TLS 1.2 for .NET developers
July 24, 2018
Get started with this previous blog post for basic information, this article will just summarize actions for .NET apps.
The Autodesk Forge .NET package on NuGet started supporting .NET Framework 4.5.2 and, more recently, started supporting .NET Standard 2.0 (adding support for .NET Core).
But why these versions? The Forge package relies on 2 other packages: Newtonsoft.JSON & RestSharp. The second is the most restrictive in terms of supported versions, so that's what we use, see their summary here. RestSharp is not recreating the base connection, it uses HttpWebRequest .NET object, so the actual connection is a system feature.
Adding TLS 1.2 support
The application & packages will run using the .NET version of the project. In our case, as we're using RestSharp, actually the app needs to add support, not the packages (sorry being redundant here, just reinforcing the point).
What should I do?
First, ensure you have the latest Autodesk Forge package version, currently 1.2, which includes fixes and improvements.
If your app is running .NET Framework 4.6 or newer, no additional action is required to support TLS 1.2. Great news! If your app is running an older version, consider migrating to this version (or even newer). It's worth noting that 4.6 is almost 4 years old now, a lot has happened since its launch. The newest version is 4.7.2
Now if your app needs to run .NET 4.5.2, you'll need to add the following global change, preferably at the entry point and before any REST request.
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12
Finally, if your app is running an older version, it's probably not using RestSharp (requires 4.5.2), but still possible to support TLS 1.2 using this workaround, but you need to check how the actual connection is performed. Note that Microsoft ended support for .NET 4.5.1 on January 2016, read more here.