Is there a way to use FtpWebRequest to authenticate to FTP using client certificates in C#?

时间秒杀一切 提交于 2020-01-13 06:31:08

问题


I am trying upload a file to a FTP server and I need to use client certificate to authenticate and not the username and password.

var fullFtpPath = String.Concat(ftpItem.FtpAddress, "/", record, ".txt");

FtpWebRequest request = (FtpWebRequest) WebRequest.Create(fullFtpPath);
request.Credentials = new NetworkCredential(ftpItem.Username, ftpItem.Password);
request.Method = WebRequestMethods.Ftp.UploadFile;
request.UseBinary = true;
request.UsePassive = ftpItem.UsePassive;
request.EnableSsl = ftpItem.UseSSL;

request.ContentLength = bytes.Length;
using(Stream s = request.GetRequestStream()) {
    s.Write(bytes, 0, bytes.Length);
}

FtpWebResponse response = (FtpWebResponse) request.GetResponse();
Debug.WriteLine("Upload File Complete, status {0}", response.StatusDescription);

db.LogExport(siteId, fullFtpPath, record, true, response.StatusDescription);
response.Close();

Above is my current code, but I am not sure how to implement the certificate authentication or if it is even possible to do it. Do I have to create the certificate? Or the server will provide me a certificate and I will just set it in my request?


回答1:


  • Use FtpWebRequest.ClientCertificates property to specify certificate to use for authentication
  • The certificate is of type X509Certificate
  • You either construct the certificate on your own (from byte array or import from a file), or look it up in a certificate store (X509Store)
FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://ftp.example.com");

request.Credentials = new NetworkCredential("username", "");

// Query certificate from store
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
const string tp = "2b6f8ac51a85cbaf429474a55304313968667611";
X509Certificate2 cert2 =
    store.Certificates.Find(X509FindType.FindByThumbprint, tp, true)[0];
store.Close();

// Add certificate into request
request.ClientCertificates.Add(cert2);



回答2:


You can use ComponentPro for this. This code example explains how to authenticate the client using a certificate:

using System;
using System.Security.Cryptography.X509Certificates;
using ComponentPro.Net;

...

public void HandleCertificateRequiredEvent()
{
    // Create a new instance.
    Ftp client = new Ftp();

    client.CertificateRequired += client_CertificateRequired;

    // Connect to the FTP server.
    client.Connect("myserver", 21, FtpSecurityMode.Explicit);

    // Authenticate.
    client.Authenticate("userName", "password");

    // Do something here...
    client.DownloadFile("/my remote file.dat", "my local file");

    // Disconnect.
    client.Disconnect();
}

void client_CertificateRequired(object sender, ComponentPro.Security.CertificateRequiredEventArgs e)
{
    // Load certificates from the local machine.
    X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser);
    my.Open(OpenFlags.ReadOnly);

    // Retrieve a list of available certificates.
    X509Certificate2Collection certs = my.Certificates;

    // If no certificate found, return.
    if (certs.Count == 0)
    {
        e.Certificates = null;
        return;
    }

    // Show all certificates.
    Console.WriteLine("Select certificate:");
    for (int i = 0; i <= certs.Count; i++)
    {
        if (i == 0)
        {
            Console.WriteLine(string.Format("{0}. [Nothing, skip this step]", i));
            continue;
        }

        Console.WriteLine(string.Format("{0}. {1}", i, certs[i - 1].SubjectName.Name));
    }

    // And ask user to choose an appropriate certificate.
    while (true)
    {
        Console.Write(string.Format("Select certificate [0 - {0}]: ", certs.Count));

        int certIndex;

        try
        {
            certIndex = int.Parse(Console.ReadLine());
        }
        catch
        {
            Console.WriteLine("ERROR: Wrong certificate index input!");
            continue;
        }

        if (certIndex > 0 && certIndex <= certs.Count)
        {
            e.Certificates = new X509Certificate2Collection(certs[certIndex]);
            return;
        }

        if (certIndex == 0)
            break;

        Console.WriteLine(string.Format("ERROR: You must enter number between 0 and {0}.", certs.Count));
    }
}

ComponentPro is good to work with FtpWebRequest too:

using System;
using System.IO;
using System.Net;

...

// Register FtpWebRequest for the specified schema.
WebRequest.RegisterPrefix("ftp://", ComponentPro.Net.FtpWebRequest.Creator);

Console.WriteLine("Sending request...");

// Create a WebRequest for the specified URL.
WebRequest request = WebRequest.Create("ftp://ftp.example.net/pub/myfile.zip");

// Send the WebRequest and waits for a response.
WebResponse response = request.GetResponse();

// Get remote file stream for downloading.
Stream remoteFileStream = response.GetResponseStream();

Stream localFileStream = File.Create("myfile.zip");

// Create a new buffer to download.
byte[] buffer = new byte[1024];
int n;
do
{
    // Read data from the remote file stream.
    n = remoteFileStream.Read(buffer, 0, buffer.Length);
    // Write to the local file stream.
    localFileStream.Write(buffer, 0, n);
} while (n > 0);

Console.WriteLine("Response Received.");

localFileStream.Close();

// Release the resources of the response.
remoteFileStream.Close();


来源:https://stackoverflow.com/questions/29109291/is-there-a-way-to-use-ftpwebrequest-to-authenticate-to-ftp-using-client-certific

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!