使用C#.Net通过FTPS(SSL / TLS)传输文件

我正在编写一个通过FTP站点同步文件的应用程序。 现在它正在通过常规FTP连接,但现在我们的IT人员希望通过安全的FTPS连接进行设置。

他们为我提供了一个* .cr_证书文件。 如果我在记事本中打开文件,我会看到类似的东西(但真正的键显然不是foobar)。

-----BEGIN RSA PRIVATE FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR FOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBARFOOBAR -----END CERTIFICATE----- 

如何使用此证书文件连接到FTPS服务器以上载和下载文件? 原谅我,但我对涉及通过网络传输文件,安全连接,证书,公钥,私钥等等的任何事情都很陌生……等等……

我想我想使用FtpWebRequest对象并将EnableSsl属性设置为true。 但我不确定这个证书文件在哪里发挥作用。

如果您正在使用FtpWebRequest类 ,则只需在请求设置中添加一些内容即可。 一定要包括using System.Security.Cryptography.X509Certificates; 声明。

  FtpWebRequest request = (FtpWebRequest)WebRequest.Create(ftpUrl); request.Credentials = new NetworkCredential(userName, password); request.EnableSsl = true; //ServicePointManager.ServerCertificateValidationCallback = ServicePointManager_ServerCertificateValidationCallback; X509Certificate cert = X509Certificate.CreateFromCertFile(@"C:\MyCertDir\MyCertFile.cer"); X509CertificateCollection certCollection = new X509CertificateCollection(); certCollection.Add(cert); request.ClientCertificates = certCollection; 

此外,如果您在证书生成exception时遇到问题,则可能需要实现自己的证书validation回调方法,以便与ServicePointManager.ServerCertificateValidationCallback属性一起使用 。 这可以像总是返回true一样简单,也可以像我用来调试那样复杂:

  public static bool ServicePointManager_ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { bool allowCertificate = true; if (sslPolicyErrors != SslPolicyErrors.None) { Console.WriteLine("Accepting the certificate with errors:"); if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch) { Console.WriteLine("\tThe certificate subject {0} does not match.", certificate.Subject); } if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors) { Console.WriteLine("\tThe certificate chain has the following errors:"); foreach (X509ChainStatus chainStatus in chain.ChainStatus) { Console.WriteLine("\t\t{0}", chainStatus.StatusInformation); if (chainStatus.Status == X509ChainStatusFlags.Revoked) { allowCertificate = false; } } } if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable) { Console.WriteLine("No certificate available."); allowCertificate = false; } Console.WriteLine(); } return allowCertificate; } 

本文使用源代码解释了如何执行此操作。

本文的目的是在安全模式下创建一个C#FTP客户端,所以如果你对FTPS知之甚少,我建议你看看这个:FTPS。

在.NET Framework中,要以FTPS模式上传文件,我们通常使用FtpWebRequest类,但您不能使用quote参数发送命令,即使您在Web上搜索,也不会找到安全的具体示例C#FTP客户端。

出于这些原因,我决定创建这篇文章。