SecureHttpClient 2.2.5

.NET 8.0 
dotnet add package SecureHttpClient --version 2.2.5
NuGet\Install-Package SecureHttpClient -Version 2.2.5
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="SecureHttpClient" Version="2.2.5" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add SecureHttpClient --version 2.2.5
#r "nuget: SecureHttpClient, 2.2.5"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install SecureHttpClient as a Cake Addin
#addin nuget:?package=SecureHttpClient&version=2.2.5

// Install SecureHttpClient as a Cake Tool
#tool nuget:?package=SecureHttpClient&version=2.2.5

SecureHttpClient

SecureHttpClient is a dotnet cross-platform HttpClientHandler library, with additional security features.

Features

Feature Android iOS Windows
Certificate pinning
TLS 1.2+
HTTP/2
Compression (gzip / deflate / br)
Client certificates
Headers ordering
Cookies

Installation

NuGet

The most recent version is available (and is tested) on the following platforms:

  • Android 5-14 (API 21-34)
  • iOS 17.2
  • .net 8.0

Older versions support older frameworks (but they are not maintained anymore):

  • v2.1: net7.0 (android / ios / windows)
  • v2.0: net6.0 (android / ios / windows)
  • v1.x: MonoAndroid ; Xamarin.iOS ; NetStandard

Basic usage

Basic usage is similar to using System.Net.Http.HttpClientHandler.

// create the SecureHttpClientHandler
var secureHttpClientHandler = new SecureHttpClientHandler(null);

// create the HttpClient
var httpClient = new HttpClient(secureHttpClientHandler);

// example of a simple GET request
var response = await httpClient.GetAsync("https://www.github.com");
var html = await response.Content.ReadAsStringAsync();

Certificate pining

After creating a SecureHttpClientHandler object, call AddCertificatePinner to add one or more certificate pinner.

The request will fail if the certificate pin is not correct.

// create the SecureHttpClientHandler
var secureHttpClientHandler = new SecureHttpClientHandler(null);

// add certificate pinner
secureHttpClientHandler.AddCertificatePinner("www.github.com", ["sha256/YH8+l6PDvIo1Q5o6varvw2edPgfyJFY5fHuSlsVdvdc="]);

// create the HttpClient
var httpClient = new HttpClient(secureHttpClientHandler);

// example of a simple GET request
var response = await httpClient.GetAsync("https://www.github.com");
var html = await response.Content.ReadAsStringAsync();

In order to compute the pin (SPKI fingerprint of the server's SSL certificate), you can execute the following command (here for www.github.com host):

openssl s_client -connect www.github.com:443 -servername www.github.com | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64

Cookies and Redirect

SecureHttpClient handles cookies and redirects, but the behavior can differ a bit from one platform to another, because of different implementations in the native libraries used internally.

For strictly identical behavior between platforms, it's recommended to use Flurl on top of SecureHttpClient, and let it handle cookies and redirects.

// create the SecureHttpClientHandler
var secureHttpClientHandler = new SecureHttpClientHandler(null);

// disable redirect and cookies management in this handler
secureHttpClientHandler.AllowAutoRedirect = false;
secureHttpClientHandler.UseCookies = false;

// create the FlurlClient and CookieSession, they will manage redirect and cookies
var httpClient = new HttpClient(secureHttpClientHandler);
var flurlClient = new FlurlClient(httpClient);
var flurlSession = new CookieSession(flurlClient);

// example of a simple GET request using Flurl
var html = await flurlSession
    .Request("https://www.github.com")
    .GetStringAsync();

Advanced usage

For more advanced usage (logging, client certificates, cookies ordering...), have a look into the SecureHttpClient.Test folder for more code examples.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-android34.0 is compatible.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-ios17.2 is compatible.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.2.5 103 3/13/2024
2.2.4 102 3/6/2024
2.2.3 101 2/20/2024
2.2.2 133 1/15/2024
2.2.1 208 11/22/2023
2.2.0 126 11/17/2023
2.1.3 677 6/2/2023
2.1.2 1,919 4/25/2023
2.1.1 225 3/3/2023
2.1.0 275 12/19/2022
2.0.1 358 10/27/2022
2.0.0 337 10/25/2022
1.18.8 669 10/25/2022
1.18.7 492 7/25/2022
1.18.6 505 3/17/2022
1.18.5 419 11/15/2021
1.18.4 381 10/16/2021
1.18.3 425 6/1/2021
1.18.2 360 5/26/2021
1.18.1 463 2/25/2021
1.18.0 367 2/19/2021
1.17.5 398 2/10/2021
1.17.4 384 2/1/2021
1.17.2 388 1/26/2021
1.17.1 407 1/18/2021
1.17.0 391 1/13/2021
1.16.1 1,573 12/11/2020
1.16.0 453 12/2/2020
1.15.0 450 11/13/2020
1.14.1 479 10/14/2020
1.14.0 605 4/30/2020
1.13.7 621 4/15/2020
1.13.6 735 3/2/2020
1.13.5 509 2/14/2020
1.13.4 506 2/14/2020
1.13.3 538 1/13/2020
1.13.2 557 12/9/2019
1.13.1 558 10/25/2019
1.13.0 546 10/23/2019
1.12.4 689 6/30/2019
1.12.1 598 6/19/2019
1.12.0 671 3/26/2019
1.11.0 1,621 10/10/2018
1.10.0 913 6/20/2018
1.9.0 951 6/8/2018
1.8.0 984 5/25/2018
1.7.0 1,029 4/10/2018
1.6.0 987 10/19/2017
1.5.1 3,490 9/27/2017
1.5.0 994 7/2/2017
1.4.2 1,031 11/30/2016
1.4.1 1,032 11/25/2016
1.3.0 1,028 10/17/2016

https://github.com/ZitchCode/SecureHttpClient/releases