I decided to create a new BizTalk FTP/FTPS/SFTP adapter that would be robust and allow me to connect to both FTP, FTPS (FTP over SSL or FTP-SSL), and SFTP (SSH File Transfer Protocol) servers. It also doesn’t have the limitation on server OSs that the MS FTP adapter has.
Here are the Receive Location Properties.
Explanation of properties:
FTP Type – FTP, FTPS (FTP over SSL or FTP-SSL), or SFTP (SSH File Transfer Protocol).
CRLF Mode - The CRLF Mode property applies when downloading files in ASCII mode. If CRLF Mode is set to No Alteration the transfer happens normally without alteration. A value of CRLF converts all line endings to CR+ LF. A value of LF Only converts all line endings to LF-only. A value of CR Only converts all line endings to CR-only.
FTP Trace Mode – Send a trace of the FTP session and any errors to either a File, designated by the FTP Trace path and FileName, Event Log, Both, or None.
Temporary Remote Directory – Use a temporary remote directory to transfer files then move to final location.
Transfer Mode – Binary or ASCII
Use Passive Host Address - Some FTP servers need this option for passive data transfers. In passive mode, the data connection is initiated by the client sending a PASV command to the FTP server, and the FTP server responds with the IP address and port number where it is listening for the client's connection request. When the Use Passive Host Address property is set to Yes, the IP address in the PASV response is discarded and the IP address of the remote endpoint of the existing control connection is used instead.
Authentication Mode - By setting the Authentication Mode Property to AuthTls , a secure FTP connection can be established using either SSL 3.0 or TLS 1.0. The FTP_FTPS Adapter will automatically choose whichever is supported by the FTP server during the secure channel establishment. The FTP control port remains at the default (21). Upon connection, the channel is converted to a secure channel automatically. All control messages and data transfers are encrypted. By choosing Implicit SSL, the FTP_FTPS Adapter connects using SSL on port 990, which is the de-facto standard FTP SSL port.
Client Certificate – The FTP_FTPS_SFTP Adapter provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS).
Clear Control Channel - Reverts the FTP control channel from SSL/TLS to an unencrypted channel. This may be required when using FTPS with AUTH TLS where the FTP client is behind a DSL or cable-modem router that performs NAT (network address translation). If the control channel is encrypted, the router is unable to translate the IP address sent in the PORT command for data transfers. By clearing the control channel, the data transfers will remain encrypted, but the FTP commands are passed unencrypted.
Private Key File – The FTP_FTPS_SFTP Adapter provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). You may load a certificate from separate .crt (or .cer) and .pvk files and use it as the client-side SSL cert. The .pvk contains the private key. The .crt/.cer file contains the PEM or DER encoded digital certificate. Note: Client-side certificates are only needed in situations where the server demands one.
Invoice VAN FTP/SSL – By choosing yes, the FTP_FTPS_SFTP Adapter sets all the properties correctly to connect to an Inovis VAN FTP/SSL.
Tumbleweed Certificate Common Name– The FTP_FTPS_SFTP Adapter can connect, authenticate, transfer files to a Tumbleweed Secure Transport SSL FTP Server. Instead of providing a login name and password, you pass the string "site-auth" for the username, and an empty string for the password. You must also provide a client-side digital certificate -- as the certificate's credentials and validity are used to authenticate.
MODE Z – The FTP/FTPS/SFTP Adapter automatically detects if the FTP server supports MODE Z. It allows for files to be uploaded and downloaded using compressed streams.
SOCKS Version - Both SSL/TLS and non-secure FTP communications may use SOCKS4 and SOCKS5 proxies. Choose which version of SOCKS and provide the SOCKS Proxy Host Name, SOCKS Proxy Password, SOCKS Proxy Port, and SOCKS Proxy User Name.
Active Port End Range - When Active FTP Mode is used, the client-side is responsible for choosing a random port for each data connection. (Note: In the FTP protocol, each data transfer occurs on a separate TCP/IP connection. Commands are sent over the control channel (port 21 for non-SSL, port 990 for SSL).)
Active Port Start Range - This property, along with Active Port End Range, allows the client to specify a range of ports for data connections when in Active mode.
Proxy Mode - The proxy scheme used by your FTP proxy server. Valid values are 0 to 8. Supported proxy methods are as follows:
Note: The Proxy Host Name is the hostname of the firewall, if the proxy is a firewall. Also, the Proxy User Name and Proxy Password are the firewall username/password (if the proxy is a firewall).
ProxyMethod = 1 (SITE site)
USER ProxyUsername
PASS ProxyPassword
SITE Hostname
USER Username
PASS Password
ProxyMethod = 2 (USER user@site)
USER Username@Hostname:Port
PASS Password
ProxyMethod = 3 (USER with login)
USER ProxyUsername
PASS ProxyPassword
USER Username@Hostname:Port
PASS Password
ProxyMethod = 4 (USER/PASS/ACCT)
USER Username@Hostname:Port ProxyUsername
PASS Password
ACCT ProxyPassword
ProxyMethod = 5 (OPEN site)
USER ProxyUsername
PASS ProxyPassword
OPEN Hostname
USER Username
PASS Password
ProxyMethod = 6 (firewallId@site)
USER ProxyUsername@Hostname
USER Username
PASS Password
ProxyMethod = 7
USER ProxyUsername
USER ProxyPassword
SITE Hostname:Port USER Username
PASS Password
ProxyMethod = 8
USER Username@ProxyUsername@Hostname
PASS Password@ProxyPassword
Detect FTP Authentication - Determines what combinations of FTP/FTPS/SFTP property settings result in successful data transfers. The FTP_FTPS_SFTP Adapter tries 13 different combinations of these properties: Ssl, AuthTls, AuthSsl, Port, Passive, and Use Passive Host Address. Within the FTP protocol, the process of fetching a directory listing is also considered a "data transfer". The FTP_FTPS Adapter method works by checking to see which combinations result in a successful directory listing download. The FTP_FTPS_SFTP Adapter requires the Host Name, Username, Password, and Port and returns a string containing an XML report of the results. It is a blocking call that may take approximately a minute to run. It is executed via the following screen that opens when the ellipses is pressed.
SSH Private Key Path and File Name - Authenticates with the SSH server using public-key authentication. The corresponding public key must have been installed on the SSH server for the Username. Authentication will succeed if the matching SSH Private Key Path and File Name is provided. Load a private key from a PEM file. Private keys may be loaded from OpenSSH and Putty formats. Both encrypted and unencrypted private key file formats are supported.
SSH Private Key Passphrase – Passphrase for an encrypted SSH private key file.
Note: When uploading files, the FTP/FTPS/SFTP adapter uses a .TMP file for any file over 4k. If you have a process that pulls *.* from the folder you are sending to, it might cause unintended consequences if the .TMP is removed before the FTP/FTPS/SFTP adapter can rename it.
The FTP/FTPS/SFTP Adapter supports dynamic sends.
If you’re running BizTalk on a 64 bit box, host the adapter on a 32 bit host. I’ll try to get a 64 bit FTP_FTPS_SFTP adapter up here soon.
Please email me if you need another setting for your particular FTP(S) server.
You can buy the FTP/FTPS/SFTP adapter here. It is pretty reasonably priced given the many hours I spent developing and testing it.
You can download the trial version by clicking here
The trial version prepends “Trial_Version_” to all transferred files.
I tested FTP, FTPS connections using FileZilla Server. I tested SFTP connections using COPSSH.
posted @ Wednesday, April 15, 2009 10:49 AM