I'm trying to implement an FTPS service on Windows 10 (i know ... i know ...), with client certificate authentication and authorization (if possible)
Environment :
- Windows 10 LTSC 2019 (1809)
- IIS (version 10 normally)
- Self Signed Certificate (CA will be available later)
- PC-A > Will host FTPS service
- PC-B > Will generate certificates and execute FTP client
Certificate setup :
- On PC-A, root certificate creation (RootCert), then import RootCert public key on PC-B
- On PC-A, generate server auth certificate (ServCert) with RootCert as Signer, then import private key to PC-B
- On PC-A, generate client auth certificate (ClientCert) with RootCert as Signer.
IIS setup :
(At this moment, i don't have hands on my lab)
- FTP site configured with anonymous (read/write permission) auth >> Working
- Configure FTPS by requiring SSL >> Working
- Require client authentication >> Working
- Map client authentication for authorization based on mapped user >> Not Working
OneToOneMapping is mapping ClientCert signature to local user ftpwrite.
I removed NTFS permissions on my FTP folder (only leaving System and Administrators permissions), giving specific permission to ftpwrite account
Result:
I can connect and have a write permission. But I cannot modify, create or delete content.
For me, OneToOneMapping is here to connect a client certificate to an account. That will allow to manage authorization.
Do I miss something ? or misinterpret the functionality ? Is there a specific log to know if the mapping is successful ?
R.L.