Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to Specify HttpClientHandler in IHttpClientFactory #110009

Open
rdethurenssftcom opened this issue Nov 20, 2024 · 4 comments
Open

Allow to Specify HttpClientHandler in IHttpClientFactory #110009

rdethurenssftcom opened this issue Nov 20, 2024 · 4 comments
Labels
api-suggestion Early API idea and discussion, it is NOT ready for implementation area-Extensions-HttpClientFactory untriaged New issue has not been triaged by the area owner

Comments

@rdethurenssftcom
Copy link

Background and Motivation

We currently use IHttpClientFactory via dependency injection to generate our HttpClient.
In some of our use cases, we need to define ClientCertificates to connect to the target server. This can only be done by the HttpClientHandler. However, we can only set the right certificate within the scope of the request. So we can't use the HttpClientHandler configured via the DI.
We can create it directly using the HttpClient constructor, but in this case, we lose the configuration performed by the IHttpClientFactory.

We therefore need to dynamically define a handler for an httpClient generated when using an IHttpClientFactory.

Proposed API

namespace System.Net.Http;

public interface IHttpClientFactory
{
  // Existing method
  HttpClient CreateClient(string name);

  // New method
  HttpClient CreateClient(HttpClientHandler handler);
}

Usage Examples

You can use code blocks like this:

            X509Certificate2 certificate = GetCertificateByName(certificateName);
            HttpClientHandler handler = new HttpClientHandler();
            handler.ClientCertificates.Add(certificate);
            HttpClient httpClient = httpClientFactory.CreateClient(handler);

Alternative Designs

We are open to other way to go

Risks

As it add a new method endpoint, the risk of regression is minor
@rdethurenssftcom rdethurenssftcom added the api-suggestion Early API idea and discussion, it is NOT ready for implementation label Nov 20, 2024
@MihaZupan MihaZupan transferred this issue from dotnet/aspnetcore Nov 20, 2024
@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label Nov 20, 2024
@julealgon
Copy link

Probably a duplicate of, conceptually:

Discussions here might be relevant and provide workarounds:

@DL444
Copy link

DL444 commented Nov 20, 2024
edited
Loading

IMHO allowing configuration of HttpMessageHandler per-client seems to defeat the purpose of IHttpClientFactory which is to allow the primary handlers to be pooled and shared. Unfortunately as far as I see ClientCertificates seems to be configurable only via HttpClientHandler.

@CarnaViire
Copy link
Member

@julealgon and @DL444 comments are spot on.

If you need to create a new, additional connection with a new certificate to the same server, you are correct that you need a different handler instance -- but that means you need a new named client as well. Because the name corresponds to a shared handle instance. You use a cert name in the snippet -- is this something that can be used?

I understand that creating all the configurations for this could be extremely inconvenient, especially if there are lots of different tenants.

@rdethurenssftcom,

  1. How many different configurations do you have otherwise? is this mostly a single config, where the only difference would be a cert used? or do you have several "groups"?

  2. How often would the same combination server+cert be used, if at all? (meaning, could the established ssl/https connection to the server be reused within a short time?)

From triage perspective, this is a duplicate of #35997 and #36378

I will close the issue in favor of the linked ones, but before that I would like to learn more about the scenario, so I might be able to suggest a suitable workaround.

P.S.: Another way to solve this issue -- on a lower level -- might be a concept of sessions for HttpClient. This was discussed in e.g. #77668 and #35992. Same as with certificate, using a different proxy would require a new connection (and a different client name, if HttpClientFactory is used). However, if we introduce something like a Session to incapsulate that, it might greatly simplify the connections and handlers management.

@CarnaViire CarnaViire added the needs-author-action An issue or pull request that requires more info or actions from the author. label Nov 26, 2024
@rdethurenssftcom
Copy link
Author

Hi @CarnaViire , Thanks for your answer.

You totally understand the issue. Each instance is in charge of

  • Sending request to non specific tenant server. Currently we have 2 differents HTTP client (manage by there name thanks to the usage of the DI with the httpClient factory).
  • Sending request to some specific tenant (Some are using a specific cert). An instance is allow to manage 1-N tenant(s) which are dinamicaly define in a database and cert installed on Server. That's why we need ne generate the HttpClient on demand and specify the cert to use dynamically. More over we want to reuse a basic HttpClientFactory to inherit from other configuration (ex: Proxy settings,...)

Thanks in advance

@dotnet-policy-service dotnet-policy-service bot removed the needs-author-action An issue or pull request that requires more info or actions from the author. label Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-suggestion Early API idea and discussion, it is NOT ready for implementation area-Extensions-HttpClientFactory untriaged New issue has not been triaged by the area owner
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@julealgon @CarnaViire @DL444 @rdethurenssftcom