Using FtpWebRequest to do FTP over SSL
Last few weeks we were busy to get Whidbey Beta-2 bits ready for release.
If you are looking for some API where your application could talk to a FTP server, which supports SSL. FtpWebRequest under System.Net namespace is your solution. Here I will just point to SSL specific features of the class
Enabling FtpWebrequest to use Ssl is pretty simple, you just need to set EnableSsl flag before calling GetResponse() or GetRequestStream() on the FtpWebRequest object.
FtpWebRequest request = WebRequest.Create(ftp://myftpserver/dir/filename);
request.Method = WebRequestMethods.Ftp.DownloadFile;
request.EnableSsl = true; // Here you enabled request to use ssl instead of clear text
WebResponse response = request.GetResponse();
Some people asked me why FtpWebRequest support "ftps:" protocol based uri similar to "https:", the reason is there is no standard "ftps" scheme specified (yet) and ftp-over-ssl mechanism actually does not demand dedicated port for ssl, you could do it on the same server port on which you are doing regular clear text ftp. It depends on server configuration choice to force the SSL or allow both.
Once you start doing Ftp over SSL there are two important things you will need to know
Validating Server Certificate
If you were old WebRequest user, you might already know about using ServicePointManager.CertificatePolicy for https server certificate validation. In whidbey you will notice the compiler warning saying ServicePointManager.CertificatePolicy is obsolete and replaced with ServicePointManager.ServerCertificateValidationCallback which is delegate of type RemoteCertificateValidationDelegate. New delegate provide better programming model with all certificate errors reported in a single callback and you will also get instance of X509Chain object, which allow you to make decision on certificate chain.
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(myCertificateValidation);
Actual method will look as below
public bool myCertificateValidation(Object sender,
X509Certificate cert,
X509Chain chain,
SslPolicyErrors Errors)
{ return (certificate.GetName() == "my_trusted_name"); }; //Just an example, not real world scenaio
:) Another additional advantage you can take with delegate is from anonymous method support of C# 2.0, especially if you have very simple 1-2 line certificateplicy to implement, see follwing example.
ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{ return (certificate.GetName() == "my_trusted_name"); }; //Just an example, not real world scenaio
Using Client Certificate
Using Client certificate based authentication when connecting to FTP-SSL is no different then existing HttpWebRequest. You just need to assign appropriate X509Certificate instance to the request object before making GetResponse() or GetRequestStream() call.
This posting is provided "AS IS" with no warranties, and confers no rights
Comments
Anonymous
January 23, 2006
The comment has been removedAnonymous
June 22, 2006
while using SSL(request.EnableSsl = True), the following error occurs: The remote server returned an error: (530) Not logged inAnonymous
September 11, 2006
Hi,
I'd like an information: enabling the EnableSsl, it'll make work the FTP connection as a SFTP connection
http://en.wikipedia.org/wiki/SSH_file_transfer_protocol
or not?
If the answer is no, have you got some reference on how I might do it? ;)Anonymous
September 15, 2006
Actually current SSL support on ftp does not include SSH FTP. Currently it is based on ftps mentioned in http://en.wikipedia.org/wiki/FTPS, which is basically FTP over SSL/TLS. Future versions of FtpWebRequest may support SSH/FTP.Anonymous
September 15, 2006
I have looked at your sample code how do you implent this in a solutionAnonymous
October 10, 2006
What other options available to to SFTP using .Net? Thanks, NavneetAnonymous
October 25, 2006
Until .net frameworks 3.0, there is no API available in .net frameworks. There may be some third party options available. (Ex. one I came across is http://www.jscape.com/articles/sftp_using_csharp.html). I could not get chance to try any of them, so can not recommend any from my side.Anonymous
November 08, 2006
Hi,I'm using exactly the same code, but when I send a RETR to the FTP server the FTP server thinks its a GET instead.I've check the FTPWebRequest method and it thinks it's a RETR because of the URI.I've tried it with other ftp servers and still nothing.Help..pleaseSquishAnonymous
March 23, 2007
The comment has been removedAnonymous
April 23, 2007
The comment has been removedAnonymous
July 19, 2007
I am trying to call a web service over https that has an invalid ssl cert. The .Net 2.0 framework throws an "unable to connect to remote host" error every time I try to call a method on the web service. How do I override this. Here is my code:ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate; hew.apshealthcare.healtheweb_test.HealthEWebService webservice = new hew.apshealthcare.healtheweb_test.HealthEWebService(); DataSet ds = webservice.GetEligibleFamilyMembers(this.tbMemberId.Text); this.GridView1.DataSource = ds; this.GridView1.DataBind(); } public static bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }Anonymous
August 20, 2007
after enabling Enablessl property it gives an exception on request.GetResponse(); error(500): unrecognized command.Anonymous
September 19, 2007
The comment has been removedAnonymous
November 02, 2007
Does anyone know if this works with RaidenFTPD ftp server ssl connection?Anonymous
January 02, 2008
I would like to know is there any way we can implement FTPS in implicit mode.Anonymous
February 21, 2008
Hi,Does anybody have sample that works ?Anonymous
March 06, 2008
If u don't want to answer why u create this blogAnonymous
April 23, 2008
Perhaps you are trying to connect FTP port. FTPS port is different. Try putting correct SSL FTP port.Anonymous
May 05, 2008
The comment has been removedAnonymous
July 25, 2008
This is a current compile of the team's existing blogs on FtpWebRequest. I am going to update it periodicallyAnonymous
August 28, 2008
This is an error when I call function reqFTP.GetRequestStream()"A call to SSPI failed, see inner exception."and this is innner exception message "The message received was unexpected or badly formatted"Anonymous
September 03, 2008
try this .. ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); { FtpWebResponse response = (FtpWebResponse)reqFTP.GetResponse();}Anonymous
September 03, 2008
try this ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); { FtpWebResponse response = (FtpWebResponse)reqFTP.GetResponse();}Anonymous
November 18, 2008
Thanks for the post. It helped me a lot!Anonymous
November 24, 2008
hey I had the same issue, but i was able to get this solved using the content in following postinghttp://www.codeguru.com/csharp/.net/net_security/authentication/article.php/c15051Anonymous
November 24, 2008
hey I had the same issue, but i was able to get this solved using the content in following postinghttp://www.codeguru.com/csharp/.net/net_security/authentication/article.php/c15051Anonymous
November 24, 2008
http://www.codeguru.com/csharp/.net/net_security/authentication/article.php/c15051Anonymous
January 04, 2009
Hm. im scratching my hair off. Why wont FtpWebRequest.EnableSsl=true; work? Anyone got some ideas why it wont work? It seems like its a big problem noone can sove.RegardsAnonymous
January 21, 2009
PingBack from http://www.keyongtech.com/679888-reg-sslAnonymous
March 26, 2009
I tried this and it worked, but the enablessl flag must be set to true right after you create the ftpwebrequest and before sending the network credential.Anonymous
June 13, 2009
PingBack from http://hairgrowthproducts.info/story.php?id=2245