FtpWebRequest with EnableSSL

mosu picture mosu · Oct 22, 2009 · Viewed 10.6k times · Source

I implemented my custom FTP class to work with a hosted server that I'm paying for. I use the FTP for backup, restore and update of my application. I'm now at the moment where I want to enable the ssl to put this in production. I asked my hosting company if they support the ssl protocol and they said they do.

So I modified my methods after Microsoft MSDN tutorial to something like this:

reqFTP = (FtpWebRequest)FtpWebRequest.Create(new Uri(m_ftpAddress.Trim()));
reqFTP.UseBinary = true;
reqFTP.Credentials = new NetworkCredential(m_ftpUsername, m_ftpPassword);
reqFTP.Method = WebRequestMethods.Ftp.ListDirectory;

ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
                X509Certificate cert = new X509Certificate(path to a certificate created with makecert.exe);

reqFTP.ClientCertificates.Add(cert);
reqFTP.AuthenticationLevel = AuthenticationLevel.MutualAuthRequested;
reqFTP.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;

reqFTP.EnableSsl = true;

Now, the MSDN says that if the server supports the ssl protocol it will not throw and exception when asked with AUTH TLS. This can be seen in the trace log. So I suppose it is not a server issue.

After the authentication phase the server returns a

System.Net Information: 0 : [0216] FtpControlStream#41622463 - Received response [227 Entering Passive Mode (the IP and port number).]

message which triggers an error:

System.Net Error: 0 : [0216] Exception in the FtpWebRequest#12547953::GetResponse - The remote server returned an error: 227 Entering Passive Mode (the IP and port number).

I tried setting the

reqFTP.UsePassive = true;

property to false and then I get this error:

System.Net Information: 0 : [2692] FtpControlStream#4878312 - Received response [500 Illegal PORT command]

Of course, without the EnableSLL property set to true everything works without problems.

Does anyone have any idea on this?

Edit: I modified the code as fallows:

reqFTP = (FtpWebRequest)FtpWebRequest.Create(new Uri(m_ftpAddress.Trim()));
reqFTP.UseBinary = true;
reqFTP.Credentials = new NetworkCredential(m_ftpUsername, m_ftpPassword);
reqFTP.Method = WebRequestMethods.Ftp.ListDirectory;

ServicePointManager.ServerCertificateValidationCallback = new       
     System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);

reqFTP.ClientCertificates.Add(cert);
reqFTP.AuthenticationLevel = AuthenticationLevel.MutualAuthRequested;
reqFTP.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification
reqFTP.EnableSsl = true;

The ValidateServerCertificate always returns true. After this modifications the effect is none.

And I don't understand:

  • In this moment the application is using the server certificate, right ?
  • And before the modifications was using also mine ?

Can somebody explain my how this works ?

Edit: After many emails exchanged with the hosting company it turned out that they had problems with their FTP software and it was no problem with the code.

Answer

Doug picture Doug · Nov 12, 2010

Have you checked whether your host is using FTPS or SFTP?

they are different protocols and your host may have assumed you were talking about the wrong one.