How do I allow a .NET Core console app FTP connection through Windows Firewall?

Question

I have a .NET Core console app that downloads files from an FTP server and processes them. I moved the app onto a new server, and it stopped working. Disabling Windows Firewall on the new server solves the problem, but obviously I don't want to leave it wide open - I need a targeted way of enabling this app. FTP traffic seems to already be allowed (inbound and outbound) by the default firewall rules, so I don't know which additional ports could be opened (I think I'm using active FTP, which can use a broad port range AFAIK). I would prefer to whitelist the application, but it is not an .exe file, so I'm not exactly sure which application to allow.

I run the application using a shortcut to a .bat file. The bat file contains just the following line:

dotnet "C:\path\my-application.dll"

The code on which the application fails is:

FtpWebRequest request = (FtpWebRequest)FtpWebRequest.Create(ftpServerUri);
request.UseBinary = true;
request.Credentials = new NetworkCredential(ftpUser, ftpPsw);
request.Method = WebRequestMethods.Ftp.ListDirectory;
request.Proxy = null;
request.KeepAlive = false;
request.UsePassive = false;

// hangs here forever unless Windows Firewall is turned off
FtpWebResponse response = (FtpWebResponse)await request.GetResponseAsync();

Is it possible to allow the application through the firewall? Do I allow dotnet.exe, or the .bat file, or the .dll file, or is there an alternate way of doing this? Thanks in advance for any help!

Answer 1

Do not use FTP active mode. And you won't have firewall problems.

The passive mode is enabled by default for a good reason. It makes it less problematic to pass through a firewall.

Remove this line:

request.UsePassive = false;

Read my article on network configuration needed for FTP active and passive modes.

Answer 2

You can try 2 things on Win10:

• Allow an App through Windows Firewall

Navigation Path: Control Panel\All Control Panel Items\Windows Defender Firewall\Allowed apps

Click Allow another app

On the following pop up, provide the absolute path to dotnet.exe

• Configure Windows Defender Firewall with Advance Security with below

Navigation Path: Control Panel\All Control Panel Items\Windows Defender Firewall\ Advanced Settings

EDIT:

Turns out whitelisting did the trick.