User Authentication Debugging

0 votes
asked 6 days ago by Bigvlad (120 points)

I am currently working on the application that uses SFTP. Our users are using FileZilla client to upload files that are stored in Azure Storage and then those files are processed by our api. Currently we found a bug when the file from user A was saved in the directory of the user B(it should not be there). I would like to simulate the process in which the user authenticate through filezilla in my local environment and then upload files. When I was debugging the code it always come to this point below, but I am not able to step into the code. I am assuming that if I log into the filezilla and click quickconnect it should automatically hit the breakpoint where user authenticate, but I was not able to do so. How do you debug this in your local environment. Think about this as a localhost in web development, how do I achieve the same functionality, I would like to just login and see what is inside that code

server = new FileServer();

//I Want to step into this and see what is inside how to trigger this event???

server.Authentication += (sender, e) =>
{
    MyDbUser myUser;

    // try authenticating the user against a custom user database
    if (MyUserDatabase.TryAuthenticate(
        e.UserName, e.Password, out myUser))
    {
        // construct a user object
        var user = new FileServerUser(myUser.UserName, null, myUser.VirtualRoot);

        // accept authentication attempt with this user object
        e.Accept(user);
    }
    else
    {
        // reject authentication attempt
        e.Reject();
    }
};

1 Answer

0 votes
answered 5 days ago by Lukas Pokorny (124,610 points)

If you setup a server, register a custom Authentication event and launch it, and if you place a breakpoint into your event handler code (at if (MyUserDatabase.TryAuthenticate( line, for example), it should get hit when you connect to the server app being debugged using FileZilla (or any other SFTP/SSH client). If it doesn't, something is wrong with the debugger.

Stepping into server.Start() is sadly not possible because Rebex File Server is a closed-source library.

commented 5 days ago by Bigvlad (120 points)
Thanks I know what do you mean. Do you think is it possible to actually run sftp server in my local environment? I mean without using VM or anything, when I run server.Start() is it going to create something like a local instance of that server and can I then call that from filezilla while using my own IP? Maybe I am not hitting that because I am trying to connect to VM and the server actually runs in my computer, I can see all directories and folders and can manipulate files in azure storage through filezila but I would like to just see what is behind the scenes if you know what I mean.
commented 5 days ago by Lukas Pokorny (124,610 points)
Yes, it's definitely possible to run an SFTP server locally, start it in a debugger, and put breakpoints wherever you need in your code. We do that all the time, and I'm sure our users do that as well. No need to use VM or anything, it's basically just an ordinary .NET application that just happens to listen on a TCP port, to which you can connect using any SFTP client, and then those breakpoints will get hit. On the other hand, if you wanted to debug code running in a server in a VM, you would have to attach debugger remotely to a server instance running there.
So it looks like what you need is this: Run an instance of the server app locally, and use an SFTP client to connect to that instance, not to another instance in a VM.
commented 4 days ago by Bigvlad (120 points)
When I start debugging I can see that server is running, I can see my application is running on port 22, TCP protocol with firewall status Allowed. After that I want to  authenticate my user so in Filezilla instead of host to my VM I will just choose sftp://myipadresshere   and username and password that should be verified by my custom auth method inside _server.Authentication event. But when I click connect either from that particular computer which is running the application or even different computer it returns  Response:fzSftp started ptotocol_version=11 Connection timed out after 20 seconds could not connect to the server.
commented 4 days ago by Lukas Pokorny (124,610 points)
When you are debugging, the server will only accept connecting when it's actually running, not when it's paused on a breakpoint. That seems to be what is going on.
commented 3 days ago by Bigvlad (120 points)
I was able to debug it and hit the breakpoint by using local IP address 127.0.0 as a host
...