Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
Ask a Question

Can an Authentication Extension differentiate FTP from SFTP access?

0 votes
246 views
in CompleteFTP by (130 points)

I have a CompleteFTP server (v10.1.1) running both an FTP and SFTP site. I want to start moving all users to SFTP for security reasons, and eventually turn off the FTP site, but I cannot do that until all users have switched to SFTP, which is going to take some time working with those users. In the interim, I want to limit FTP access to only a subset of users, so that all new users are at least required to use SFTP. I am using a custom .NET authentication extension. Is there any way that my extension can determine if an incoming request is FTP or SFTP, so that it can behave differently (i.e. reject FTP logins for some users, allow SFTP for all users)?

Some things I have looked at:

  • IAuthenticationInfo has a RemoteEndPoint property of type IPEndPoint. If it had a LocalEndPoint property, then I could use that to check if the incoming request is port 21 or 22. But it does not appear to have that.
  • I have not tested this, but I could perhaps duplicate my entire Site configuration and have one run only FTP and one run only SFTP, then I could either build different custom authentication extensions for the two sites, or make a decision based on IAuthenticationInfo.SiteName in my extension. I'm hoping there is a less painful way though.
Thank you.
by (161k points)
This is a very good question - I'll pass it on to the person who wrote the authenticator code.

1 Answer

+1 vote
by (51.1k points)

Version 12.0.0, which is due for release in late November, will make the protocol accessible in the IUserInfo interface (and, by extension, the IAuthenticationInfo interface), as shown below:

public interface IUserInfo
{
    IPEndPoint RemoteEndPoint { get; }
    IPEndPoint LocalEndPoint { get; }
    string Protocol { get; }
    X509Certificate2 ClientCertificate { get; }
    string UserName { get; }
    bool IsValidUserName { get; set; }
    string SiteName { get; }
    Guid SiteID { get; }
    ISession Session { get; }
    string DefaultDomain { get; }
    string HomeDirectory { get; set; }
    List<string> Groups { get; }
}

Note the LocalEndPoint and ClientCertificate properties, which are also new.

by (130 points)
Thank you for the quick response.

Categories

EnterpriseDT 2020
...