Connections are not opened until the Connect()()()() method is called. Connection-, Authentication-, and Security-related properties should be set prior to opening the connection.

At a minimum, the following properties must be set prior to connection.

The Connection Tester may be used to assist with setting these and other properties. It allows the developer to test various property-settings interactively without running their application. The Connection Designer may be accessed by (1) double-clicking on the component, (2) right-clicking on the component and selecting "Connection Tester" from the context menu, or (3) selecting the component and then clicking on the "Connection Tester" link at the bottom of the Properties View.

Secure Transfers are enabled through the Security properties. At a minimum, the Protocol should be set to SFTP, FTPSExplicit or FTPSImplicit representing the SSH File Transfer Protocol, explicit FTP over SSL, and implicit FTP over SSL, respectively. The issue of Server Validation must also be addressed.

Server Validation is the process of making sure that the server with which the client is communicating is indeed the intended server. While developing code, this process may be disabled by setting ServerValidation to None, which disables server validation and thus postpones any complications related to it, but this should not be done in deployed applications.

To achieve server validation, the ServerValidation property may be set to Automatic or AutomaticNoNameCheck. The method by which a server is validated depends on whether the protocol is SSH-based or SSL-based.

In the SSL-based protocols, explicit FTPS and implicit FTPS, a certificate that is able to verify the FTP server must be installed on the machine on which the FTP client software is running. This certificate may be either the certificate of the server itself, or the certificate of the Certificate Authority (CA). SecureFTPConnection provides various means of installing server certificates:

• Design-Time - The Certificate Manager GUI may be displayed at design-time by (1) right-clicking on the component and selecting "Certificate Manager" from the context menu, or (2) selecting the component and then clicking on the "Certificate Manager" link at the bottom of the Properties View.
• Runtime GUI - The Certificate Manager GUI may be displayed at runtime by using the ShowCertificateManager()()()() method.
• Runtime Programmatic - Certificates may be imported into the operating system's Certificate Stores using the Import methods of SSLFTPCertificate.
• Microsoft Management Console (MMC) - The Microsoft Management Controls (MMC) may be used for managing the operating system's certificate stores.

In the SSH-based protocol, SFTP, the server is validated by means of its public key. Typically, the server's public key is stored in either a file containing that single key, or in a file often called known_hosts which can contain a number of public keys for different servers. When the client connects to the server, the server's public key is returned and compared with the available public keys stored in the client. Known-host files may be loaded by setting the KnownHosts.KnownHostsFile property. Individual public keys may be loaded using the KnownHosts.AddKnownHost method.

Client validation is the process by which the client authenticates itself to the server. For many FTP/FTPS/SFTP servers password authentication is sufficient; it is configured through the UserName and Password properties. In explicit FTPS and implicit FTPS, a certificate may also be required; this loaded by the ClientCertificate property. In SFTP the server may request the public key corresponding to the client's private key, which is set using the ClientPrivateKeyFile property.