Get started

Let's get your .NET application protected against Server Side Request Forgery attacks.

Create a .NET project with the idunno.Security.Ssrf nuget package

At the command line run the following commands

dotnet new console -n NoSsrf
cd NoSsrf
dotnet add package idunno.Security.Ssrf

Create a new .NET Command Line project by opening the File menu, and choosing New ▶ Project.
In the "Create a new project" dialog select C# as the language, choose Console App as the project type then click Next.
In the "Configure your new project" dialog name the project NoSsrf and click Next.
In the "Additional information" dialog choose a Framework as .NET 10.0, uncheck the "Do not use top level statements" check box then click Create.
Under the Project menu Select Manage nuget packages, select the Browse tab. Search for idunno.Security.Ssrf, and click Install.
Close the Manage nuget packages dialog.

Create a new .NET Command Line project by opening the Command Palette (Ctrl + Shift + P) and search for .NET New Project
In the Create a new .NET Project template search for and select Console App
Select the folder you want to save your project in
Name your project NoSsrf
Choose the solution format you prefer.
Press Enter to create the solution.
Select the NoSsrf.csproj file in Explorer window.
Opening the Command Palette (Ctrl + Shift + P) and search for Nuget: Add
Enter idunno.Security.Ssrf in the package search dialog and choose the latest version.

Create an HttpClient

Open the Program.cs file in your editor of choice and add the following lines.

using (var httpClient = new HttpClient())
{
    var response = await httpClient.GetAsync("https://example.com");
    Console.WriteLine(response.StatusCode);
}

Save the changed file.
Compile and run your project with the following command
```
dotnet run
```

Open the Program.cs file from the Solution Explorer window and add the following lines.

using (var httpClient = new HttpClient())
{
    var response = await httpClient.GetAsync("https://example.com");
    Console.WriteLine(response.StatusCode);
}

Save the changed file.
Run the project by pressing F5 or choosing Start Debugging under the Debug menu.

Open the Program.cs file from the Explorer window and add the following lines.

using (var httpClient = new HttpClient())
{
    var response = await httpClient.GetAsync("https://example.com");
    Console.WriteLine(response.StatusCode);
}

Save the changed file.
Run the project by pressing F5 or choosing Start Debugging under the Run menu.

The program should run without any errors, and should output 200, the HTTP status code for a successful request.

Create an HttpClient with SSRF protection

Open the Program.cs file in your editor of choice and add the following lines.

var ssrfHandler = SsrfSocketsHttpHandlerFactory.Create();
using (var httpClient = new HttpClient(ssrfHandler))
{
    var response = await httpClient.GetAsync("https://example.com");
    Console.WriteLine(response.StatusCode);
}

Save the changed file.
Compile and run your project with the following command
```
dotnet run
```

Open the Program.cs file from the Solution Explorer window and add the following lines.

var ssrfHandler = SsrfSocketsHttpHandlerFactory.Create();
using (var httpClient = new HttpClient(ssrfHandler))
{
    var response = await httpClient.GetAsync("https://example.com");
    Console.WriteLine(response.StatusCode);
}

Save the changed file.
Run the project by pressing F5 or choosing Start Debugging under the Debug menu.

Open the Program.cs file from the Explorer window and add the following lines.

var ssrfHandler = SsrfSocketsHttpHandlerFactory.Create();
using (var httpClient = new HttpClient(ssrfHandler))
{
    var response = await httpClient.GetAsync("https://example.com");
    Console.WriteLine(response.StatusCode);
}

Save the changed file.
Run the project by pressing F5 or choosing Start Debugging under the Run menu.

The program should run without any errors, and should output two lines that say 200, the HTTP status code for a successful request.

Congratulations, you have an HttpClient with protection from SSRF!

Get started

Create a .NET project with the idunno.Security.Ssrf nuget package

Create an HttpClient

Create an HttpClient with SSRF protection

Explainers

Advanced Topics