PowerTCP FTP for .NET
EncryptControl Enumeration
Example Example 



Dart.Ftp Namespace : EncryptControl Enumeration
Enumerates the possible values for specifying the encryption of the control connection.
Syntax
Public Enum EncryptControl 
   Inherits System.Enum
Dim instance As EncryptControl
public enum EncryptControl : System.Enum 
public enum class EncryptControl : public System.Enum
Members
MemberDescription
Explicit Encryption will be negotiated in Ftp.Authenticate based on the response to a FEAT command.
ExplicitSsl Encryption will be negotiated in Ftp.Authenticate using "AUTH SSL" (only).
ExplicitTls Encryption will be negotiated in Ftp.Authenticate using "AUTH TLS" (only).
ExplicitTlsC Encryption will be negotiated in Ftp.Authenticate using "AUTH TLS-C" (only). Legacy command synonymous with "AUTH TLS".
ExplicitTlsP Encryption will be negotiated in Ftp.Authenticate using "AUTH TLS-P" (only). Legacy command synonymous with "AUTH SSL".
Implicit Encryption will be negotiated immediately after establishing the control connection with the server.
None No encryption is to be used.
Remarks

With implicit security, it is understood that both the client and the server will use TLS/SSL for the entire session. The client connects, the SSL handshake occurs, and (if successful) secure communication continues for the session. For this reason, implicit encryption typically must use a different port (the well-known port of 990).

With explicit security, secure communication occurs only after some preliminary negotiation in the clear. The client connects normally to the FTP server on the well-known port of 21 and issues the AUTH command along with the security mechanism (such as TLS) that the client would like to use. If the server supports this mechanism and responds positively, secure communication continues for the rest of the session.

EncryptControl.Explicit will select the AUTH command from the server's response to a FEAT command in the order of preference: "AUTH TLS", "AUTH TLS-C", "AUTH SSL" or "AUTH TLS-P", and will fallback to "AUTH TLS" if the server does not advertise any.

Despite that some legacy AUTH arguments imply data channel encryption, it is controlled solely by the value of FtpSecurity.EncryptData; when it is false, data channel encryption will be explicitly disabled.

Example
The following example demonstrates connecting to an Ftp server, with options for encryption (FTPS: Explicit/Implicit), and authenticating the user. 
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
using System.Net.Security;

/// <summary>
/// Connects to an Ftp server, optionally using encryption (Explicit/Implicit), and authenticates the user.
/// </summary>
/// <param name="myFtp">The Ftp instance to connect and authenticate</param>
/// <param name="hostNameOrAddress">The server's hostname or IP address</param>
/// <param name="port">Port that the server is listening on. Usually 21 for Explicit or non-secure, 990 for Implicit.</param>
/// <param name="username">Username</param>
/// <param name="password">Password</param>
/// <param name="encryptControl">Controls whether SSL/TLS is used, and the implementation. None/Explicit/Implicit.</param>
/// <param name="encryptData">Controls whether the data channel is encrypted.</param>
private void ConnectFtp(Ftp myFtp, string hostNameOrAddress, int port, string username, string password, EncryptControl encryptControl, bool encryptData)
{
    //Set the server address
    myFtp.Session.RemoteEndPoint = new IPEndPoint(hostNameOrAddress, port);

    if (encryptControl != EncryptControl.None)
    {
        //Set the control channel's security protocol - Implicit/Explicit
        myFtp.Session.Security.EncryptControl = encryptControl;

        //Set whether the data channel should be encrypted. This may or may not be required by your FTP server.
        myFtp.Session.Security.EncryptData = encryptData;

        //Optionally set the protocols available for SSL/TLS negotiation (defaults to SslProtocols.Default)
        //TLS 1.1/1.2 requires .NET 4.5+. See the SslProtocols MSDN documentation for more information.
        myFtp.Session.Security.Protocols = SslProtocols.Tls | SslProtocols.Ssl3;

        //Specify the server certificate validation callback
        myFtp.Session.Security.ValidationCallback = remoteCertificateValidation;
    }

    //Connect to the server.
    myFtp.Connect();

    //Authenticate the user.
    myFtp.Authenticate(username, password);
}

private bool remoteCertificateValidation(Object sender, X509Certificate remoteCertificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    //For this simple snippet, accept all server certificates. Please see the 'Security' top-level help topics for more information, or 
    //the System.Net.Security.RemoteCertificateValidationCallback MSDN documentation.
    return true;
}
Imports System.Security.Cryptography.X509Certificates
Imports System.Security.Authentication
Imports System.Net.Security

''' <summary>
''' Connects to an Ftp server, optionally using encryption (Explicit/Implicit), and authenticates the user.
''' </summary>
''' <param name="myFtp">The Ftp instance to connect and authenticate</param>
''' <param name="hostNameOrAddress">The server's hostname or IP address</param>
''' <param name="port">Port that the server is listening on. Usually 21 for Explicit or non-secure, 990 for Implicit.</param>
''' <param name="username">Username</param>
''' <param name="password">Password</param>
''' <param name="encryptControl">Controls whether SSL/TLS is used, and the implementation. None/Explicit/Implicit.</param>
''' <param name="encryptData">Controls whether the data channel is encrypted.</param>
Private Sub ConnectFtp(ByVal myFtp As Ftp, ByVal hostNameOrAddress As String, ByVal port As Integer, ByVal username As String, ByVal password As String, ByVal encryptControl As EncryptControl, ByVal encryptData As Boolean)
    'Set the server address
    myFtp.Session.RemoteEndPoint = New IPEndPoint(hostNameOrAddress, port)

    If encryptControl <> Dart.Ftp.EncryptControl.None Then
        'Set the control channel's security protocol - Implicit/Explicit
        myFtp.Session.Security.EncryptControl = encryptControl

        'Set whether the data channel should be encrypted. This may or may not be required by your FTP server.
        myFtp.Session.Security.EncryptData = encryptData

        'Optionally set the protocols available for SSL/TLS negotiation (defaults to SslProtocols.Default)
        'TLS 1.1/1.2 requires .NET 4.5+. See the SslProtocols MSDN documentation for more information.
        myFtp.Session.Security.Protocols = SslProtocols.Tls Or SslProtocols.Ssl3

        'Specify the server certificate validation callback
        myFtp.Session.Security.ValidationCallback = AddressOf remoteCertificateValidation
    End If

    'Connect to the server.
    myFtp.Connect()

    'Authenticate the user.
    myFtp.Authenticate(username, password)
End Sub

Private Function remoteCertificateValidation(ByVal sender As Object, ByVal remoteCertificate As X509Certificate, ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean
    'For this simple snippet, accept all server certificates. Please see the 'Security' top-level help topics for more information, or 
    'the System.Net.Security.RemoteCertificateValidationCallback MSDN documentation.
    Return True
End Function
Inheritance Hierarchy

System.Object
   System.ValueType
      System.Enum
         Dart.Ftp.EncryptControl

See Also

Reference

Dart.Ftp Namespace

PowerTCP FTP for .NET Documentation Version 6.1
© 2023 Dart Communications. All Rights Reserved.
Send comments on this topic