Calling multiple webservices with different certificate types in a multithreaded environment

Question

My problem:

I have a webapp (.NET 4.5.1) doing multiple calls to external webservices. Some of the services only communicates over SSL and other over TSL only.

I know that, for some reason, ServicePointManager.SecurityProtocol can be set statically globaly for the appdomin (Why its global I have no idea), but since multiple calls can occure at the same time to different external services in different threads - I can't just change the SecurityProtcol for the appdomain for each service call.

Question:

How should I handle this in a multithreaded web app environment? Should I make service calls spawn in different appdomains where I can set SecurityProtocol? And if so - how should I do that?

Answer 1

I had this problem and found this solution that worked for me.

I just use ServicePointManager to handle connection certificates

ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateRemoteCertificate);

private bool ValidateRemoteCertificate(object Sender, X509Certificate Certificate, X509Chain Chain, SslPolicyErrors PolicyErrors)
        {
            ...
        }

To handle with with different requests I had a dictionary mapping server urls to a task. Each task runs asynchronously meaning that I don't have to handle with threads directly and inside each one I finally used System.Net objects. Namely, HttpWebRequest, FtpWebRequest and SmtpWebRequest. Each one of them has a property to enable/disable SSL connection but they all worked with the same method to validate certificates.