Introduction
Microsoft has created a new FTP service that has been completely rewritten for Windows Server® 2008. This new FTP service incorporates many new features that enable web authors to publish content better than before, and offers web administrators more security and deployment options.
One of the features of the new FTP service is the ability to configure virtual host names, which enables web hosters to configure multiple FTP sites on a single IP address. This document walks you through creating two FTP sites with unique virtual host names in two ways: using the new FTP user interface and by directly editing the IIS 7.0 configuration files. It contains:
Note: This walk-through contains a series of steps in which you log in to your FTP site using the local administrator account. These steps should only be followed on the server itself using the loopback address or over SSL from a remote server. If you prefer to use a separate user account instead of the administrator account, you will need to create the appropriate folders and set the correct permissions for that user account when necessary.
Prerequisites
You must install the following items to complete the procedures in this article:
- IIS 7.0 must be installed on your Windows Server 2008, and the Internet Information Services Manager must be installed.
- The new FTP service. You can download and install the FTP service from the http://www.iis.net/ web site using one of the following links:
- You will need to create root folders for the FTP sites:
- "%SystemDrive%\inetpub\www.example.com"
- "%SystemDrive%\inetpub\www.contoso.com"
Creating Two Hostname-based FTP Sites Using the IIS 7.0 Manager
Step 1: Use the FTP Site Wizard to Create the First FTP Site
In this first step, we create a new FTP site using a unique virtual host name.
- Open the Internet Information Services (IIS) Manager. In the Connections pane, click the Sites node in the tree.
- Right-click the Sites node in the tree and click Add FTP Site, or click Add FTP Site in the Actions pane.
- When the Add FTP Site wizard displays:
- Enter "www.example.com" in the FTP site name box.
- Navigate to the "%SystemDrive%\inetpub\www.example.com" folder that you created in the Prerequisites section. Note: If you choose to type in the path to your content folder, you can use environment variables in your paths.
- Click Next.
- On the next page of the wizard:
- Choose an IP address for your FTP site from the IP Address drop-down, or choose to accept the default selection of "All Unassigned." Because you will be using the administrator account later in this walk-through, make sure that you restrict access to the server and enter the local loopback IP address for your computer by typing "127.0.0.1" in the IP Address box.
- You would normally enter the TCP/IP port for the FTP site in the Port box. For this walk-through, you will choose to accept the default port of 21.
- Enter "www.example.com" in the Virtual Host box.
- Make sure that the SSL Certificate drop-down is set to "Not Selected" and that the Allow SSL option is selected.
- Click Next.
- On the next page of the wizard:
- In Authentication settings, select Basic.
- In Authorization settings:
- Choose "Specified users" from the Allow access to drop-down.
- Type "administrator" for the user name in the field below.
- In the Permissions option, select read and Write.
- Click Finish.
Summary
You have successfully created a new FTP site using the new FTP service. To recap the items that you completed in this step:
- You created a new FTP site named "www.example.com", with the site's content root at "%SystemDrive%\inetpub\www.example.com".
- You bound the FTP site to the local loopback address for your computer on port 21 using "www.example.com" as the virtual host name.
- You enabled Basic Authentication and created an authorization rule for the local administrator account for Read and Write access.
Step 2: Use the FTP Site Wizard to Create the Second FTP Site
In this second step, we create another new FTP site using a unique virtual host name.
- Open the Internet Information Services (IIS) Manager. In the Connections pane, click the Sites node in the tree.
- Right-click the Sites node in the tree and click Add FTP Site, or click Add FTP Site in the Actions pane.
- When the Add FTP Site wizard appears:
- Enter "www.contoso.com" in the FTP site name box.
- Navigate to the "%SystemDrive%\inetpub\www.contoso.com" folder that you created in the Prerequisites section. Note: If you choose to type in the path to your content folder, you can use environment variables in your paths.
- Click Next.
- On the next page of the wizard:
- Choose an IP address for your FTP site from the IP Address drop-down, or choose to accept the default selection of "All Unassigned." Because you will be using the administrator account later in this walk-through, make sure that you restrict access to the server and enter the local loopback IP address for your computer by typing "127.0.0.1" in the IP Address box.
- You would normally enter the TCP/IP port for the FTP site in the Port box. For this walk-through, choose to accept the default port of 21.
- Enter "www.contoso.com" in the Virtual Host box.
- In the SSL Certificates drop-down, choose "Not Selected" and select the Allow SSL radio button.
- Click Next.
- On the next page of the wizard:
- In Authentication settings, select Basic.
- In Authorization settings:
- Choose "Specified users" from the Allow access to drop-down.
- Type "administrator" for the user name in the field below.
- In the Permissions option, select read and Write.
- Click Finish.
Summary
You have successfully created a new FTP site using the new FTP service. To recap the items that you completed in this step:
- You created a new FTP site named "www.contoso.com", with the site's content root at "%SystemDrive%\inetpub\www.contoso.com".
- You bound the FTP site to the local loopback address for your computer on port 21 using "www.contoso.com" as the virtual host name.
- You enabled Basic Authentication and created an authorization rule for the local administrator account for Read and Write access.
Step 3: Logging in to Your FTP Site
In Steps 1 and 2, you created two FTP sites using unique virtual host names and configured the security settings to allow only the administrator account to log in. In this step, you log in using your administrator account.
Note: In this step, you log in to your FTP site using the local administrator account. When creating the FTP sites in Steps 1 and 2, we bound the FTP sites to the local loopback IP address. If you did not use the local loopback address, use SSL to protect your account settings. If you prefer to use a separate user account instead of the administrator account, set the correct permissions for that user account for the appropriate folders.
Logging in to the First FTP Site Using Your Administrator Account
- On your FTP server, open a command prompt session.
- Type the following command to connect to your FTP server:
FTP 127.0.0.1
- When prompted for a user name, enter the "www.example.com" virtual host name followed by the vertical line (|) character.
For example: "www.example.com|administrator"
- When prompted for a password, enter your administrator password.
- You should now be logged in to the "www.example.com" FTP site as the local administrator.
Logging in to the Second FTP Site Using Your Administrator Account
- On your FTP server, open a command prompt session.
- Type the following command to connect to your FTP server:
FTP 127.0.0.1
- When prompted for a user name, enter the "www.contoso.com" virtual host name followed by the vertical line (|) character.
For example: "www.contoso.com|administrator"
- When prompted for a password, enter your administrator password.
- You should now be logged in to the "www.contoso.com" FTP site as the local administrator.
Creating Virtual Host FTP Sites by Editing the IIS 7.0 Configuration Files
You can also create FTP sites for the new FTP service by editing the IIS 7.0 configuration files.
Note: Editing your applicationHost.config file requires full administrative permissions. Use one of two methods:
- Log in to your computer using the local "administrator" account.
Or
- If you are logged in using an account with administrative permissions that is not the local "administrator" account, open Notepad using the "Run as Administrator" option.
Note: One of the above steps is required because the User Account Control (UAC) security component in the Windows Vista and Windows Server 2008 operating systems prevents access to your applicationHost.config file. For more information about UAC, please see the following documentation:
The following steps walks you through all of the required settings to create a new FTP site from scratch.
- Using a text editor such as Windows Notepad, open your applicationHost.config file, which is located in your %SystemRoot%\System32\inetsrv\config folder by default.
- Locate the <sites> section. Add the first FTP site inside the <sites> using syntax similar to the following. Note: You may need to choose a different number than "2" for the site ID if any site is currently using that site identifier.
<site name="www.example.com" id="2">
<application path="/">
<virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\www.example.com" />
</application>
<bindings>
<binding protocol="ftp" bindingInformation="127.0.0.1:21:www.example.com" />
</bindings>
<ftpServer>
<security>
<ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
<authentication>
<basicAuthentication enabled="true" />
</authentication>
</security>
</ftpServer>
</site>
- Add the second FTP site inside the <sites> using syntax similar to the following. Note: You may need to choose a different number than "3" for the site ID if any site is currently using that site identifier.
<site name="www.contoso.com" id="3">
<application path="/">
<virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\www.contoso.com" />
</application>
<bindings>
<binding protocol="ftp" bindingInformation="127.0.0.1:21:www.contoso.com" />
</bindings>
<ftpServer>
<security>
<ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
<authentication>
<basicAuthentication enabled="true" />
</authentication>
</security>
</ftpServer>
</site>
- Scroll to the bottom of your applicationHost.config file and add location sections for both of your FTP sites that contain your authorization settings. Note: As shown in this example, the authorization settings for the FTP sites are configured per URL, and these settings specifically enable Read/Write permissions for the administrator account.
<location path="www.example.com">
<system.ftpServer>
<security>
<authorization>
<add accessType="Allow" users="administrator" permissions="Read, Write" />
</authorization>
</security>
</system.ftpServer>
</location>
<location path="www.contoso.com">
<system.ftpServer>
<security>
<authorization>
<add accessType="Allow" users="administrator" permissions="Read, Write" />
</authorization>
</security>
</system.ftpServer>
</location>
- Save your applicationHost.config file.
You should now be able to log in to your newly created FTP sites using an FTP client. For additional details, see the Step 3: Logging in to Your FTP Site section of this walk-through.
Summary
To recap the items that you completed in this step:
- You created two FTP sites named "www.example.com" and "www.contoso.com", with the sites' respective content roots at:
- "%SystemDrive%\inetpub\www.example.com"
- "%SystemDrive%\inetpub\www.contoso.com".
- You bound both FTP sites to the local loopback IP address for your computer on port 21 using "www.example.com" and "www.contoso.com" as the virtual host names.
- You enabled Basic Authentication and created an authorization rule for the local administrator account for Read and Write access for each site.
Related Content
Comments