how to use FTP SSL c#?
By using following code, My client application is connecting to the Secured FTP Server and pushing file up there successfully. Do you think the following approach is still leaving the security hole by accepting all the certificates. If so, can anybody help me out to pass the specific certificate from client i have on FTP server.
public bool UploadFile(string FileName)
{
string ftpServerIP = FTPServer;
string ftpUserID = FTPUser;
string ftpPassword = FTPPwd;
FileInfo fileInf = new FileInfo(FileName);
string uri = "ftp://" + ftpServerIP + "/" + fileInf.Name;
FtpWebRequest reqFTP;
// Create FtpWebRequest object from the Uri provided
reqFTP = (FtpWebRequest)FtpWebRequest.Create(uri); //new Uri("ftp://" + ftpServerIP + DestinationFolder + fileInf.Name));
//Enable SSL
reqFTP.EnableSsl = true;
// Provide the WebPermission Credintials
reqFTP.Credentials = new NetworkCredential(ftpUserID, ftpPassword);
// By default KeepAlive is true, where the control connection is not closed after a command is executed.
reqFTP.KeepAlive = false;
//reqFTP.UsePassive = true;
// Specify the command to be executed.
reqFTP.Method = WebRequestMethods.Ftp.UploadFile;
//SSL Certificate
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);
// Specify the data transfer type.
reqFTP.UseBinary = true;
// Notify the server about the size of the uploaded f开发者_如何学Pythonile
reqFTP.ContentLength = fileInf.Length;
// The buffer size is set to 2kb
int buffLength = 2048;
byte[] buff = new byte[buffLength];
int contentLen;
// Opens a file stream (System.IO.FileStream) to read the file to be uploaded
FileStream fs = fileInf.OpenRead();
try
{
// Stream to which the file to be upload is written
Stream strm = reqFTP.GetRequestStream();
// Read from the file stream 2kb at a time
contentLen = fs.Read(buff, 0, buffLength);
// Till Stream content ends
while (contentLen != 0)
{
// Write Content from the file stream to the FTP Upload Stream
strm.Write(buff, 0, contentLen);
contentLen = fs.Read(buff, 0, buffLength);
}
// Close the file stream and the Request Stream
strm.Close();
fs.Close();
return true;
}
catch (Exception ex)
{
return false;
}
}
public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true;
}
One suggestion is to look at ServicePointManager.ServerCertificateValidationCallback
Here is a blog posting that addresses Secure FTP and utilizes this method
If you trust the FTP server you're uploading your data to, then I don't see any real problems with bypassing the server certificate validation. However, If you want to validate the server certificate from the FTP server, then refer to the link that curtisk posted that contains an example on how to validate a server certificate.
精彩评论