This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
HttpClient treatment in C# and effect on IDS #3628
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Question / Issue
HttpClient in C# is a disposable object that does not release socket on dispose. This has an effect of opening a new socket for each new HttpClient that is closed only due to inactivity.
We have experienced a delay on token checking that went into 20 seconds because of this issue.
Please consider having HttpClient as static throughout the entire Identity Server or Identity Server can experience port exhaustion. This can be turn into an attack rather quickly as well.
Test: Repeatedly run the relevant code where HttpClient is created and use netstat to check the occupied sockets.
The text was updated successfully, but these errors were encountered: