With TLS 1.0 and 1.1 being depricated, you will no doubt need to force your .NET websites / services to run over TLS 1.2 

This blog post shows you how you can do that.

NOTE: Thanks to @cultiv on Twitter for pointing this out. You can't force a site to respond only on TLS 1.2 this way, you would have to disable the other versions on the server to do that. What we are doing here is forcing all outgoing connections to TLS 1.2 first (it still falls back to 1.1/1.0 if the remote doesn't support 1.2).

MVC and Web API

In the root of the site, find the global.asax file, right click on it and view code.

In this file, there should be an Application_Start method.

In this method, add these lines to force TLS 1.2

namespace YourApplication
{
    public class WebApiApplication : System.Web.HttpApplication
    {
        protected void Application_Start()
        {
            //**Add these lines**
            if (ServicePointManager.SecurityProtocol.HasFlag(SecurityProtocolType.Tls12) == false)
            {
                ServicePointManager.SecurityProtocol = ServicePointManager.SecurityProtocol | SecurityProtocolType.Tls12;
            }
            //**Add these lines**

            AreaRegistration.RegisterAllAreas();
            GlobalConfiguration.Configure(WebApiConfig.Register);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);
        }
    }
}

Umbraco

If you are using Umbraco, you can put it in the ApplicationStarted method in a class which inherits from IApplicationEventHandler like this:

namespace YourApplication.EventHandlers
{
    public class RegisterEvents : ApplicationEventHandler
    {
        protected override void ApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
        {
            if (ServicePointManager.SecurityProtocol.HasFlag(SecurityProtocolType.Tls12) == false)
            {
                ServicePointManager.SecurityProtocol = ServicePointManager.SecurityProtocol | SecurityProtocolType.Tls12;
            }
        }
    }
}

Want to thank me?

If I've helped you out and you want to thank me, why not buy me a coffee?

About the author

Paul Seal

Umbraco MVP and .NET Web Developer from Derby (UK) who specialises in building Content Management System (CMS) websites using MVC with Umbraco as a framework. Paul is passionate about web development and programming as a whole. Apart from when he's with his wife and son, if he's not writing code, he's thinking about it or listening to a podcast about it.

Related Posts

How to send Slack messages programmatically using C#

In this post I show you how you can send Slack messages programmatically using C#

Read Post

How to fix the SVG 404 error when using Umbraco and Azure Blob Storage

In this post I show you how to solve the SVG 404 error when working with Umbraco and Azure Blob Stor…

Read Post

Find out how my blog reached 1 million page views

In this post I will tell you how my blog reached 1 million page views.

Read Post

How to include scripts from partial views in MVC and Umbraco

This post will show you how you can include scripts from inside an MVC partial view rather than havi…

Read Post