10 C# HttpClient Best Practices

The HttpClient class is a great tool for making HTTP requests in .NET. However, it’s important to use it correctly in order to avoid common pitfalls. In this article, we’ll go over 10 best practices for using HttpClient in C#.

1. Use HttpClientFactory

HttpClientFactory is a new feature introduced in ASP.NET Core 2.1 that makes it easier to manage the lifetime of HttpClient instances. It also allows for better control over how HttpClient instances are configured, and reduces the potential for leaking resources by making it easier to dispose of unused HttpClient instances.

HttpClientFactory also provides built-in support for handling common scenarios such as load balancing, caching, and authentication.

2. Dispose of the HttpClient properly

The HttpClient is designed to be a long-lived object, so it can be reused across multiple requests. However, this means that it’s important to dispose of the HttpClient properly when you’re finished with it.

If you don’t dispose of the HttpClient properly, you run the risk of leaking resources and causing memory leaks. Additionally, if you try to reuse an HttpClient that hasn’t been disposed of properly, you may get unexpected results.

To avoid these problems, make sure to dispose of the HttpClient properly using a using statement.

3. Don’t share instances across threads

The HttpClient class is designed to be re-used and shared across threads. However, this can lead to problems if not used correctly. For example, let’s say you have a multi-threaded application that makes HTTP requests using an HttpClient instance. Each thread may be making requests to different URLs, but they’re all using the same HttpClient instance.

If one of the threads makes a request to a URL that returns a redirect, then all subsequent requests made by any of the other threads will also be redirected to that same URL. This can cause problems if the other threads are expecting a different response.

To avoid these types of problems, it’s best to create a new HttpClient instance for each thread, or at least for each distinct URL that you’re requesting.

4. Set timeouts to avoid deadlocks

If a request is taking too long, it can cause a deadlock. That’s because the thread that’s waiting for the response will block other threads from processing, which can eventually lead to an application crash.

To avoid this, you should set timeouts on your HttpClient requests. That way, if a request takes too long, it will automatically cancel the request and release the thread.

You can set timeouts by using theTimeout property of the HttpRequestMessage class. For example, you could set a timeout of 30 seconds like this:

HttpRequestMessage request = new HttpRequestMessage();
request.Timeout = TimeSpan.FromSeconds(30);

Alternatively, you can use the SetTimeout method of the HttpClient class. For example, you could set a timeout of 30 seconds like this:

HttpClient httpClient = new HttpClient();
httpClient.SetTimeout(TimeSpan.FromSeconds(30));

5. Use Polly for transient fault handling

When you make an HTTP request, there’s always the potential for something to go wrong. Maybe the network connection is down, or the server is taking too long to respond. These are transient faults that usually resolve themselves after a short period of time.

If your code just keeps retrying the request until it eventually succeeds, then you’re going to end up with a lot of wasted effort and unnecessary load on the server. That’s where Polly comes in.

Polly is a .NET library that helps you handle transient faults in a more efficient way. It allows you to define a policy, such as “retry this request three times before giving up”. If the first attempt fails, Polly will automatically retry the request two more times before ultimately returning an error to the caller.

This can save a lot of time and effort, and it can also help improve the overall performance of your application.

6. Use a single instance per client and reuse it throughout the lifetime of your application

The HttpClient class is designed to be a long-lived and thread-safe object that can be reused for multiple requests. Creating a new instance of the HttpClient class for each request will exhaust the number of sockets available under heavy loads, which will result in socket errors. This will cause your application to fail.

Reusing the same instance of the HttpClient class will keep the number of open sockets to a minimum, which will improve the performance of your application and prevent socket errors.

7. Configure your clients with an AppContext switch to ignore certificate errors

When you make an HTTP request, the server may present a self-signed certificate or a certificate that is not signed by a trusted root authority. By default, the HttpClient class will throw an exception if it encounters such a certificate.

However, there are cases where you may want to ignore these errors and continue with the request. For example, you may be making a request to an internal server that uses a self-signed certificate. In this case, you can configure your HttpClient instance to ignore certificate errors by setting the switch “System.Net.Http.UseSslCertificateValidationCallback” to false in your AppContext.

8. Avoid using the default credentials

When you use the default credentials, the HttpClient will send your Windows credentials to the server. This is a security risk because your credentials could be intercepted and used by an attacker.

To avoid this, you should always explicitly set the credentials on the HttpClient before making any requests. You can do this by setting the DefaultRequestHeaders.Authorization header, or by using a credential provider.

9. Always use HTTPS

When you make an HTTP request, the entire request (including headers and the body) is sent in plain text. This means that anyone who can intercept the request (such as someone on the same network) can read the request and see any sensitive data that is being sent.

HTTPS solves this problem by encrypting the request before it is sent, so that even if it is intercepted, the person intercepting it will not be able to read it.

So, always use HTTPS when making HTTP requests, especially when sending sensitive data.

10. Use async/await when calling asynchronous methods

When an asynchronous method is called, the thread that calls the method is free to do other work while the asynchronous method is running. This can improve the performance of your application because the thread isn’t blocked while waiting for the asynchronous method to complete.

However, if you don’t use async/await when calling asynchronous methods, the thread that calls the method will be blocked until the asynchronous method completes. This can cause performance problems because the thread could be doing other work instead of being blocked.

Async/await makes it easy to write code that uses asynchronous methods without blocking the thread. Simply put, async/await allows you to write asynchronous code that looks and feels like synchronous code.