All geek questions in one place

How to enable TLS 1.2 to call API in ASP.NET 2.0 application?

Our ASP.NET 2.0 website processes credit card transactions through Authorize.Net API calls. Authorize informed us that on a specific date to be announced, our client should use the TLS 1.2 protocol for API calls.

It looks like Microsoft has indicated that a solution is available in this 10-22-16KB article: https://support.microsoft.com/en-us/help/3154517/support-for-tls-system-default-versions-included -in-deputy .net-framework 2.0-sp2-on-windows-perspective-sp2-and-server-2008-sp2

... we added the SslProtocolsExtensions enumeration, which can be used as a parameter to configure TLS v1.2, TLS v1.1, and the operating system default values ​​for the ServicePointManager.SecurityProtocol property when targeting the .NET Framework version 2.0 SP2 .

Please note that despite the title of this article, the above quote does not apply to Windows Vista SP2 or Windows 2008 SP2 operating systems, as these operating systems do not support TLS v1.1 and 1.2.

I implemented and tested my understanding of the solution specified in the knowledge base article by following these steps:

  1. TLS 1.2 is enabled on our Windows Server 2008 R2 web server (and verified through ssllabs.com).
  2. They confirmed that SP2 is actually installed for the .NET Framework version 2.0.
  3. Two source files shown in the specified Knowledge Base article (i.e. SecurityProtocolTypeExtensions.cs and SslProtocolsExtensions.cs) were added to our project.
  4. The following line of code (from the knowledge base article) was introduced into the project just above the API call: System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolTypeExtensions.Tls12;

Unfortunately, when I run the application, I encounter the following error in the line of code shown in paragraph 3 above:

System.NotSupportedException: The requested security protocol is not supported.

At the moment I'm at a standstill. I am particularly grateful for any ideas on how to move forward with this solution, but I am interested to know about any other approaches that you know to allow API calls from an ASP.NET 2.0 application to use TLS 1.2. (Upgrading to a later version of the .NET Framework is a last resort.)

Thanks in advance for your help!

+10
source share
4 answers

We had to migrate to TLS 1.2 using our .NET 2.0 application, and we did not want to port the code to .NET 4.5 / 4.6. After several days of research and after going through this message, we found a solution. This post refers to the wrong HOTFIX. To get TLS 1.2 for .NET 2.0 on the 2008 R2 server, you need this HOTFIX: https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included- in-the-.net-framework

It refers to the 3.5.1 framework, but ALSO works for the 2.0 framework. After installing the hotfix, you can either make changes to the registry on the server, as indicated, or make changes to your application to directly reference TLS 1.2.

C # ServicePointManager.SecurityProtocol = (SecurityProtocolType) 3072;

VB ServicePointManager.SecurityProtocol = DirectCast (3072, System.Net.SecurityProtocolType)

For other OSs, check out the Troy Starr post here: https://community.qualys.com/thread/16917-net-framework

Hope this helps

+10
source

For those who find this thread, I managed to get TLS 1.2 to work on .Net 3.5 using the same steps (# 1- # 4) described in detail in the original question above. After I applied the patch to the Win 2012 server (which was provided to my public hosting company), then added a line of code to enable TLS 1.2 before calling the API, it worked right away:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolTypeExtensions.Tls12;
+6
source

I understand this question is a bit outdated, but it worked for us to help others - and our Authorize.Net transactions now work with TLS 1.2 in our .NET 2.0 AbleCommerce application. [It seems that the deadline for the transition to production has been extended until February 28, 2018.

Environment: Windows Server 2008 R2, IIS 7.5, AbleCommerce 7.0.2 build 11659, CommerceBuilder.AuthorizeNet 7.0.9764.0

In accordance with the answer of @JoeBoxer above, this link did the trick - in particular, by installing two registry keys for our x64-based system (the patch listed will not be installed in our field):

 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001

We also did this - since we did not have entries for TLS 1.2, but this alone did not fix the problem.

+1
source

AS TLS 1.2 does not support asp.net 2.0. There is an alternative way to implement TLS 1.2 without migrating the project from asp.net 2.0 to the latest / later version. Following are the steps:

  1. Create a new standalone project in a later version of asp.net.
  2. Add a new web service or WebAPI (later we will use it in the main project).
  3. Write down the specific code here and call the specific API that you need to verify using TLS 1.2.
  4. Now deploy this web service / WebAPI and use it in the main project.

The following is sample code:

 [WebMethod] public LoginResult TestLogin(string _username, string _password, string _tokenID) { try { System.Net.ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)3072; LoginResult _loginResult = new LoginResult(); _loginResult = _sForceRef.login(_username, _password + _tokenID); return _loginResult; } catch (Exception e) { throw e; } finally { } } Reference namespace System.Net { [System.Flags] public enum SecurityProtocolType { Ssl3 = 48, Tls = 192, Tls11 = 768, Tls12 = 3072, } }
0
source

Source: https://habr.com/ru/post/1263366/

More articles:


All Articles