Please note that my last suggestion was intended ONLY for case when a user DOES NOT FILL a password. In such case it can mean two things:
1. "I don't want to use password" - it corresponds to null password.
2. "I have empty password" - it corresponds to empty string password.
So, I suggested to handle this by trying both variants.
Of course, if the user specifies a non-empty password, you will use that exact password. If it fails, you will report the error to the user immediately.
Also please note that everything works as expected:
1. Sftp.Login(Settings.Username, certificate) - does not send password to the server.
2. Sftp.Login(Settings.Username, password, certificate) - sends specified password to the server - ONLY if the password is null, no password is sent to the server.
Also please note that everything depends on enabled authentication methods on the server as well. For example,
- if the server authenticates successfully just with certificate, no password is sent to the server.
- if server allows 'password' authentication method - the provided password is sent to the server.
- if server allows 'keyboard-interactive' authentication method - the specified password value is used only if the prompt contains phrase "password:" - if it does not contains the phrase, the AuthenticationRequest event is raised to read the "user answer".