Question 1

How to implement certificate pinning with ModernHttpClient in Xamarin?

Accepted Answer

You need to obtain server certificate public key hashes using tools like OkHttp3 on Android, then configure them in the TLSConfig with Pin objects. The README provides a step-by-step example, including handling exceptions and wildcard domains for secure pinning.

Question 2

ModernHttpClient vs standard HttpClient for Xamarin performance?

Accepted Answer

ModernHttpClient generally performs better because it uses native networking stacks (NSURLSession on iOS, OkHttp3 on Android) instead of the managed .NET implementation, leading to faster HTTP requests and better resource usage, but it adds configuration complexity and platform-specific dependencies.

Question 3

How to handle self-signed certificates during development with ModernHttpClient?

Accepted Answer

Set the DangerousAcceptAnyServerCertificateValidator property to true in the TLSConfig to bypass certificate validation for self-signed certificates. This is useful for testing, but the README warns against using it in production to avoid security risks.

Question 4

Is ModernHttpClient compatible with .NET MAUI?

Accepted Answer

No, ModernHttpClient is designed for Xamarin and may not work out-of-the-box with .NET MAUI, as MAUI uses different underlying frameworks. Developers should look for updated libraries or native alternatives in the MAUI ecosystem for similar functionality.

Question 5

How to enable TLS 1.2 on older Android devices with ModernHttpClient?

Accepted Answer

For Android versions before Lollipop, install Xamarin.GooglePlayServices.SafetyNet and call ProviderInstaller.InstallIfNeeded in the MainActivity. ModernHttpClient enforces TLS 1.2+ by default, but this step is required for compatibility on legacy devices.

Question 6

What's the difference between CertificateOnly and PublicKeysOnly pinning modes?

Accepted Answer

CertificateOnly mode pins the entire certificate, while PublicKeysOnly mode pins only the public keys, allowing for certificate renewal without updating pins. ModernHttpClient defaults to CertificateOnly but switches to PublicKeysOnly if pins are provided, as explained in the release notes.

ModernHttpClient

What is ModernHttpClient?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions