System.Net.ServicePointManager.SecurityProtocol In Use

1.8k views Asked by At

We have a C# class that is used by both a server and web app to get info from a 3rd party web service. Currently the service is accessible via http and https. We are trying to get the class to work with https because we believe the 3rd party will only allow https access in the future.

This is our code that works:

using (HttpClient httpClient = new HttpClient())
        {
            try
            {
                //specify to use TLS 1.2 as default connection
                System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

                var uri = new Uri(url);
                string uriStr = uri.ToString();
                string msg = $"uri: {uriStr}";

                ApplicationLogger.Singleton.LogMessage(LogCategories.General, System.Diagnostics.TraceEventType.Verbose, msg, "GetUrlResponseString - uri");

                var task =  httpClient.GetStringAsync(uri);
                task.Wait();

                string taskBools = "";
                if (task.IsCompleted)
                    taskBools = "Task Completed";
                else if (task.IsFaulted)
                    taskBools = "Task Faulted";
                else if (task.IsCanceled)
                    taskBools = "Task Canceled";

                string taskStatus = task.Status.ToString();
                msg = $"Task Status: {taskBools} taskStatus: {taskStatus}";

                ApplicationLogger.Singleton.LogMessage(LogCategories.General, System.Diagnostics.TraceEventType.Verbose, msg, "Task Status");

                string listOfSites = (string)task.Result;
                ApplicationLogger.Singleton.LogMessage(LogCategories.General, System.Diagnostics.TraceEventType.Verbose, 
                    $"listOfSites: {listOfSites}", "GetUrlResponseString - listOfSites");

                return listOfSites;
            }

On your site and others, we see mention of the SecurityProtocolType.SystemDefault. From my research, we'd like to use that because it is supposed to get the security setting from the operating system. We'd like our server admins to handle that. That way we wouldn't have to change the code in the future.

Now I know we may have to re-compile and deploy the class library when .Net supports Tls13, Tls14 and etc. But it still eliminates a code change.

Anyways, our server admin can't get it to work with the SecurityProtocolType.SystemDefault setting. She wants to know what the program thinks is the current security setting. Is there something that I can't examine/print to see what it is?

0

There are 0 answers