MMS • Edin Kapic
Article originally posted on InfoQ. Visit InfoQ
The .NET 7 launch has brought many improvements around the whole API surface of the .NET Framework. In networking operations, .NET 7 improves the capabilities and performance of the existing HTTP and WebSockets protocols. It exposed a new protocol called QUIC and has many performance improvements compared to .NET 6.
The performance improvements around networking capabilities in .NET 7 were made possible by removing unneeded memory allocations (in the SslStream
class) or by replacing old implementations with new ones. Specifically, the connection opening is now faster on sockets for all platforms. Some operations were made faster, like the IndexOf
method collection on the response body and the HtmlDecode
utility method. For secure connections, the security protocols allowed for optional performance-improving actions such as TLS resume support or OSCP stapling of certificate non-revocation proof and .NET 7 now implements those optimisations.
The existing protocols such as HTTP and WebSockets have been updated with small improvements over the board. HTTP connection pooling changes introduced in .NET 6 brought problems for some users, and .NET 7 fixes them. Accessing HTTP headers from code is now thread-safe and faster. WebSockets are now supported over HTTP/2, their handshake response information is exposed in the CollectHttpResponseDetails setting of the ClientWebSocketsOptions class and HTTP upgrade requests over WebSockets allow for the passing of a custom HttpClient
instead of the one encapsulated in the request.
Among the networking security improvements, the big change is the abstraction of the underlying security challenge negotiation protocol. Higher-level clients such as HttpClient
, SmtpClient
and SQL Server clients allow for NTLM or Kerberos authentication, but there was no generic support for these protocols below them. .NET 7 introduces a new low-level API embodied in the NegotiateAuthentication class. It maps to the Windows authentication SSPI library or the GSSAPI system library on Linux. The usage of the new API is done by specifying the NegotiateAuthenticationClientOptions (or its NegotiateAuthenticationServerOptions twin) in the NegotiateAuthentication constructor first and by invoking the GetOutgoingBlob method later.
X509 certificate chain validation is a standard when using certificate-based authentication for servers. During the validation, additional server certificates are downloaded and there was no way to influence this behaviour. .NET 7 introduces a new property for the SslClientAuthenticationOptions class called CertificateChainPolicy that allows changing the default chain validation with download denials, custom timeout settings or by using a custom certificate store.
QUIC is a custom transport-level protocol developed by Google in 2012 and supported by Chrome, Firefox and Edge browsers. It uses UDP as an underlying packet protocol, multiplexes the connections and uses encryption. QUIC was designed to be a modern TCP replacement for server connections and to allow for faster connection-oriented communication. .NET implements QUIC since .NET 5, but it was only used for the HTTP/3 protocol, which is essentially the HTTP over QUIC. In .NET 7, System.Net.Quick namespace exposes QuicListener, QuicConnection and QuicStream classes that can be used to establish and consume QUIC connections. Developers should be aware not to use QUIC as the only communication protocol because Internet routers can block UDP connections or only support TCP.