如何使用FTP SSL c＃？

Question

通过使用以下代码，我的客户端应用程序正在连接到安全FTP服务器并成功将文件推送到那里。你是否认为接受所有证书，下面的方法仍然是安全漏洞。如果是这样，任何人可以帮助我通过从客户的特定证书，我有FTP服务器上。

public bool UploadFile(string FileName) 
     { 
      string ftpServerIP = FTPServer; 
      string ftpUserID = FTPUser; 
      string ftpPassword = FTPPwd; 
      FileInfo fileInf = new FileInfo(FileName); 
      string uri = "ftp://" + ftpServerIP + "/" + fileInf.Name; 
      FtpWebRequest reqFTP; 

      // Create FtpWebRequest object from the Uri provided 
      reqFTP = (FtpWebRequest)FtpWebRequest.Create(uri); //new Uri("ftp://" + ftpServerIP + DestinationFolder + fileInf.Name)); 

      //Enable SSL 
      reqFTP.EnableSsl = true; 

      // Provide the WebPermission Credintials 
      reqFTP.Credentials = new NetworkCredential(ftpUserID, ftpPassword); 

      // By default KeepAlive is true, where the control connection is not closed after a command is executed. 
      reqFTP.KeepAlive = false; 

      //reqFTP.UsePassive = true; 

      // Specify the command to be executed. 
      reqFTP.Method = WebRequestMethods.Ftp.UploadFile; 

      //SSL Certificate 
      ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications); 

      // Specify the data transfer type. 
      reqFTP.UseBinary = true; 

      // Notify the server about the size of the uploaded file 
      reqFTP.ContentLength = fileInf.Length; 

      // The buffer size is set to 2kb 
      int buffLength = 2048; 
      byte[] buff = new byte[buffLength]; 
      int contentLen; 

      // Opens a file stream (System.IO.FileStream) to read the file to be uploaded 
      FileStream fs = fileInf.OpenRead(); 
      try 
      { 
       // Stream to which the file to be upload is written 
       Stream strm = reqFTP.GetRequestStream(); 

       // Read from the file stream 2kb at a time 
       contentLen = fs.Read(buff, 0, buffLength); 

       // Till Stream content ends 
       while (contentLen != 0) 
       { 
        // Write Content from the file stream to the FTP Upload Stream 
        strm.Write(buff, 0, contentLen); 
        contentLen = fs.Read(buff, 0, buffLength); 
       } 

       // Close the file stream and the Request Stream 
       strm.Close(); 
       fs.Close(); 
       return true; 
      } 
      catch (Exception ex) 
      { 
       return false; 
      } 

     } 

public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) 
     { 

      return true; 
     } 

Answer 1

一个建议是看ServicePointManager.ServerCertificateValidationCallback

这里是一个blog posting，解决安全FTP，并利用这种方法

Answer 2

如果您信任您上传数据到FTP服务器，然后我没有看到任何绕过服务器证书验证的实际问题。但是，如果要验证来自FTP服务器的服务器证书，请参阅发布的包含示例验证服务器证书示例的链接。