Implicit | How to incorporate FTP functionality to your .NET applications

ComponentPro would like to illustrate how to use Ultimate FTP in PowerShell in this topic. PowerShell is the new command line and scripting language developed by Microsoft to helps IT professionals complete their tasks more efficiently with greater control and productivity on Microsoft Windows Platforms. The PowerShell contains more than 130 command line tools especially designed for administrators.

Windows PowerShell is built on top of the .NET Framework, so it gives administrators a wide-range of methods and extensions. With Ultimate FTP, now you can upload and download files to FTP server easily with a few lines of code. Since PowerShell accepts and returns .NET objects, FTP classes are accessible to the PowerShell, in which you can use the component to build a complex application like a C# or VB.NET application. This component can be downloaded from our website.

To get start, we begin with uploading several files with a single line of code:

Unlike many other FTP components, Ultimate FTP enables you to upload and download multiple files with different extensions with a single line of code. We take advantages of this feature with the following PowerShell sample:

# Load DLL
Add-Type -Path C:\InstalledDir\ComponentPro.Ftp.dll
# Set source path and files to upload
$sourcePath = "C:\Temp\*.ps1;*.dat;*.zip"
# Set destination path
$destinationPath = "/my dir"
# Create a new instance of the Ftp class
$ftp = New-Object ComponentPro.Net.Ftp
$ftp.Connect("myserver")
$ftp.Authenticate("user", "pass")
# Upload files
$ftp.UploadFiles($sourcePath, $destinationPath)
$ftp.Close()
$ftp.Dispose()

Now we will download files from the FTP server to the local disk:

We gives you the ease-of-use of the FTP component not only in the upload methods, but also in the download methods. The following PowerShell code example demonstrates how to load the ComponentPro.Ftp.DLL assembly and download files from the FTP server:

# Load DLL
Add-Type -Path C:\InstalledDir\ComponentPro.Ftp.dll
# Set source path and files to upload
$sourcePath = "/my dir/*.ps1;*.dat;*.zip"
# Set destination path
$destinationPath = "C:\Temp2"
# Create a new instance of the Ftp class
$ftp = New-Object ComponentPro.Net.Ftp
$ftp.Connect("myserver")
$ftp.Authenticate("user", "pass")
# Download files
$ftp.DownloadFiles($sourcePath, $destinationPath)
$ftp.Close()
$ftp.Dispose()

How about FTP/SSL?

Basically to connect to an FTP/SSL server you only have to specify the SecurityMode as the third parameter of the Connect method as shown below:

C#:

ftp.Connect("myserver", 991, SecurityMode.Explicit);

VB.NET:

ftp.Connect("myserver", 991, SecurityMode.Explicit)

However PowerShell does not understand enums defined in our .NET assemblies. We must use an “Integer” as the third parameter of the Connect method with SecurityMode.None = 0, SecurityMode.Implicit = 1, SecurityMode.Explicit = 2, and SecurityMode.TumbleweedTunnel = 3.

$ftp.Connect("myserver", 991, 2)

Now you see with Ultimate FTP Component and a little knowledge of PowerShell language, you can build a comprehensive file transfer application running on the Windows PowerShell.

Click here to download the Ultimate FTP Component for .NET, or here to download the .NET CF version.

This topic gives you an overview of Certificate and Security Modes for FTP/SSL. It also illustrates how to connect to FTP/SSL servers using Ultimate FTP.

What is a digital certificate?

Authentication is important for secure communications. Users must be able to prove their identity to the entities they are communicating with. In addition, they must be able to verify the identity of the entity communicating with them. This is accomplished by presenting or verifying some form of trusted credentials.

A digital certificate is a common credential that provides authentication. A trusted organization, called a Certificate Authority (CA), assigns a certificate to a user or entity and the user or entity then uses the certificate to prove itself to the other side. You may configure your system to accept any number of Certificate Authorities but ATP does not recommend this configuration. Completing the following steps to access the Certificates dialog box:

In the Control Panel, double-click Internet Options.
Select the Content tab, and then click Certificates.

Where do I get a certificate?

Certificates must come from a trusted CA. A user submits a certificate request to a CA and the CA returns a certificate for the user to use. Certificate used on our FTP server is generated by FileZila and CuteFTP. Listed below are some Certificate Authorities:

Microsoft Certificate Server – used for internal corporate Certificate delegation
VeriSign – (www.verisign.com) provides certificates for Internet users and servers

You always need a digital certificate installed to operate as a server. You only need a digital certificate installed on a client if the server requests authentication.

How does the authentication process work?

The client normally initiates the TCP connection. The Connect method makes this TCP connection, sends a “client hello” message, and automatically responds to authentication requests received from the server.
The server accepts the connection initiated by the client, constructs its digital credentials from the digital certificate referred to by the Server.Certificate Property, and sends its credentials to the client.
Optionally, the server may also send an authentication request to the client.
The client receives the server’s credentials, verifies it against the CAs it is configured to trust, and responds with its own credentials if an authentication request is received.
If the client and server cannot negotiate a mutually acceptable security protocol, an error is generated and the connection is closed.
If the client cannot validate the server’s credentials, an error is generated and the client closes the connection.
If the server cannot validate the client’s credentials (if requested), an error is generated and the server closes the connection.
Once protocol negotiation and authentication is successful, secure encryption/decryption is performed on all data passing over the connection.
The session is terminated when one side closes the connection.

What is a certificate store?

A certificate store is a location on the system (memory, disk, registry, etc.) where certificates are stored for use. There are three major system stores and other minor stores. The three major stores are:

MY – personal certificates go here. (e.g. ATP code signing)
ROOT – certificates for Trusted Root Certificate Authorities.
CA – all other certificates.

What are the system store and the machine store?

The system store is the certificate store located in the HKEY_CURRENT_USER registry key. The machine store is the certificate store located in the HKEY_LOCAL_MACHINE registry key. Applications installed as a service should store their certificates in the machine store since there is no current user when running as a service.

What is the X500 naming convention?

This is a format for creating a distinguished name. The different parts of the name are described below:

C – country you are in (ex. US).
S – state you are in (ex. California).
L – locality value or city (ex. Walnut).
O – your organization (ex. ATP, Inc.).
OU – organizational unit (ex. Software Development).
CN – common name; typically the name of the system or user (Ex. www.mydomain.com).

Here are some examples of X500 names:

C=US, S=New York, L=Syracuse, O=ATP, Inc., OU=ATP, CN=My Machine
C=US, S=Georgia, L=Atlanta, O=MyOrg, OU=Toy Department, CN=John Doe

Explicit connection

When the client connects to the server using SSL, an SSL negotiation is initialized, the connection is secured and all following communication is being protected.

The code snippet below shows how to connect to an FTP server securely using Explicit security mode.

C#
// Create a new instance. Ftp client = new Ftp(); // Connect to the FTP server. client.Connect(“myserver”, 21, SecurityMode.Explicit); // Authenticate. client.Authenticate(“userName”, “password”); // Do something here… client.DownloadFile(“/my remote file.dat”, “my local file”); // Disconnect. client.Disconnect();

VB.NET
‘ Create a new instance. Dim client As New Ftp() ‘ Connect to the FTP server. client.Connect(“myserver”, 21, SecurityMode.Explicit) ‘ Authenticate. client.Authenticate(“userName”, “password”) ‘ Do something here… client.DownloadFile(“/my remote file.dat”, “my local file”) ‘ Disconnect. client.Disconnect()

Implicit Connection with FTP

Originally, a separate port was assigned to the SSL version of the FTP. The port number 990 is usually assigned for FTP/SSL. Upon connection to this port, an SSL negotiation starts immediately and the control connection is secured. All data connections are also secured implicitly in the same way. This is similar to the approach used by HTTPS.

The code snippet below shows how to connect to an FTP server securely using Implicit security mode in Ultimate FTP.

C#
// Create a new instance. Ftp client = new Ftp(); // Connect to the FTP server. client.Connect(“myserver”, 990, SecurityMode.Implicit); // Authenticate. client.Authenticate(“userName”, “password”); // Do something here… client.DownloadFile(“/my remote file.dat”, “my local file”); // Disconnect. client.Disconnect();

VB.NET
‘ Create a new instance. Dim client As New Ftp() ‘ Connect to the FTP server. client.Connect(“myserver”, 990, SecurityMode.Implicit) ‘ Authenticate. client.Authenticate(“userName”, “password”) ‘ Do something here… client.DownloadFile(“/my remote file.dat”, “my local file”) ‘ Disconnect. client.Disconnect()