Consolidated documentation created from different BizTalk Blogs. Maintained by Saravana Kumar. Subscribe for updates:Subscribe to Saravana Kumar's blog
Author: Eric Stott
Category: BizTalk Server/Development/Adapters/FILE, FTP
Visit Original Link. Eric Stott owns this article, and as such retain the sole copyright of the content.

BizTalk FTP/FTPS (FTP over SSL or FTP-SSL) Adapter

I was having some problems transferring files from a very old SUN Unix server using the Microsoft provided FTP adapter.  I also needed the ability to transfer files to a FTP over SSL enabled server.  There seemed to be only a few supported FTP server types for the MS FTP adapter listed here:

  • Microsoft Windows Server 2003
  • Windows 2000 Server Service Pack 3 (SP3) and later versions
  • Windows 2000 Advanced Server SP3 and later versions
  • Sun Solaris 9.0
  • HP-UX
  • Redhat 7.x Linux
  • IBM O/S 390 running MVS
  • AS/400 OS/400 V5R1

I decided to create a new BizTalk FTP/FTPS adapter that would be robust and allow me to connect to both FTP and FTPS (FTP over SSL or FTP-SSL) servers. It also doesn’t have the limitation on server OSs that the MS FTP adapter has.

Here are the Receive Location Properties.

image

Explanation of properties:

CRLF Mode - The CRLF Mode  property applies when downloading files in ASCII mode. If CRLF Mode is set to No Alteration the transfer happens normally without alteration. A value of CRLF converts all line endings to CR+ LF. A value of LF Only converts all line endings to LF-only. A value of CR Only converts all line endings to CR-only.

FTP Trace Mode – Send a trace of the FTP session and any errors to either a File, designated by the FTP Trace path and FileName, Event Log, Both, or None.

Transfer Mode – Binary or ASCII

Use Passive Host Address - Some FTP servers need this option for passive data transfers. In passive mode, the data connection is initiated by the client sending a PASV command to the FTP server, and the FTP server responds with the IP address and port number where it is listening for the client's connection request. When the Use Passive Host Address property is set to Yes, the IP address in the PASV response is discarded and the IP address of the remote endpoint of the existing control connection is used instead.

Authentication Mode - By setting the Authentication Mode Property to AuthTls , a secure FTP connection can be established using either SSL 3.0 or TLS 1.0. The FTP_FTPS Adapter will automatically choose whichever is supported by the FTP server during the secure channel establishment. The FTP control port remains at the default (21). Upon connection, the channel is converted to a secure channel automatically. All control messages and data transfers are encrypted. By choosing Implicit SSL, the FTP_FTPS Adapter connects using SSL on port 990, which is the de-facto standard FTP SSL port.

Client Certificate – The FTP_FTPS Adapter provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS).

Clear Control Channel - Reverts the FTP control channel from SSL/TLS to an unencrypted channel. This may be required when using FTPS with AUTH TLS where the FTP client is behind a DSL or cable-modem router that performs NAT (network address translation). If the control channel is encrypted, the router is unable to translate the IP address sent in the PORT command for data transfers. By clearing the control channel, the data transfers will remain encrypted, but the FTP commands are passed unencrypted.

Private Key File – The FTP_FTPS Adapter provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). You may load a certificate from separate .crt (or .cer) and .pvk files and use it as the client-side SSL cert. The .pvk contains the private key. The .crt/.cer file contains the PEM or DER encoded digital certificate. Note: Client-side certificates are only needed in situations where the server demands one.

Invoice VAN FTP/SSL – By choosing yes, the FTP_FTPS Adapter sets all the properties correctly to connect to an Inovis VAN FTP/SSL.

Tumbleweed Certificate Common Name– The FTP_FTPS Server  can connect, authenticate, transfer files to a Tumbleweed Secure Transport SSL FTP Server. Instead of providing a login name and password, you pass the string "site-auth" for the username, and an empty string for the password. You must also provide a client-side digital certificate -- as the certificate's credentials and validity are used to authenticate.

MODE Z – The FTP/FTPS Adapter automatically detects if the FTP server supports MODE Z.  It allows for files to be uploaded and downloaded using compressed streams.

SOCKS Version - Both SSL/TLS and non-secure FTP communications may use SOCKS4 and SOCKS5 proxies. Choose which version of SOCKS and provide the SOCKS Proxy Host Name, SOCKS Proxy Password, SOCKS Proxy Port, and SOCKS Proxy User Name.

Active Port End Range - When Active FTP Mode is used, the client-side is responsible for choosing a random port for each data connection. (Note: In the FTP protocol, each data transfer occurs on a separate TCP/IP connection. Commands are sent over the control channel (port 21 for non-SSL, port 990 for SSL).)

Active Port Start Range - This property, along with Active Port End Range, allows the client to specify a range of ports for data connections when in Active mode.

Proxy Mode - The proxy scheme used by your FTP proxy server. Valid values are 0 to 8. Supported proxy methods are as follows:

Note: The Proxy Host Name is the hostname of the firewall, if the proxy is a firewall. Also, the Proxy User Name and Proxy Password are the firewall username/password (if the proxy is a firewall).

ProxyMethod = 1 (SITE site)

USER ProxyUsername
PASS ProxyPassword
SITE Hostname
USER Username
PASS Password

ProxyMethod = 2 (USER user@site)

USER Username@Hostname:Port
PASS Password

ProxyMethod = 3 (USER with login)

USER ProxyUsername
PASS ProxyPassword
USER Username@Hostname:Port
PASS Password

ProxyMethod = 4 (USER/PASS/ACCT)

USER Username@Hostname:Port ProxyUsername
PASS Password
ACCT ProxyPassword

ProxyMethod = 5 (OPEN site)

USER ProxyUsername
PASS ProxyPassword
OPEN Hostname
USER Username
PASS Password

ProxyMethod = 6 (firewallId@site)

USER ProxyUsername@Hostname
USER Username
PASS Password

ProxyMethod = 7

USER ProxyUsername
USER ProxyPassword
SITE Hostname:Port USER Username
PASS Password

ProxyMethod = 8

USER Username@ProxyUsername@Hostname
PASS Password@ProxyPassword

Detect FTP Authentication - Determines what combinations of FTP/FTPS property settings result in successful data transfers. The FTP_FTPS Adapter tries 13 different combinations of these properties: Ssl, AuthTls, AuthSsl, Port, Passive, and Use Passive Host Address. Within the FTP protocol, the process of fetching a directory listing is also considered a "data transfer". The FTP_FTPS Adapter method works by checking to see which combinations result in a successful directory listing download. The FTP_FTPS Adapter requires the Host Name, Username, Password, and Port and returns a string containing an XML report of the results. It is a blocking call that may take approximately a minute to run.  It is executed via the following screen that opens when the ellipses is pressed.

image 

Note:  When uploading files, the FTP/FTPS adapter uses a .TMP file for any file over 4k.  If you have a process that pulls *.* from the folder you are sending to, it might cause unintended consequences if the .TMP is removed before the FTP/FTPS adapter can rename it.

The FTP/FTPS Adapter supports dynamic sends.

Please email me if you need another setting for your particular FTP(S) server.

You can buy the FTP/FTPS adapter here.  It is pretty reasonably priced given the many hours I spent developing and testing it.

Page Rendered @ : 22/05/2013 03:11:51 GMT (DayLight Saving time)