使用C#.Net通过FTPS(SSL/TLS)传输文件
我正在编写一个通过FTP站点同步文件的应用程序。目前它通过普通FTP进行连接,但现在我们的IT人员希望通过安全的FTPS连接进行设置。使用C#.Net通过FTPS(SSL/TLS)传输文件
他们向我提供了* .cr_证书文件。如果我在记事本中打开文件,我会看到类似的东西(但显然,真正的键不是foobar)。
-----BEGIN RSA PRIVATE
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR
-----END CERTIFICATE-----
如何使用此证书文件连接到FTPS服务器上传和下载文件?请原谅我,但我很新的,涉及在网络上传输的文件,安全的连接,证书,公钥,私钥等...等什么...
我想我会想使用的FtpWebRequest对象并将EnableSsl属性设置为true。但我不确定这个证书文件在哪里发挥作用。
This article解释了如何使用源代码。
这篇文章的目的是在安全模式下创建一个C#的FTP客户端,所以如果你没有FTPS的很多知识,我建议你看看这个:FTPS。
在.NET Framework中,要以FTPS模式上传文件,我们通常使用FtpWebRequest类,但不能使用引号参数发送命令,即使您在网上搜索,也不会找到具体的一个安全的C#FTP客户端的例子。
这是由于这些原因,我决定创建这篇文章。
如果您使用FtpWebRequest Class,则只需在请求的设置中添加一些内容即可。一定要包括using System.Security.Cryptography.X509Certificates;声明。
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(ftpUrl);
request.Credentials = new NetworkCredential(userName, password);
request.EnableSsl = true;
//ServicePointManager.ServerCertificateValidationCallback = ServicePointManager_ServerCertificateValidationCallback;
X509Certificate cert = X509Certificate.CreateFromCertFile(@"C:\MyCertDir\MyCertFile.cer");
X509CertificateCollection certCollection = new X509CertificateCollection();
certCollection.Add(cert);
request.ClientCertificates = certCollection;
此外,如果你有,你可能需要实现与ServicePointManager.ServerCertificateValidationCallback Property使用自己的证书验证回调方法的证书生成异常问题。这可以简单一如既往返回true或更复杂的像我用于调试:
public static bool ServicePointManager_ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
bool allowCertificate = true;
if (sslPolicyErrors != SslPolicyErrors.None)
{
Console.WriteLine("Accepting the certificate with errors:");
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch)
{
Console.WriteLine("\tThe certificate subject {0} does not match.", certificate.Subject);
}
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors)
{
Console.WriteLine("\tThe certificate chain has the following errors:");
foreach (X509ChainStatus chainStatus in chain.ChainStatus)
{
Console.WriteLine("\t\t{0}", chainStatus.StatusInformation);
if (chainStatus.Status == X509ChainStatusFlags.Revoked)
{
allowCertificate = false;
}
}
}
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable)
{
Console.WriteLine("No certificate available.");
allowCertificate = false;
}
Console.WriteLine();
}
return allowCertificate;
}
你能解释一下这部分“X509Certificate cert = X509Certificate.CreateFromCertFile(@”C:\ MyCertDir \ MyCertFile.cer“);”我是否需要本地证书才能访问FTPS? – Reynan 2017-04-24 12:59:58
@Reynan OP的问题是如何使用颁发给他并存储在文件中的证书向FTPS服务器验证其客户端应用程序。对于只通过用户名和密码验证用户的FTPS,这不是必需的。为了您的目的,请参阅http://*.com/questions/9099738/upload-file-to-secured-ftp-in-asp-net。 – JamieSee 2017-04-25 20:53:07
我看那篇文章和源代码的副本。但我无法弄清楚我会在这个证书文件中添加什么。 – 2009-10-08 02:16:21
谢谢Eric J,我的行为与原始海报有相同的问题,那就是我正在使用的代码(您链接的代码)....仍然试图弄清楚如何将我的“主机密钥”传递给该代码。 – ganders 2012-08-20 16:09:39