如何使用FTP SSL c＃？

Question

通過使用以下代碼，我的客戶端應用程序正在連接到安全FTP服務器併成功將文件推送到那裏。你是否認爲接受所有證書，下面的方法仍然是安全漏洞。如果是這樣，任何人可以幫助我通過從客戶的特定證書，我有FTP服務器上。

public bool UploadFile(string FileName) 
     { 
      string ftpServerIP = FTPServer; 
      string ftpUserID = FTPUser; 
      string ftpPassword = FTPPwd; 
      FileInfo fileInf = new FileInfo(FileName); 
      string uri = "ftp://" + ftpServerIP + "/" + fileInf.Name; 
      FtpWebRequest reqFTP; 

      // Create FtpWebRequest object from the Uri provided 
      reqFTP = (FtpWebRequest)FtpWebRequest.Create(uri); //new Uri("ftp://" + ftpServerIP + DestinationFolder + fileInf.Name)); 

      //Enable SSL 
      reqFTP.EnableSsl = true; 

      // Provide the WebPermission Credintials 
      reqFTP.Credentials = new NetworkCredential(ftpUserID, ftpPassword); 

      // By default KeepAlive is true, where the control connection is not closed after a command is executed. 
      reqFTP.KeepAlive = false; 

      //reqFTP.UsePassive = true; 

      // Specify the command to be executed. 
      reqFTP.Method = WebRequestMethods.Ftp.UploadFile; 

      //SSL Certificate 
      ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications); 

      // Specify the data transfer type. 
      reqFTP.UseBinary = true; 

      // Notify the server about the size of the uploaded file 
      reqFTP.ContentLength = fileInf.Length; 

      // The buffer size is set to 2kb 
      int buffLength = 2048; 
      byte[] buff = new byte[buffLength]; 
      int contentLen; 

      // Opens a file stream (System.IO.FileStream) to read the file to be uploaded 
      FileStream fs = fileInf.OpenRead(); 
      try 
      { 
       // Stream to which the file to be upload is written 
       Stream strm = reqFTP.GetRequestStream(); 

       // Read from the file stream 2kb at a time 
       contentLen = fs.Read(buff, 0, buffLength); 

       // Till Stream content ends 
       while (contentLen != 0) 
       { 
        // Write Content from the file stream to the FTP Upload Stream 
        strm.Write(buff, 0, contentLen); 
        contentLen = fs.Read(buff, 0, buffLength); 
       } 

       // Close the file stream and the Request Stream 
       strm.Close(); 
       fs.Close(); 
       return true; 
      } 
      catch (Exception ex) 
      { 
       return false; 
      } 

     } 

public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) 
     { 

      return true; 
     } 

Answer 1

一個建議是看ServicePointManager.ServerCertificateValidationCallback

這裏是一個blog posting，解決安全FTP，並利用這種方法

Answer 2

如果您信任您上傳數據到FTP服務器，然後我沒有看到任何繞過服務器證書驗證的實際問題。但是，如果要驗證來自FTP服務器的服務器證書，請參閱發佈的包含示例驗證服務器證書示例的鏈接。