IIS FTPS with client authentication and OneToOneMappings

cn flag

I'm trying to implement an FTPS service on Windows 10 (i know ... i know ...), with client certificate authentication and authorization (if possible)

Environment : Windows 10 LTSC 2019 (1809) IIS (version 10 normally) Self Signed Certificate (CA will be available later) PC-A > Will host FTPS service PC-B > Will generate certificates and execute FTP client

Certificate setup : On PC-A, root certificate creation (RootCert). Export public key from RootCert then import it on PC-B On PC-A, generate server auth certificate (ServCert) with RootCert as Signer, then import private key to PC-B On PC-A, generate client auth certificate (ClientCert) with RootCert as Signer.

IIS setup : At this moment, i don't have hands on my lab FTP site configured with anonymous (read/write permission) auth >> Working Configure FTPS by requiring SSL >> Working Require client authentication >> Working Map client authentication for authorization based on mapped user >> Not Working

OneToOneMapping is mapping ClientCert signature to local user ftpwrite.

I removed NTFS permissions on my FTP folder (only leaving System and Administrators permissions), giving specific permission to ftpwrite account

Result, I can connect and have a write permission. But I cannot modify, create or delete content.

For me, OneToOneMapping is here to connect a client certificate to an account. That will allow to manage authorization.

Do I miss something ? or misinterpret the functionality ? Is there a specific log to know if the mapping is successful ?



Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.