REST calls in .NET (C#) over SSL (HTTPS)

Wow, it’s been a while…

I’ve been testing the REST API for Salesforce’s Radian6.  It’s very straightforward, but I spent HOURS trying to get it to work in .NET (C#).  I thought that it made sense to further document it here, and hopefully up the Google hit count.

Making a REST call in .NET is a no-brainer.  Simple code like the following should do the trick:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

protected string Call_Rest()
{
    //REST call:
    using (WebClient client = new WebClient())
    {
        //add HTTP headers (for auth)
        client.Headers.Add("auth_appkey", auth_appkey);
        if (auth_token == null || auth_token.Trim() == "")
        {
            client.Headers.Add("auth_user", auth_user);
            client.Headers.Add("auth_pass", auth_pass);
        }
        else
        {
            client.Headers.Add("auth_token", auth_token);
        }

        //send web request; get web response as XML
        try
        {
            responseXml = client.DownloadString(url);
        }
        catch (Exception exc)
        {
            responseXml = "ERROR: " + exc.Message;
        }
    }

    return responseXml;
}

The problem, of course, is that despite Googling for the syntax of making REST calls, and whether I used .NET’s WebClient, HttpWebRequest, or WebRequest classes, I kept on getting the same failure: a hang of a few minutes, followed by .NET throwing an exception with the message: “The underlying connection was closed: An unexpected error occurred on a send.”

This told me little, and pissed me off, and I was trying things left and right for at least 5 hours to no avail.  What made it even crazier is that when I used RESTClient (as suggested by Radian6 support), I had zero problems connecting to the Radian6 API.  So it was clearly something that I had to do in .NET to make this work.  But what?  

I only found the solution on my fourth page of Google results, on a post that is over 4 1/2 years old.  It turns out that:

“…the defult behavior in Vista and Server 2008 is to use TLS first for secure connections. If the server doesn’t support TLS, it’s supposed to negotiate with the client to use SSL3. In this case, the remote server wasn’t negotiating at all…It was just dropping the connection.”

So clearly, the Radian6 servers are using SSL, my code was using TLS by default, and the Radian6 server does not renegotiate to use SSL.  So the solution is merely to include the following ONE line of code, before the WebClient (or WebRequest or HttpWebRequest) is instantiated (so before line 3 in the code above).  And that line of code is:

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

That’s it.  So simple, yet so impossible to find documented anywhere. Even 4 1/2 years after this post. Sheesh.  Microsoft.