使用C＃.Net通過FTPS（SSL/TLS）傳輸文件

Question

我正在編寫一個通過FTP站點同步文件的應用程序。目前它通過普通FTP進行連接，但現在我們的IT人員希望通過安全的FTPS連接進行設置。

他們向我提供了* .cr_證書文件。如果我在記事本中打開文件，我會看到類似的東西（但顯然，真正的鍵不是foobar）。

-----BEGIN RSA PRIVATE 
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR 
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
-----END RSA PRIVATE KEY----- 
-----BEGIN CERTIFICATE----- 
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR  
-----END CERTIFICATE----- 

如何使用此證書文件連接到FTPS服務器上傳和下載文件？請原諒我，但我很新的，涉及在網絡上傳輸的文件，安全的連接，證書，公鑰，私鑰等...等什麼...

我想我會想使用的FtpWebRequest對象並將EnableSsl屬性設置爲true。但我不確定這個證書文件在哪裏發揮作用。

Answer 1

This article解釋瞭如何使用源代碼。

這篇文章的目的是在安全模式下創建一個C＃的FTP客戶端，所以如果你沒有FTPS的很多知識，我建議你看看這個：FTPS。

在.NET Framework中，要以FTPS模式上傳文件，我們通常使用FtpWebRequest類，但不能使用引號參數發送命令，即使您在網上搜索，也不會找到具體的一個安全的C＃FTP客戶端的例子。

這是由於這些原因，我決定創建這篇文章。

Answer 2

如果您使用FtpWebRequest Class，則只需在請求的設置中添加一些內容即可。一定要包括using System.Security.Cryptography.X509Certificates;聲明。

FtpWebRequest request = (FtpWebRequest)WebRequest.Create(ftpUrl); 
    request.Credentials = new NetworkCredential(userName, password); 

    request.EnableSsl = true; 
    //ServicePointManager.ServerCertificateValidationCallback = ServicePointManager_ServerCertificateValidationCallback; 

    X509Certificate cert = X509Certificate.CreateFromCertFile(@"C:\MyCertDir\MyCertFile.cer"); 
    X509CertificateCollection certCollection = new X509CertificateCollection(); 
    certCollection.Add(cert); 

    request.ClientCertificates = certCollection; 

此外，如果你有，你可能需要實現與ServicePointManager.ServerCertificateValidationCallback Property使用自己的證書驗證回調方法的證書生成異常問題。這可以簡單一如既往返回true或更復雜的像我用於調試：

public static bool ServicePointManager_ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) 
    { 
     bool allowCertificate = true; 

     if (sslPolicyErrors != SslPolicyErrors.None) 
     { 
      Console.WriteLine("Accepting the certificate with errors:"); 
      if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch) 
      { 
       Console.WriteLine("\tThe certificate subject {0} does not match.", certificate.Subject); 
      } 

      if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors) 
      { 
       Console.WriteLine("\tThe certificate chain has the following errors:"); 
       foreach (X509ChainStatus chainStatus in chain.ChainStatus) 
       { 
        Console.WriteLine("\t\t{0}", chainStatus.StatusInformation); 

        if (chainStatus.Status == X509ChainStatusFlags.Revoked) 
        { 
         allowCertificate = false; 
        } 
       } 
      } 

      if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable) 
      { 
       Console.WriteLine("No certificate available."); 
       allowCertificate = false; 
      } 

      Console.WriteLine(); 
     } 

     return allowCertificate; 
    }