Xceed .NET Libraries Documentation
How To Send a Client Certificate
Welcome to Xceed .NET, .NET Standard and Xamarin Libraries! > Task-Based Help > FTP capabilities > Making Secure Connections > How To Send a Client Certificate

Here is an example on how to send a client certificate when making a SSL connection.

static void ClientCertificateExample()
{
  try
  {
    FtpClient ftp = new FtpClient();
    //ftp.TraceWriter = Console.Out;

    // Subscribe to the CertificateReceived event
    ftp.CertificateReceived += new CertificateReceivedEventHandler( OnCertificateReceived );

    // Subscribe to the CertificateRequired event
    ftp.CertificateRequired += new CertificateRequiredEventHandler( OnCertificateRequired );

    // Connect to the server normally, unencrypted, at the usual ftp port
    ftp.Connect( "localhost", 21 );

    try
    {
      // Pick an authentication method
      AuthenticationMethod authenticationMethod = AuthenticationMethod.Ssl;

      // Pick verification flags. If unsure, pick 'None'.
      VerificationFlags verificationFlags = VerificationFlags.None;

      /* In this example, we will not provide a client certificate at Connect(). Instead,
       * we subscribe to the CertificateRequired event and if the FTP server asks us for
       * a certificate, we will provide one at that time. 
       * 
       * That way, if the server is not configured to expect a certificate, it 
       * won't receive one for no reason. */

      // The client certificate to submit to the server
      Certificate clientCertificate = null;

      // Decide if the data channel (for file transfers) will be encrypted or not
      DataChannelProtection dataChannelProtection = DataChannelProtection.Private;

      // Authenticate and encrypt the connection
      ftp.Authenticate( authenticationMethod, verificationFlags, clientCertificate, dataChannelProtection );

      // Login. The exchanged information will be encrypted
      ftp.Login( "username", "password" );

      /* Perform your file transfers */
    }
    finally
    {
      // Make sure we always disconnect
      ftp.Disconnect();

      ftp.CertificateRequired -= new CertificateRequiredEventHandler( OnCertificateRequired );
      ftp.CertificateReceived -= new CertificateReceivedEventHandler( OnCertificateReceived );
    }
  }
  catch( Exception exception )
  {
    // Output some information about it
    Console.WriteLine( "-->{0}: {1}\n{2}", exception.GetType().Name, exception.Message, exception.StackTrace );

    // Fetch the inner exception
    exception = exception.InnerException;

    // While there is an exception
    while( exception != null )
    {
      // Output some information about it
      Console.WriteLine( "-->Inner exception: {0}: {1}\n{2}", exception.GetType().Name, exception.Message, exception.StackTrace );

      // Fetch the inner exception
      exception = exception.InnerException;
    }
  }
}

static void OnCertificateRequired( object sender, CertificateRequiredEventArgs e )
{
  try
  {
    /* The .NET framework exposes certificates using the X509Certificate2 class.
     * The FTP component wraps this class into the Certificate class.
     * The class can load X509 certificate files encoded in the DER or Base64 encoding.
     * Most certificate files are encrypted and require a password, often called
     * the private key, to decode them. */

    // Load a certificate file to submit to the server
    Certificate clientCertificate = new Certificate( @"D:\Xceed\MyX509Certificate.der", "certificate password" );

    e.Certificate = clientCertificate;
  }
  catch( System.Security.Cryptography.CryptographicException )
  {
    // Trigger failure by not providing a certificate
    e.Certificate = null;
  }
}

static void OnCertificateReceived( object sender, CertificateReceivedEventArgs e )
{
  // Always accept the certificate
  e.Action = VerificationAction.Accept;
}
    Private Shared Sub ClientCertificateExample()
      Try
        Dim ftp As New FtpClient()
        'ftp.TraceWriter = Console.Out;

        ' Subscribe to the CertificateReceived event
        AddHandler ftp.CertificateReceived, AddressOf OnCertificateReceived

        ' Subscribe to the CertificateRequired event
        AddHandler ftp.CertificateRequired, AddressOf OnCertificateRequired

        ' Connect to the server normally, unencrypted, at the usual ftp port
        ftp.Connect("localhost", 21)

        Try
          ' Pick an authentication method
          Dim authenticationMethod As AuthenticationMethod = AuthenticationMethod.Ssl

          ' Pick verification flags. If unsure, pick 'None'.
          Dim verificationFlags As VerificationFlags = VerificationFlags.None

'           In this example, we will not provide a client certificate at Connect(). Instead,
'           * we subscribe to the CertificateRequired event and if the FTP server asks us for
'           * a certificate, we will provide one at that time. 
'           * 
'           * That way, if the server is not configured to expect a certificate, it 
'           * won't receive one for no reason. 

          ' The client certificate to submit to the server
          Dim clientCertificate As Certificate = Nothing

          ' Decide if the data channel (for file transfers) will be encrypted or not
          Dim dataChannelProtection As DataChannelProtection = DataChannelProtection.Private

          ' Authenticate and encrypt the connection
          ftp.Authenticate(authenticationMethod, verificationFlags, clientCertificate, dataChannelProtection)

          ' Login. The exchanged information will be encrypted
          ftp.Login("username", "password")

          ' Perform your file transfers 
        Finally
          ' Make sure we always disconnect
          ftp.Disconnect()

          RemoveHandler ftp.CertificateRequired, AddressOf OnCertificateRequired
          RemoveHandler ftp.CertificateReceived, AddressOf OnCertificateReceived
        End Try
      Catch exception As Exception
        ' Output some information about it
        Console.WriteLine("-->{0}: {1}" & Constants.vbLf & "{2}", exception.GetType().Name, exception.Message, exception.StackTrace)

        ' Fetch the inner exception
        exception = exception.InnerException

        ' While there is an exception
        Do While exception IsNot Nothing
          ' Output some information about it
          Console.WriteLine("-->Inner exception: {0}: {1}" & Constants.vbLf & "{2}", exception.GetType().Name, exception.Message, exception.StackTrace)

          ' Fetch the inner exception
          exception = exception.InnerException
        Loop
      End Try
    End Sub

    Private Shared Sub OnCertificateRequired(ByVal sender As Object, ByVal e As CertificateRequiredEventArgs)
      Try
'         The.NET framework exposes certificates using the X509Certificate2 class.
'         * The FTP component wraps this class into the Certificate class.
'         * The class can load X509 certificate files encoded in the DER or Base64 encoding.
'         * Most certificate files are encrypted and require a password, often called
'         * the private key, to decode them. 

        ' Load a certificate file to submit to the server
        Dim clientCertificate As New Certificate("D:\Xceed\MyX509Certificate.der", "certificate password")

        e.Certificate = clientCertificate
      Catch e1 As System.Security.Cryptography.CryptographicException
        ' Trigger failure by not providing a certificate
        e.Certificate = Nothing
      End Try
    End Sub

    Private Shared Sub OnCertificateReceived(ByVal sender As Object, ByVal e As CertificateReceivedEventArgs)
      ' Always accept the certificate
      e.Action = VerificationAction.Accept
    End Sub
See Also
Secure FTP (SSL/TLS)

 

 

Copyright Xceed Software Inc

Send Feedback