HTTPS request fails using HttpClient
This was a very helpful document. For ASP.NET Core 2.0, the answer was applied as follows (the result was successful):
using (var handler = new HttpClientHandler())
{
handler.ServerCertificateCustomValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
using (HttpClient client = new HttpClient(handler))
{
string requestObjJson = requestObj.ToJson();
var address = new Uri($"https://yourcompany.com/");
string token = GetToken();
client.BaseAddress = address;
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var contentData = new StringContent(requestObjJson, System.Text.Encoding.UTF8, "application/json");
using (var response = await client.PostAsync("yourcompany/new-employee", contentData))
{
var content = response.Content.ReadAsStringAsync();
var taskResult = content.Result;
JObject resultObj = JObject.Parse(taskResult);
return resultObj;
}
}
}
According to this SO post, you must enable TLS1.2 with ServicePointManager.
System.Net.ServicePointManager.SecurityProtocol |=
SecurityProtocolType.Tls12 |
SecurityProtocolType.Tls11 |
SecurityProtocolType.Tls; // comparable to modern browsers
Also noteworthy, the MSDN documentation for ServicePointManager.SecurityProtocols property makes this statement:
The .NET Framework 4.6 includes a new security feature that blocks insecure cipher and hashing algorithms for connections.
which suggests that some form of SHA1 block might be in place.
EDIT 16 Sep 2020
I changed from the = assignment operator to the |= operator so that requests to any other legacy sites which still require SSL will continue to work.