Using FtpWebRequest to do FTP over SSL

Last few weeks we were busy to get Whidbey Beta-2 bits ready for release.

If you are looking for some API where your application could talk to a FTP server, which supports SSL. FtpWebRequest under System.Net namespace is your solution. Here I will just point to SSL specific features of the class

Enabling FtpWebrequest to use Ssl is pretty simple, you just need to set EnableSsl flag before calling GetResponse() or GetRequestStream() on the FtpWebRequest object. 

FtpWebRequest request = WebRequest.Create(ftp://myftpserver/dir/filename);
request.Method = WebRequestMethods.Ftp.DownloadFile;
request.EnableSsl = true; // Here you enabled request to use ssl instead of clear text
WebResponse response = request.GetResponse();

Some people asked me why FtpWebRequest support "ftps:" protocol based uri similar to "https:", the reason is there is no standard "ftps" scheme specified (yet) and ftp-over-ssl mechanism actually does not demand dedicated port for ssl, you could do it on the same server port on which you are doing regular clear text ftp. It depends on server configuration choice to force the SSL or allow both.

Once you start doing Ftp over SSL there are two important things you will need to know

Validating Server Certificate

If you were old WebRequest user, you might already know about using ServicePointManager.CertificatePolicy for https server certificate validation. In whidbey you will notice the compiler warning saying ServicePointManager.CertificatePolicy is obsolete and replaced with ServicePointManager.ServerCertificateValidationCallback which is delegate of type RemoteCertificateValidationDelegate. New delegate provide better programming model with all certificate errors reported in a single callback and you will also get instance of X509Chain object, which allow you to make decision on certificate chain. 

     ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(myCertificateValidation);

Actual method will look as below
public bool myCertificateValidation(Object sender,
X509Certificate cert,
X509Chain chain,
SslPolicyErrors Errors)
{ return (certificate.GetName() == "my_trusted_name"); }; //Just an example, not real world scenaio

:) Another additional advantage you can take with delegate is from anonymous method support of C# 2.0, especially if you have very simple 1-2 line certificateplicy to implement, see follwing example.

ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{ return (certificate.GetName() == "my_trusted_name"); }; //Just an example, not real world scenaio

Using Client Certificate

Using Client certificate based authentication when connecting to FTP-SSL is no different then existing HttpWebRequest. You just need to assign appropriate X509Certificate instance to the request object before making GetResponse() or GetRequestStream() call.

 

This posting is provided "AS IS" with no warranties, and confers no rights