1

I've created a FTP-Publishing on our webserver and have a problem getting it to work. Some users get a 550 error on uploading files. Reading access seems to work because they can browse files.

For FTP-Authentification we've disabled anonymous and activated standard authenthification with our domain set as default domain.

FTP Authorizing is set to "all users" read/write access.

FTP Userisolation is set to "Username directory"

Now we've created a "domain-name" virtual directory pointing to a dummyftproot folder on the same level as wwwroot.

Under that virtual domain folder we create "username" virtual directories pointing to a folder on the CIFS share in our project. We set pass-through authentification to connect as application user.

Now I thought this would mean the application pool identity user is accessing the CIFS share and reads/writes to the folders. And not every user with his own account. Is this the case?

How can I monitor which user is actually accessing the share? I see my files written as my domain user.

How should this be configured to use the application pool identity instead?

Kind regards

spankmaster79
  • 121
  • 1
  • 9

2 Answers2

1

What permissions do you have set on the physical folder path? You've mentioned the FTP permissions, but no the NTFS perms you have set-up, could be possible the default of 'MACHINE\Users' has read access but not write.

You don't need to touch application pools, anyway application pools only apply to websites and not FTP servers, have I misunderstood that?

If you want to see what is happening on file access use ProcessMon this will show you everything that is happening and the result of this.

0x0000001E
  • 147
  • 6
  • authenticated user has only read access. The user that is used for the application pool has read/write access and then two admin groups – spankmaster79 Apr 15 '15 at 11:39
  • Using ProcessMon is a little tricky as a lot of information is shown that, but it did point into the right direction – spankmaster79 Apr 22 '15 at 07:41
  • You can set filters, so by directory or reply. That is to include or exclude. So you can ignore all `SUCCESS` and add in a path to `C:\inetpub\wwwroot` assuming that is your IIS location. – 0x0000001E Apr 27 '15 at 11:40
0

There are two solutions to this as I found out.

  1. Set correct permissions for every user accessing the file share if "Pass Through" Authentification is selected. Because then the username connecting to the FTP Server will be used to access the file share.

  2. Set a "specific user" whom has access to the file share with read/write access.

We ended up using the application pool identity user, because in our company we have a user for each website running the site.

spankmaster79
  • 121
  • 1
  • 9