使用 FluentFTP 连接到 FTPS(FTP 通过 SSL)
Connecting to FTPS (FTP over SSL) with FluentFTP
我在本地机器上使用 IIS 测试 FTP SSL 连接。我正在使用 FluentFTP 库连接到 FTP。我正在使用以下代码连接到服务器。
FtpClient conn = new FtpClient();
conn.Host = firewallSslDetails.Address;
conn.Credentials = new NetworkCredential(firewallSslDetails.UserName, firewallSslDetails.Password);
conn.SslProtocols = System.Security.Authentication.SslProtocols.Default;
X509Certificate2 cert = new X509Certificate2(@"C:\Users\BizTalk360\Desktop\FtpSites\ServerCert.cer");
conn.EncryptionMode = FtpEncryptionMode.Implicit;
conn.DataConnectionType = FtpDataConnectionType.AutoActive;
conn.DataConnectionEncryption = true;
conn.EnableThreadSafeDataConnections = false;
conn.ClientCertificates.Add(cert);
conn.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);
conn.Connect();
服务器返回给我时出现以下错误。
FluentFTP.FtpCommandException: Policy requires SSL.; Win32 error: Access is denied.; Error details: SSL policy requires SSL for control channel.;
对于通过 FTP 的连接,上述代码工作正常,而对于 FTP 使用 SSL 的连接则不起作用。
由于您似乎连接到默认端口 21(没有在任何地方指定显式端口),因此您需要使用“显式”模式:
conn.EncryptionMode = FtpEncryptionMode.Explicit;
如果服务器使用 self-signed 证书,您可能需要以编程方式验证它。不要像@Ivan 的回答那样盲目接受任何证书。那是一个安全漏洞。验证特定证书,例如通过检查其指纹。
参见FtpWebRequest "The remote certificate is invalid according to the validation procedure"。
//try this ,
var cl = new FtpClient(Server, Port, User, Password);
cl.EncryptionMode = FtpEncryptionMode.Implicit;
cl.DataConnectionType = FtpDataConnectionType.AutoPassive;
cl.DataConnectionEncryption = true;
cl.SslProtocols = protocol;
cl.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);
var cer = new X509Certificate2(certificate);
cl.ClientCertificates.Add(cer);
System.Net.ServicePointManager.ServerCertificateValidationCallback = ServerCertificateValidationCallback;
client.Connect();
void OnValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
// add logic to test if certificate is valid here
e.Accept = true;
}
private bool ServerCertificateValidationCallback(object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
return true;
}
我在本地机器上使用 IIS 测试 FTP SSL 连接。我正在使用 FluentFTP 库连接到 FTP。我正在使用以下代码连接到服务器。
FtpClient conn = new FtpClient();
conn.Host = firewallSslDetails.Address;
conn.Credentials = new NetworkCredential(firewallSslDetails.UserName, firewallSslDetails.Password);
conn.SslProtocols = System.Security.Authentication.SslProtocols.Default;
X509Certificate2 cert = new X509Certificate2(@"C:\Users\BizTalk360\Desktop\FtpSites\ServerCert.cer");
conn.EncryptionMode = FtpEncryptionMode.Implicit;
conn.DataConnectionType = FtpDataConnectionType.AutoActive;
conn.DataConnectionEncryption = true;
conn.EnableThreadSafeDataConnections = false;
conn.ClientCertificates.Add(cert);
conn.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);
conn.Connect();
服务器返回给我时出现以下错误。
FluentFTP.FtpCommandException: Policy requires SSL.; Win32 error: Access is denied.; Error details: SSL policy requires SSL for control channel.;
对于通过 FTP 的连接,上述代码工作正常,而对于 FTP 使用 SSL 的连接则不起作用。
由于您似乎连接到默认端口 21(没有在任何地方指定显式端口),因此您需要使用“显式”模式:
conn.EncryptionMode = FtpEncryptionMode.Explicit;
如果服务器使用 self-signed 证书,您可能需要以编程方式验证它。不要像@Ivan 的回答那样盲目接受任何证书。那是一个安全漏洞。验证特定证书,例如通过检查其指纹。
参见FtpWebRequest "The remote certificate is invalid according to the validation procedure"。
//try this ,
var cl = new FtpClient(Server, Port, User, Password);
cl.EncryptionMode = FtpEncryptionMode.Implicit;
cl.DataConnectionType = FtpDataConnectionType.AutoPassive;
cl.DataConnectionEncryption = true;
cl.SslProtocols = protocol;
cl.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);
var cer = new X509Certificate2(certificate);
cl.ClientCertificates.Add(cer);
System.Net.ServicePointManager.ServerCertificateValidationCallback = ServerCertificateValidationCallback;
client.Connect();
void OnValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
// add logic to test if certificate is valid here
e.Accept = true;
}
private bool ServerCertificateValidationCallback(object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
return true;
}