I decided to create a new BizTalk FTP/FTPS/SFTP adapter that would be robust and allow me to connect to both FTP, FTPS (FTP over SSL or FTP-SSL), and SFTP (SSH File Transfer Protocol) servers. It also doesn’t have the limitation on server OSs that the MS FTP adapter has.
Here are the features:
PGP Pipeline component
Send and receive from FTP, FTPS, and SFTP servers. Send dynamically from orchestrations. Ability to not delete file after retrieval from SFTP or FTP(S) server. Proxy support. Use temporary remote directory to ensure full files are written to final folder. Ability to check best authentication method to FTP(S) servers.
Here are the Receive Location Properties.
Explanation of properties:
FTP Type – FTP, FTPS (FTP over SSL or FTP-SSL), or SFTP (SSH File Transfer Protocol).
CRLF Mode – The CRLF Mode property applies when downloading files in ASCII mode. If CRLF Mode is set to No Alteration the transfer happens normally without alteration. A value of CRLF converts all line endings to CR+ LF. A value of LF Only converts all line endings to LF-only. A value of CR Only converts all line endings to CR-only.
After Download – You may delete, move, or rename the file after downloading.
After Download File Name – The file name to rename the file if not deleting. %SourceFileName% and %SourceFileNameNoExtension% are supported.
After Download Move To Directory – The remote directory to move the file to after downloading. Uses same absolute/relative paths as Remote Directory. %SourceFileName% and %SourceFileNameNoExtension% are supported.
FTP Trace Mode – Send a trace of the FTP session and any errors to either a File, designated by the FTP Trace path and FileName, Event Log, Both, or None.
FTP Mode – Active, Passive, or EPSV.
Temporary Remote Directory – Use a temporary remote directory to transfer files then move to the Remote Directory. This ensures that no partial files will be picked up by another process on your Remote Directory. The Temporary Remote Directory will automatically have trailing forward slashes “/” added to it if you don’t add them. For SFTP –> Preceding slash (/) = Absolute Path, Current directory = “./”, No preceding slash (/) = Relative Path from current directory.
Remote Directory – The remote directory of the FTP(S)/SFTP server. The Remote Directory will automatically have trailing forward slashes “/” added to it if you don’t add them. For SFTP –> Preceding slash “/” = Absolute Path, Current directory = “./”, No preceding slash = Relative Path from current directory.
Transfer Mode – Binary or ASCII
Use Passive Host Address – Some FTP servers need this option for passive data transfers. In passive mode, the data connection is initiated by the client sending a PASV command to the FTP server, and the FTP server responds with the IP address and port number where it is listening for the client’s connection request. When the Use Passive Host Address property is set to Yes, the IP address in the PASV response is discarded and the IP address of the remote endpoint of the existing control connection is used instead.
Authentication Mode – By setting the Authentication Mode Property to AuthTls , a secure FTP connection can be established using either SSL 3.0 or TLS 1.0. The FTP_FTPS Adapter will automatically choose whichever is supported by the FTP server during the secure channel establishment. The FTP control port remains at the default (21). Upon connection, the channel is converted to a secure channel automatically. All control messages and data transfers are encrypted. By choosing Implicit SSL, the FTP_FTPS Adapter connects using SSL on port 990, which is the de-facto standard FTP SSL port.
Client Certificate – The FTP_FTPS_SFTP Adapter provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS).
Clear Control Channel – Reverts the FTP control channel from SSL/TLS to an unencrypted channel. This may be required when using FTPS with AUTH TLS where the FTP client is behind a DSL or cable-modem router that performs NAT (network address translation). If the control channel is encrypted, the router is unable to translate the IP address sent in the PORT command for data transfers. By clearing the control channel, the data transfers will remain encrypted, but the FTP commands are passed unencrypted.
Private Key File – The FTP_FTPS_SFTP Adapter provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). You may load a certificate from separate .crt (or .cer) and .pvk files and use it as the client-side SSL cert. The .pvk contains the private key. The .crt/.cer file contains the PEM or DER encoded digital certificate. Note: Client-side certificates are only needed in situations where the server demands one.
Invoice VAN FTP/SSL – By choosing yes, the FTP_FTPS_SFTP Adapter sets all the properties correctly to connect to an Inovis VAN FTP/SSL.
Tumbleweed Certificate Common Name– The FTP_FTPS_SFTP Adapter can connect, authenticate, transfer files to a Tumbleweed Secure Transport SSL FTP Server. Instead of providing a login name and password, you pass the string “site-auth” for the username, and an empty string for the password. You must also provide a client-side digital certificate — as the certificate’s credentials and validity are used to authenticate.
MODE Z – The FTP/FTPS/SFTP Adapter automatically detects if the FTP server supports MODE Z. It allows for files to be uploaded and downloaded using compressed streams.
SOCKS Version – Both SSL/TLS and non-secure FTP communications may use SOCKS4 and SOCKS5 proxies. Choose which version of SOCKS and provide the SOCKS Proxy Host Name, SOCKS Proxy Password, SOCKS Proxy Port, and SOCKS Proxy User Name.
Active Port End Range – When Active FTP Mode is used, the client-side is responsible for choosing a random port for each data connection. (Note: In the FTP protocol, each data transfer occurs on a separate TCP/IP connection. Commands are sent over the control channel (port 21 for non-SSL, port 990 for SSL).)
Active Port Start Range – This property, along with Active Port End Range, allows the client to specify a range of ports for data connections when in Active mode.
Proxy Mode – The proxy scheme used by your FTP proxy server. Valid values are 0 to 8. Supported proxy methods are as follows:
Note: The Proxy Host Name is the hostname of the firewall, if the proxy is a firewall. Also, the Proxy User Name and Proxy Password are the firewall username/password (if the proxy is a firewall).
ProxyMethod = 1 (SITE site)
ProxyMethod = 2 (USER user@site)
ProxyMethod = 3 (USER with login)
ProxyMethod = 4 (USER/PASS/ACCT)
USER Username@Hostname:Port ProxyUsername
ProxyMethod = 5 (OPEN site)
ProxyMethod = 6 (firewallId@site)
ProxyMethod = 7
SITE Hostname:Port USER Username
ProxyMethod = 8
Detect FTP Authentication – Determines what combinations of FTP/FTPS/SFTP property settings result in successful data transfers. The FTP_FTPS_SFTP Adapter tries 13 different combinations of these properties: Ssl, AuthTls, AuthSsl, Port, Passive, and Use Passive Host Address. Within the FTP protocol, the process of fetching a directory listing is also considered a “data transfer”. The FTP_FTPS Adapter method works by checking to see which combinations result in a successful directory listing download. The FTP_FTPS_SFTP Adapter requires the Host Name, Username, Password, and Port and returns a string containing an XML report of the results. It is a blocking call that may take approximately a minute to run. It is executed via the following screen that opens when the ellipses is pressed.
SSH Private Key Path and File Name – Authenticates with the SSH server using public-key authentication. The corresponding public key must have been installed on the SSH server for the Username. Authentication will succeed if the matching SSH Private Key Path and File Name is provided. Load a private key from a PEM file. Private keys may be loaded from OpenSSH or Putty formats. Both encrypted and unencrypted private key file formats are supported.
SSH Private Key Passphrase – Passphrase for an encrypted SSH private key file.
SSH Create Disposition – SSH Create Disposition is a way to provide more control over how the file is opened or created. The following are the list and meanings of the keywords. createNew = A new file is created; if the file already exists the method fails. createTruncate = A new file is created; if the file already exists, it is opened and truncated. openExisting = An existing file is opened. If the file does not exist the method fails. openOrCreate = If the file exists, it is opened. If the file does not exist, it is created. truncateExisting = An existing file is opened and truncated. If the file does not exist the method fails.
SSH Create Disposition Additional – SSH Create Disposition Additional allows additional control over how the file is opened or created by using a comma delimited set of keywords listed below. appendData = Data is always written at the end of the file. Data is not required to be appended atomically. This means that if multiple writers attempt to append data simultaneously, data from the first may be lost. appendDataAtomic = Data is always written at the end of the file. Data MUST be written atomically so that there is no chance that multiple appenders can collide and result in data being lost. textMode = Indicates that the server should treat the file as text and convert it to the canonical newline convention in use. When a file is opened with this flag, data is always appended to the end of the file. Servers MUST process multiple, parallel reads and writes correctly in this mode. blockRead = The server MUST guarantee that no other handle has been opened with read access, and that no other handle will be opened with read access until the client closes the handle. (This MUST apply both to other clients and to other processes on the server.) In a nutshell, this opens the file in non-sharing mode. blockWrite = The server MUST guarantee that no other handle has been opened with write access, and that no other handle will be opened with write access until the client closes the handle. (This MUST apply both to other clients and to other processes on the server.) In a nutshell, this opens the file in non-sharing mode. blockDelete = The server MUST guarantee that the file itself is not deleted in any other way until the client closes the handle. No other client or process is allowed to open the file with delete access. blockAdvisory = If set, the above “block” modes are advisory. In advisory mode, only other accesses that specify a “block” mode need be considered when determining whether the “block” can be granted, and the server need not prevent I/O operations that violate the block mode. The server MAY perform mandatory locking even if the blockAdvisory flag is set. noFollow = If the final component of the path is a symlink, then the open MUST fail. deleteOnClose = The file should be deleted when the last handle to it is closed. (The last handle may not be an sftp-handle.) This MAY be emulated by a server if the OS doesn’t support it by deleting the file when this handle is closed. accessAuditAlarmInfo = The client wishes the server to enable any privileges or extra capabilities that the user may have in to allow the reading and writing of AUDIT or ALARM access control entries. accessBackup = The client wishes the server to enable any privileges or extra capabilities that the user may have in order to bypass normal access checks for the purpose of backing up or restoring files. backupStream = This flag indicates that the client wishes to read or write a backup stream. A backup stream is a system dependent structured data stream that encodes all the information that must be preserved in order to restore the file from backup medium. The only well defined use for backup stream data read in this fashion is to write it to the same server to a file also opened using the backupStream flag. However, if the server has a well defined backup stream format, there may be other uses for this data outside the scope of this protocol.
The FTP/FTPS/SFTP Adapter supports dynamic sends.
Here is example code needed for a dynamic send:
msg_FF = msg_FFTemp;
port_Dynamic(Microsoft.XLANGs.BaseTypes.Address) = @”FTP_FTPS_SFTP://TEST@localhost:21///”;
port_Dynamic(Microsoft.XLANGs.BaseTypes.TransportType) = “FTP_FTPS_SFTP”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.Username) = “TEST”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.Hostname) = “localhost”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.Port) = 990;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.RemoteDirectory) = “/New Directory”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.AuthenticationMode) = “Implicit SSL”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.Password) = “test”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.RemoteFileName) = “%MessageID%”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.FTPType) = “FTPS”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.FTPMode) = “Passive”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.LogFTPSession) = “YES”;
msg_FF(FTP_FTPS_SFTP_DynamicTransport.FTPTraceMode) = “Event Log”;
Please email me if you need another setti
ng for your particular FTP(S) or SFTP server.
You can buy the FTP/FTPS/SFTP adapter by emailing me here.. It is pretty reasonably priced given the many hours I spent developing and testing it. The price includes email and phone support and free upgrades for the life of the product.
You can download the 32 bit trial version by clicking here.
You can download the 64 bit trial version by clicking here.
The trial version will write out partial files after 45 days.
I tested FTP, FTPS connections using FileZilla Server. I tested SFTP connections using COPSSH and Sysax MultiServer.
PGP Pipeline Component Explained:
ASCIIArmorFlag – Writes out file in ASCII or Binary
Extension – Final File’s extension
Operation – Decrypt, Encrypt, and Sign and Encrypt
Passphrase – Private Key’s password for decrypting and signing
PrivateKeyFile – Absolute path to private key file
PublicKeyFile – Absolute path to public key file.
TempDirectory – Temporary directory used for file processing.
Copy the PGP Pipeline Component and Bouncy Castle .dlls in the .zip to your Program Files/BizTalk Server 20XX/Pipeline Components/ folder.