My C# code is trying to pull some files from an Amazon S3 bucket. This code works fine on my development as well as on UAT server. However, when I run this on my production server, I get a certificate error.
One difference between the UAT and Production servers is that on UAT there is no restriction on outbound internet access. On Production servers free outbound internet access is not allowed. we open only selective URLs as per requirements.
We have already opened access to s3.amazonaws.com. We have also ensured that this access works fine using WinSCP tool. However, when my code tries to do the same, I get the following error:
WinSCP.SessionRemoteException: Server Certificate Verification Failed: Issuer is not trusted.
The source code is attached below:
s3HostName = Convert.ToString(System.Configuration.ConfigurationManager.AppSettings["s3HostName"]);
s3UserName = Convert.ToString(System.Configuration.ConfigurationManager.AppSettings["s3UserName"]);
s3Password = Convert.ToString(System.Configuration.ConfigurationManager.AppSettings["s3Password"]);
LocalFilePath = Convert.ToString(System.Configuration.ConfigurationManager.AppSettings["LocalFilePath"]);
s3Folder = Convert.ToString(System.Configuration.ConfigurationManager.AppSettings["s3Folder"]);
LocalFileFolder = Convert.ToString(System.Configuration.ConfigurationManager.AppSettings["LocalFileFolder"]);
LocalFolder = LocalFilePath + yesterday + "\\";
SessionOptions sessionOptions = new SessionOptions
{
Protocol = Protocol.S3,
HostName = s3HostName,
UserName = s3UserName,
Password = s3Password,
};
TransferOptions transferOptions = new TransferOptions();
transferOptions.TransferMode = WinSCP.TransferMode.Automatic;
transferOptions.FilePermissions = null;
transferOptions.PreserveTimestamp = false;
using (Session session = new Session())
{
log.Debug("Open session for s3");
session.Open(sessionOptions);
if (!Directory.Exists(LocalFolder))
{
Directory.CreateDirectory(LocalFolder);
}
//to download files
session.GetFiles(s3Folder + "*" + yesterday + ".csv", LocalFolder);
session.Close();
log.Debug("Closed session for s3");
return "Success";
}
Resolved the issue using the oldest trick in the book. Reinstalled WinSCP. Its all working fine now.
Related
i have a problem uploading an xlsx file to sharepoint on the deployed version. In my IIS Express in the local pc i can upload the document without any problem. When i deploy the application the server gives me an exception "No connection could be made because the target machine actively refused it. [::ffff:127.0.0.1]:9000 (127.0.0.1:9000)". The Server uses a proxy server in order to execute the web request. I tried many solutions on the internet but nothing worked. I also developed a console application, which was able to upload the file without any further configuration.
This brings me to the conclusion, that the blazor server for some reason doesn't use the systems default proxy when it does the web request.
Here is my code:
public Task<bool> UploadDocument(byte[] fileBinaryArray, string fileName, string sharePointLink)
{
try
{
Debug.WriteLine("-----------------------------------" + sharePointLink);
var preparedLink = PrepareSharePointLink(sharePointLink);
Debug.WriteLine("-----------------------------------" + preparedLink);
ClientContext ctx = new PnP.Framework.AuthenticationManager().GetACSAppOnlyContext(_siteUrl, _clientId, _clientSecret);
/*ctx.ExecutingWebRequest += (sen, args) =>
{
System.Net.WebProxy myProxy = new System.Net.WebProxy("proxyIp", 8080);
args.WebRequestExecutor.WebRequest.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
args.WebRequestExecutor.WebRequest.Proxy = myProxy;
};*/
var folder = ctx.Web.GetFolderByServerRelativeUrl(preparedLink);
ctx.Load(folder);
ctx.ExecuteQuery();
folder.Files.Add(new FileCreationInformation
{
Overwrite = true,
Content = fileBinaryArray,
Url = fileName
});
ctx.ExecuteQuery();
return Task.FromResult(true);
}
catch(Exception e)
{
_eventlogService.LogError(e, _authenticationService?.UserName);
return Task.FromResult(false);
}
}
I'm trying to upload file to FileZilla server through ftps by protocol TLS. On the server port 20 and 21 is closed. The only way how I managed to connect to server is by using FluentFTP but I couldn't upload file because of some FileZilla server bug.
https://github.com/robinrodricks/FluentFTP/issues/335
https://forum.filezilla-project.org/viewtopic.php?t=51601
public static void UploadTest(
string pathUploadFile, string addressIP, int port, string location,
string userName, string password)
{
FtpClient ftp;
Console.WriteLine("Configuring FTP to Connect to {0}", addressIP);
ftp = new FtpClient(addressIP, port, new NetworkCredential(userName, password));
ftp.ConnectTimeout = 600000;
ftp.ReadTimeout = 60000;
ftp.EncryptionMode = FtpEncryptionMode.Implicit;
ftp.SslProtocols = SslProtocols.Default | SslProtocols.Tls11 | SslProtocols.Tls12;
ftp.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);
ftp.Connect();
// upload a file
ftp.UploadFile(pathUploadFile, location);
Console.WriteLine("Connected to {0}", addressIP);
ftp.Disconnect();
void OnValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
// add logic to test if certificate is valid here
e.Accept = true;
}
}
Is there any way around without a violating security level? If not is there any other free library which support uploading files with TLS/SSL? I also tried this but it didn't work.
https://learn.microsoft.com/en-us/dotnet/api/system.net.ftpwebrequest.enablessl
Thanks.
You can use WinSCP .NET assembly.
It supports implicit TLS (port 990). And uses OpenSSL TLS implementation (not .NET Framework), so it should not have the problem that FluentFTP has. It definitely works for me against FileZilla FTP server, even with session resumption requirement turned on.
SessionOptions sessionOptions = new SessionOptions
{
Protocol = Protocol.Ftp,
HostName = "ftp.example.com",
UserName = "username",
Password = "password",
FtpSecure = FtpSecure.Implicit,
TlsHostCertificateFingerprint = "xx:xx:xx:...",
};
using (Session session = new Session())
{
session.Open(sessionOptions);
session.PutFiles(localPath, remotePath).Check();
}
(I'm the author of WinSCP)
For more references about the problem, see also Can connect to FTP using FileZilla or WinSCP, but not with FtpWebRequest or FluentFTP.
Our IT department gave me credentials for an FTPS, which I can access using FileZilla
But I also need to access the FTPS using an application I am working on to automate the process. The information provided to me was,
That this is an FTP over TLS/SSL
IP: xxx.xxx.xx.xx
Port: 990 <-- suggesting its an implicit encryption
UserName: username.ftp
Password: password123
After reading some posts on WinSCP on stack and their documentation, I still can't access the ftps using my application. My code so far..
SessionOptions sessionOp = new SessionOptions()
{
FtpSecure = FtpSecure.Implicit,
Protocol = Protocol.Ftp,
HostName = IP,
UserName = userName,
Password = password,
};
sessionOp.AddRawSettings("ProxyMethod", "3");
sessionOp.AddRawSettings("ProxyPort", "990");
using (Session session = new Session())
{
session.Open(sessionOp);
var list = session.ListDirectory(dir);
Console.WriteLine(list);
}
The error I get is, "Failed to Connect" from WinSCP
How can I access this FTPS?
What you did is configuring the HTTP Proxy port to 990. Instead you should configure the FTPS port.
SessionOptions sessionOp = new SessionOptions()
{
FtpSecure = FtpSecure.Implicit,
Protocol = Protocol.Ftp,
HostName = IP,
UserName = userName,
Password = password,
PortNumber = 990
};
and remove the lines
sessionOp.AddRawSettings("ProxyMethod", "3");
sessionOp.AddRawSettings("ProxyPort", "990");
Also, I suggest using the WinSCP GUI to try this instead of FileZilla, considering that the library is related to the GUI.
I think I have read every single thing on the internet about this (bold statement I know) but I can't work it out...
I have a very simple webpage that gets the status VMs on Azure, which works fine on my machine. I created a Cert on my local machine with makecert and debug runs fine.
After deploying it to another server on IIS all I get is 403 errors.
Things I tried:
Exporting Cert from my dev machine with private key and importing onto the test server
Creating new Cert with makecert (edit: recreated the cert on the server I want to deploy to) (according to this link from MSN), upload to Azure, update code to search for new thumbprint, redeploy and admire the same error msg..
Both times I changed the app pool identity to a user account that is log-on-able (and reverted)
Tried with cert as both localmachine and current user, with user updated in the app pool
I changed my get cert code to more resemble an answer from a similar question, but finding the cert doesn't appear to be the issue.. if I remove the cert created on the server, I get a different error.
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
var certificate = store.Certificates.Cast<X509Certificate2>().SingleOrDefault(c => string.Equals(c.Thumbprint, thumbprint, StringComparison.OrdinalIgnoreCase)); // please replace CertificateThumbprint with original Thumbprint
return certificate;
Ref: how to connect to azure (management) rest api via C# in IIS
Code to create HttpClient:
WebRequestHandler handler = new WebRequestHandler();
String CertThumbprint = _certthumbprint;
X509Certificate2 managementCert = FindX509Certificate(CertThumbprint);
if (managementCert != null)
{
handler.ClientCertificates.Add(managementCert);
HttpClient httpClient = new HttpClient(handler);
httpClient.DefaultRequestHeaders.Add("x-ms-version", "2014-05-01");
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/xml"));
return httpClient;
}
Retrieve VMs Code:
String uri = String.Format("https://management.core.windows.net/{0}/services/hostedservices/{1}/deploymentslots/{2}", _subscriptionid, ServiceName, "Production");
XDocument vms = new XDocument();
vms.Add(new XElement("VirtualMachines"));
ApplyNamespace(vms.Root, ns);
try
{
HttpClient http = GetHttpClient();
Stream responseStream = await http.GetStreamAsync(uri);
if (responseStream != null)
{
XDocument xml = XDocument.Load(responseStream);
var roles = xml.Root.Descendants(ns + "RoleInstance");
foreach (XElement r in roles)
{
XElement svcNamee1 = new XElement("ServiceName", ServiceName);
ApplyNamespace(svcNamee1, ns);
r.Add(svcNamee1);
vms.Root.Add(r);
}
}
}
This code is currently about 95% copy and paste from here
The resolution for me in this case was to create a new Publishsettings file via powershell and import that on the server via powershell. Then use the thumbprint from that in code. Making a cert on the server and uploading to Azure still doesn't work for whatever reason...
I am trying to impersonate remote admin user so that i can perform modifications on the files present on remote Linux machine. But i get error message as Access to the path is denied.
However this thing manually i am able to do via putty using command :
sudo -S -u wtsnqa rm /path-to-file/
Any help is worth appreciable.
My code :
SessionOptions sessionOptions = new SessionOptions
{
Protocol = Protocol.Sftp,
HostName = "sj1slm612",
UserName = "userid",
Password = "password",
SshHostKeyFingerprint = "ssh-rsa 2048 fa:e9:58:24:1b:41:a3:15:63:0d:c0:72:41:5d:51:7a"
};
using (Session session = new Session())
{
// Connect
session.Open(sessionOptions);
// Performing removing files from remote server via impersonation.......
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
using (WindowsIdentity Authorized_user = new WindowsIdentity("wtsnqa"))
{
using (WindowsImpersonationContext context = Authorized_user.Impersonate())
{
File.Delete(#"\\sj1slm612\apps\instances\express_13000\configuration\standalone-full.xml");
File.Delete(#"\\sj1slm612\apps\instances\query_13100\configuration\standalone-full.xml");
File.Delete(#"\\sj1slm612\apps\instances\wppapi_13200\configuration\standalone-full.xml");
File.Delete(#"\\sj1slm612\apps\instances\wppgui_13300\configuration\standalone-full.xml");
Console.WriteLine("All config files removed from sj1slm612");
Console.ReadLine();
context.Undo();
}