locked
API client server issue RRS feed

  • Question

  • User1489758560 posted

    Hello,

    There is is WebAPI developed using WebAPI2 and running on my client server. It was developed using VS2015 using c# language. On my client server they completely stopped the TLS 1.0, TLS 1.1. They only have now TLS 1.2. So  we are consuming the API and all the sudden we couldn't consume the API. i was looking in the options online and to tackle this on code level the following code has to be included in the global.asax to resolve the issue to support 1.0, 1.1 version with out turning on server level because other application should not get affected. 

    System.Net.ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

    will this a correct solution? how to add this in API config file? any suggestions and sample please

    Monday, July 24, 2017 8:38 PM

All replies

  • User1168443798 posted

    Hi born2win,

    >> On my client server they completely stopped the TLS 1.0, TLS 1.1. They only have now TLS 1.2. So  we are consuming the API and all the sudden we couldn't consume the API.

    Do you mean Web api is hosted in a server which only supports TLS 1.2? If so, what is the framework of your application which will consume the API?

    If it is lower than .NET 4.6, I think you could try to upgrade the .net framework to .net 4.5 whose default protocol is TLS 1.2.

    If you could not upgrade the .net framework for this application, you could specify the protocol in code.

    >> how to add this in API config file?

    What do you mean by this? If the API Server disabled TLS 1.0 and TLS 1.1, you need to make the request client to use TLS 1.2. It could not be configured in config file. It is configured in code like below:

    Best Regards,

    Edward

    Tuesday, July 25, 2017 2:49 AM
  • User1489758560 posted

    Hi Edward,

    Thank you for the reply and here are my answers for your questions 

    Do you mean Web api is hosted in a server which only supports TLS 1.2? If so, what is the framework of your application which will consume the API?

      Ans:  Yes, it will only support TLS1.2. the framework what's there in the server is 4.5. client upgraded the framework 4.0 to 4.5 6 months ago. 

     

    If you could not upgrade the .net framework for this application, you could specify the protocol in code.

     If i need to add the protocol in the code level then please suggest me the place where i should add it. It should be application level. i don't want to add it to each routing url. So is global.asax is the right place to add it?   else is there any better place to add it?  i couldn't see any code on your reply. so please help me on this. please show me a sample code and how to place the code in WEBAPI2. your help will be highly appreciable,

    Tuesday, July 25, 2017 6:22 PM
  • User1168443798 posted

    Hi born2win,

    How did you consume web api? If you call web api from web browser, will you get any error?

    Based on your description, I think you need to restrict api consumer to use TLS 1.2, since the web api service has disabled TLS 1.0 and TLS 1.1, it will use TLS 1.2 by default. There is no need to set anyting in web api side.

    Before calling web api method, you could add below code:

                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
    

    Best Regards,

    Edward

    Wednesday, July 26, 2017 6:49 AM
  • User1489758560 posted

    Hi Edward,

    we have website build on the asp.net 4.5 + vs 2015. The API will be called on the website using Ajax. since ajax used ll the operations happen on client side. so where to add the code you provided. you help will be highly appreciable.  also, i waned to add this in common place to avoid including i all the API calls. how to achieve this.

    Wednesday, July 26, 2017 11:48 AM
  • User1168443798 posted

    Hi born2win,

    For your scenario, I am afraid it is impossible.

    We could not set specific protocol in Ajax post. This is configured by web browser.

    Since you disabled protocol below TLS 1.2, and if client did not support TLS 1.2, they will receive error and the only option is to upgrade their web browser. This could not be configured at web api side except the server enable protocol below TLS 1.2.

    I think you could provide a friendly alert for user.

    # Detect browser TLS compatibility

    https://stackoverflow.com/questions/30991911/detect-browser-tls-compatibility

    Best Regards,

    Edward

    Thursday, July 27, 2017 7:36 AM