetChildElement("security")
Dim customAuthorizationElement As ConfigurationElement = securityElement.GetChildElement("customAuthorization")
Dim providerElement As ConfigurationElement = customAuthorizationElement.GetChildElement("provider")
providerElement("name") = "MyProvider"
providerElement("enabled") = true
serverManager.CommitChanges
End Sub
Private Shared Function FindElement(ByVal collection As ConfigurationElementCollection, ByVal elementTagName As String, ParamArray ByVal keyValues() As String) As ConfigurationElement
For Each element As ConfigurationElement In collection
If String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase) Then
Dim matches As Boolean = true
Dim i As Integer = 0
Do While (i < keyValues.Length)
Dim o As Object = element.GetAttributeValue(keyValues(i))
Dim value As String = Nothing
If (Not (o) Is Nothing) Then
value = o.ToString
End If
If Not String.Equals(value, keyValues((i + 1)), StringComparison.OrdinalIgnoreCase) Then
matches = false
Exit For
End If
i = (i + 2)
Loop
If matches Then
Return element
End If
End If
Next
Return Nothing
End Function
End Module
var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";
var sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST");
var sitesCollection = sitesSection.Collection;
var siteElementPos = FindElement(sitesCollection, "site", ["name", "MyFTPSite"]);
if (siteElementPos == -1) throw "Element not found!";
var siteElement = sitesCollection.Item(siteElementPos);
var ftpServerElement = siteElement.ChildElements.Item("ftpServer");
var securityElement = ftpServerElement.ChildElements.Item("security");
var customAuthorizationElement = securityElement.ChildElements.Item("customAuthorization");
var providerElement = customAuthorizationElement.ChildElements.Item("provider");
providerElement.Properties.Item("name").Value = "MyProvider";
providerElement.Properties.Item("enabled").Value = true;
adminManager.CommitChanges();
function FindElement(collection, elementTagName, valuesToMatch) {
for (var i = 0; i < collection.Count; i++) {
var element = collection.Item(i);
if (element.Name == elementTagName) {
var matches = true;
for (var iVal = 0; iVal < valuesToMatch.length; iVal += 2) {
var property = element.GetPropertyByName(valuesToMatch[iVal]);
var value = property.Value;
if (value != null) {
value = value.toString();
}
if (value != valuesToMatch[iVal + 1]) {
matches = false;
break;
}
}
if (matches) {
return i;
}
}
}
return -1;
}
Set adminManager = CreateObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST"
Set sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST")
Set sitesCollection = sitesSection.Collection
siteElementPos = FindElement(sitesCollection, "site", Array ("name", "MyFTP"))
if (siteElementPos = -1) THEN throw "Element not found!"
Set siteElement = sitesCollection.Item(siteElementPos)
Set ftpServerElement = siteElement.ChildElements.Item("ftpServer")
Set securityElement = ftpServerElement.ChildElements.Item("security")
Set customAuthorizationElement = securityElement.ChildElements.Item("customAuthorization")
Set providerElement = customAuthorizationElement.ChildElements.Item("provider")
providerElement.Properties.Item("name").Value = "MyProvider1"
providerElement.Properties.Item("enabled").Value = true
adminManager.CommitChanges()
Function FindElement(collection, elementTagName, valuesToMatch)
For i = 0 To CInt(collection.Count) - 1
Set element = collection.Item(i)
If element.Name = elementTagName Then
matches = True
For iVal = 0 To UBound(valuesToMatch) Step 2
Set property = element.GetPropertyByName(valuesToMatch(iVal))
value = property.Value
If Not IsNull(value) Then
value = CStr(value)
End If
If Not value = CStr(valuesToMatch(iVal + 1)) Then
matches = False
Exit For
End If
Next
If matches Then
Exit For
End If
End If
Next
If matches Then
FindElement = i
Else
FindElement = -1
End If
End Function
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='MyFTPSite']/ftpServer/security/customAuthorization/provider" -name "name" -value "MyProvider"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='MyFTPSite']/ftpServer/security/customAuthorization/provider" -name "enabled" -value "True"