Default FTP Custom Authorization Provider <provider>


The <customAuthorization> element specifies the default settings for custom authorization of FTP sites. This form of authorization uses custom authorization providers to validate user access.

If you enable a custom authorization provider, the built-in authorization provider will not be used, and you will not be able to manually add an allow rule or a deny rule to the configuration.

For information about how to create a custom provider, see How to Use Managed Code (C#) to Create a Simple FTP Home Directory Provider.


Version Notes
IIS 10.0 The <provider> element was not modified in IIS 10.0.
IIS 8.5 The <provider> element was not modified in IIS 8.5.
IIS 8.0 The <provider> element was introduced in IIS 8.0.
IIS 7.5 N/A
IIS 7.0 N/A
IIS 6.0 N/A


To support FTP authorization using a custom provider on your Web server, you must install the FTP Service with FTP Extensibity.

Windows Server 2012

  1. Press the Windows logo key, and then click Server Manager.
  2. In Server Manager, click Manage and then click Add Roles and Features.
  3. In the Add Roles and Features wizard:

    • On the Before You Begin page, click Next.
    • On the Installation Type page, select the installation type, and then click Next.
    • On the Server Selection page, select the appropriate server, and then click Next.
    • On the Server Roles page, ensure that Web Server (IIS) is selected, and then expand it.
    • Expand FTP Server, then select both FTP Service and FTP Extensibility, and then click Next.
    • On the Features page, click Next.
    • On the Confirm Installation Selections page, click Install.
    • On the Results page, click Close.

Windows 8

  1. Open the Windows Control Panel.
  2. In the Windows Control Panel, open Programs and Features.
  3. In Programs and Features, click Turn Windows features on or off.
  4. In the Windows Features dialog box, expand Internet Information Services, and then expand FTP Server.
  5. Under FTP Server, select FTP Service and FTP Extensibility, and then click OK.

How To

How to configure default FTP authorization based upon a custom provider

  1. Open Internet Information Services (IIS) Manager:

    • If you are using Windows Server 2012 or later:

      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows 8 or later:

      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, select the server name.
  3. In the Home pane, double-click the FTP Authorization Rules feature.
  4. In the Actions pane, click Edit Feature settings.
  5. In the Authorization Feature Settings dialog box, select Choose a custom authorization provider to enable FTP authorization by a custom provider. In the associated drop-down list, select a custom provider from the list.


    When a custom FTP authorization provider has been enabled, the FTP Authorization Rules feature is disabled.

  6. Click OK.


The <provider> child element of the default FTP <customAuthorization> element is configured at the server level.


Attribute Description
name Optional string attribute.

Specifies the name of the custom provider that will be used as the default for FTP authorization.
enabled Optional Boolean attribute.

Enables the custom provider to be used as the default for FTP authorization.

The default is True.

Child Elements


Configuration Sample

The following sample displays a <provider> element.

Configuration Samples

The following sample displays a <customAuthorization> element with a <provider> child element:

            <provider name="MyProvider" enabled="true" />

Sample Code

The following code samples configure a default custom FTP authorization provider.


appcmd.exe set config -section:system.applicationHost/sites /"MyCustomProvider" /commit:apphost

appcmd.exe set config -section:system.applicationHost/sites /"True" /commit:apphost


You must be sure to set the commit parameter to apphost when using AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.


using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample {

    private static void Main() {
        using(ServerManager serverManager = new ServerManager()) { 
            Configuration config = serverManager.GetApplicationHostConfiguration();
            ConfigurationSection sitesSection = config.GetSection("system.applicationHost/sites");
            ConfigurationElement siteDefaultsElement = sitesSection.GetChildElement("siteDefaults");
            ConfigurationElement ftpServerElement = siteDefaultsElement.GetChildElement("ftpServer");
            ConfigurationElement securityElement = ftpServerElement.GetChildElement("security");
            ConfigurationElement customAuthorizationElement = securityElement.GetChildElement("customAuthorization");
            ConfigurationElement providerElement = customAuthorizationElement.GetChildElement("provider");
            providerElement["name"] = @"MyCustomProvider";
            providerElement["enabled"] = true;


Imports System
Imports System.Text
Imports Microsoft.Web.Administration
Module Sample
     Sub Main()
         Dim serverManager As ServerManager = New ServerManager
         Dim config As Configuration = serverManager.GetApplicationHostConfiguration
         Dim sitesSection As ConfigurationSection = config.GetSection("system.applicationHost/sites")
         Dim siteDefaultsElement As ConfigurationElement = sitesSection.GetChildElement("siteDefaults")
         Dim ftpServerElement As ConfigurationElement = siteDefaultsElement.GetChildElement("ftpServer")
         Dim securityElement As ConfigurationElement = ftpServerElement.GetChildElement("security")
         Dim customAuthorizationElement As ConfigurationElement = securityElement.GetChildElement("customAuthorization")
         Dim providerElement As ConfigurationElement = customAuthorizationElement.GetChildElement("provider")
         providerElement("name") = "MyCustomProvider"
         providerElement("enabled") = true
     End Sub
 End Module


var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";

var sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST");
var siteDefaultsElement = sitesSection.ChildElements.Item("siteDefaults");
var ftpServerElement = siteDefaultsElement.ChildElements.Item("ftpServer");
var securityElement = ftpServerElement.ChildElements.Item("security");
var customAuthorizationElement = securityElement.ChildElements.Item("customAuthorization");
var providerElement = customAuthorizationElement.ChildElements.Item("provider");
providerElement.Properties.Item("name").Value = "MyCustomProvider";
providerElement.Properties.Item("enabled").Value = true;



Set adminManager = CreateObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST"

Set sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST")
Set siteDefaultsElement = sitesSection.ChildElements.Item("siteDefaults")
Set ftpServerElement = siteDefaultsElement.ChildElements.Item("ftpServer")
Set securityElement = ftpServerElement.ChildElements.Item("security")
Set customAuthorizationElement = securityElement.ChildElements.Item("customAuthorization")
Set providerElement = customAuthorizationElement.ChildElements.Item("provider")
providerElement.Properties.Item("name").Value = "MyCustomProvider"
providerElement.Properties.Item("enabled").Value = true



Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.applicationHost/sites/siteDefaults/ftpServer/security/customAuthorization/provider" -name "name" -value "MyCustomProvider"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.applicationHost/sites/siteDefaults/ftpServer/security/customAuthorization/provider" -name "enabled" -value "True"