How to publish 2 WebDAV/ ftp sites- one secure and one open- in IIS 7.5.
Ideally, you’d have a server with at least 2 physical ethernet ports. It just makes mental mapping easier if you can visualize the “open” site going to one port and the “secure” site going to another although I can’t think why you couldn’t just assign multiple IP addresses to the same port. Create 3 file-system folders with appropriate name; one will be open, the others will be hidden behind SSL sites (you might think I’ve over-complicated this which is fair enough, but I will explain). Create 1 ftp site, 1 normal website (with WebDAV publishing), point them both at the “open” directory. By the time you’ve created fairly open rules (including WebDAV authoring rules) these 2 sites should work pretty easily. The data in here is supposed to be accessible by anyone, anywhere, using just one set of credentials.
The next bit is tricker. Under 1 of the 2 remaining folders, create a LocalUser folder and a <YourDomain> folder (by this I mean a folder named after your Active Directory NetBIOS domain, not your domain’s FQDN, although I have to say that I haven’t tested using an FQDN so don’t know if it would work). Point your secure ftp site to the top-level folder (the one that contains LocalUser and <YourDomain>. Any users local to the server automatically look for a folder with their name under LocalUser (this is with the most strict user isolation mode turned on). Any domain users look under <YourDomain>. If the folders aren’t there, login will fail because they have no home directory. Next, point a new WebDAV folde (running on 443) to the last of the “physical” folders. Obviously there’s nothing there. That’s ok; publish each user folder as a virtual folder under the WebDAV site. This should enable people to see the data as a network drive, but- from what I’ve seen- hides the user folders when your try to look at the site through a regular web browser.
I haven’t gone in to security a lot here (will do at some point) but (a) be really strict about NTFS permissions (b)test it; I found at one point that the configuration I had running allowed any authorized user to go in to the “secured” section and just do what they liked to anyone’s data, regardless of NTFS permissions.