diff --git a/docs/core/extensions/httpclient-factory-keyed-di.md b/docs/core/extensions/httpclient-factory-keyed-di.md new file mode 100644 index 0000000000000..eb508cc0d29ea --- /dev/null +++ b/docs/core/extensions/httpclient-factory-keyed-di.md @@ -0,0 +1,302 @@ +--- +title: Keyed DI Support in IHttpClientFactory +description: Learn how to integrate IHttpClientFactory with Keyed Services. +author: CarnaViire +ms.author: knatalia +ms.date: 01/27/2025 +--- + +# Keyed DI support in `IHttpClientFactory` + +In this article, you learn how to integrate `IHttpClientFactory` with Keyed Services. + +[_Keyed Services_](dependency-injection.md#keyed-services) (also called _Keyed DI_) is a dependency injection (DI) feature that allows you to conveniently operate with multiple implementations of a single service. Upon registration, you can associate different _service keys_ with the specific implementations. At run time, this key is used in lookup in combination with a service type, which means you can retrieve a specific implementation by passing the matching key. For more information on Keyed Services, and DI in general, see [.NET dependency injection][di]. + +For an overview on how to use `IHttpClientFactory` in your .NET application, see [IHttpClientFactory with .NET][hcf]. + +## Background + +`IHttpClientFactory` and Named `HttpClient` instances, unsurprisingly, align well with the Keyed Services idea. Historically, among other things, `IHttpClientFactory` was a way to overcome this long-missing DI feature. But plain Named clients require you to obtain, store, and query the `IHttpClientFactory` instance—instead of injecting a configured `HttpClient`—which might be inconvenient. While Typed clients attempt to simplify that part, it comes with a catch: Typed clients are easy to [misconfigure](httpclient-factory-troubleshooting.md#typed-client-has-the-wrong-httpclient-injected) and [misuse](httpclient-factory.md#avoid-typed-clients-in-singleton-services), and the supporting infrastructure can also be a tangible overhead in certain scenarios (for example, on mobile platforms). + +Starting from .NET 9 (`Microsoft.Extensions.Http` and `Microsoft.Extensions.DependencyInjection` packages version `9.0.0+`), `IHttpClientFactory` can leverage Keyed DI directly, introducing a new "Keyed DI approach" (as opposed to "Named" and "Typed" approaches). "Keyed DI approach" pairs the convenient, highly configurable `HttpClient` registrations with the straightforward injection of the specific configured `HttpClient` instances. + +## Basic Usage + +As of .NET 9, you need to _opt in_ to the feature by calling the extension method. If opted in, the Named client applying the configuration is added to the DI container as a Keyed `HttpClient` service, using the client's name as a service key, so you can use the standard Keyed Services APIs (for example, ) to obtain the desired Named `HttpClient` instances (created and configured by `IHttpClientFactory`). By default, the clients are registered with _Scoped_ lifetime. + +The following code illustrates the integration between `IHttpClientFactory`, Keyed DI, and ASP.NET Core 9.0 Minimal APIs: + +:::code source="snippets/http/keyedservices/Program.cs" highlight="4,10,16"::: + +Endpoint response: + +```sh +> ~ curl http://localhost:5000/ +{"name":"runtime","url":"https://api.github.com/repos/dotnet/runtime"} +``` + +In the example, the configured `HttpClient` is injected into the request handler through the standard Keyed DI infrastructure, which is integrated into ASP.NET Core parameter binding. For more information on Keyed Services in ASP.NET Core, see [Dependency injection in ASP.NET Core](/aspnet/core/fundamentals/dependency-injection#keyed-services). + +## Comparison of Keyed, Named, and Typed approaches + +Consider only the `IHttpClientFactory`-related code from the [Basic Usage](#basic-usage) example: + +```csharp +services.AddHttpClient("github", /* ... */).AddAsKeyed(); // (1) + +app.MapGet("/", ([FromKeyedServices("github")] HttpClient httpClient) => // (2) + //httpClient.Get.... // (3) +``` + +This code snippet illustrates how the registration `(1)`, obtaining the configured `HttpClient` instance `(2)`, and using the obtained client instance as needed `(3)` can look when using the _Keyed DI approach_. + +Compare how the same steps are achieved with the two "older" approaches. + +First, with the _Named approach_: + +```csharp +services.AddHttpClient("github", /* ... */); // (1) + +app.MapGet("/github", (IHttpClientFactory httpClientFactory) => +{ + HttpClient httpClient = httpClientFactory.CreateClient("github"); // (2) + //return httpClient.Get.... // (3) +}); +``` + +Second, with the _Typed approach_: + +```csharp +services.AddHttpClient(/* ... */); // (1) + +app.MapGet("/github", (GitHubClient gitHubClient) => + gitHubClient.GetRepoAsync()); + +public class GitHubClient(HttpClient httpClient) // (2) +{ + private readonly HttpClient _httpClient = httpClient; + + public Task GetRepoAsync() => + //_httpClient.Get.... // (3) +} +``` + +Out of the three, the Keyed DI approach offers the most succinct way to achieve the same behavior. + +## Built-in DI container validation + +If you enabled the Keyed registration for a specific Named client, you can access it with any existing Keyed DI APIs. But if you erroneously try to use a name that isn't enabled yet, you get the standard Keyed DI exception: + +```csharp +services.AddHttpClient("keyed").AddAsKeyed(); +services.AddHttpClient("not-keyed"); + +provider.GetRequiredKeyedService("keyed"); // OK + +// Throws: No service for type 'System.Net.Http.HttpClient' has been registered. +provider.GetRequiredKeyedService("not-keyed"); +``` + +Additionally, the Scoped lifetime of the clients can help catch cases of captive dependencies: + +```csharp +services.AddHttpClient("scoped").AddAsKeyed(); +services.AddSingleton(); + +// Throws: Cannot resolve scoped service 'System.Net.Http.HttpClient' from root provider. +rootProvider.GetRequiredKeyedService("scoped"); + +using var scope = provider.CreateScope(); +scope.ServiceProvider.GetRequiredKeyedService("scoped"); // OK + +// Throws: Cannot consume scoped service 'System.Net.Http.HttpClient' from singleton 'CapturingSingleton'. +public class CapturingSingleton([FromKeyedServices("scoped")] HttpClient httpClient) +//{ ... +``` + +## Service lifetime selection + +By default, `AddAsKeyed()` registers `HttpClient` as a Keyed _Scoped_ service. You can also explicitly specify the lifetime by passing the `ServiceLifetime` parameter to the `AddAsKeyed()` method: + +```csharp +services.AddHttpClient("explicit-scoped") + .AddAsKeyed(ServiceLifetime.Scoped); + +services.AddHttpClient("singleton") + .AddAsKeyed(ServiceLifetime.Singleton); +``` + +If you call `AddAsKeyed()` within a Typed client registration, only the underlying Named client is registered as Keyed. The Typed client itself continues to be registered as a plain Transient service. + +### Avoid transient HttpClient memory leak + +> [!IMPORTANT] +> `HttpClient` is `IDisposable`, so we strongly recommend _avoiding_ Transient lifetime for Keyed `HttpClient` instances. +> +> Registering the client as a Keyed Transient service leads to the `HttpClient` and `HttpMessageHandler` instances being _captured by DI container_, as both implement `IDisposable`. This can result in _memory leaks_ if the client is resolved multiple times within Singleton services. + +### Avoid captive dependency + +> [!IMPORTANT] +> If `HttpClient` is registered either: +> +> - as a Keyed _Singleton_, -OR- +> - as a Keyed _Scoped_ or _Transient_, and injected within a _long-running_ (longer than `HandlerLifetime`) application Scope, -OR- +> - as a Keyed _Transient_, and injected into a _Singleton_ service, +> +> —the `HttpClient` instance becomes _captive_, and will likely outlive its expected `HandlerLifetime`. `IHttpClientFactory` has no control over captive clients, they're NOT able to participate in the handler rotation, and it can result in [the loss of DNS changes](httpclient-factory-troubleshooting.md#httpclient-doesnt-respect-dns-changes). A similar issue [already exists](httpclient-factory.md#avoid-typed-clients-in-singleton-services) for Typed clients, which are registered as Transient services. + +In cases when client's longevity can't be avoided—or if it's consciously desired, for example, for a Keyed Singleton—it's advised to [leverage `SocketsHttpHandler`](httpclient-factory.md#using-ihttpclientfactory-together-with-socketshttphandler) by setting `PooledConnectionLifetime` to a reasonable value. + +```csharp +services.AddHttpClient("shared") + .AddAsKeyed(ServiceLifetime.Singleton) // explicit singleton + .UseSocketsHttpHandler((h, _) => h.PooledConnectionLifetime = TimeSpan.FromMinutes(2)) + .SetHandlerLifetime(Timeout.InfiniteTimeSpan); // disable rotation +services.AddSingleton(); + +public class MySingleton([FromKeyedServices("shared")] HttpClient shared) // { ... +``` + +### Beware of scope mismatch + +While Scoped lifetime is much less problematic for the Named `HttpClient`s (compared to Singleton and Transient pitfalls), it has its own catch. + +> [!IMPORTANT] +> Keyed Scoped lifetime of a specific `HttpClient` instance is bound—as expected—to the "ordinary" application scope (for example, incoming request scope) where it was resolved from. However, it does NOT apply to the underlying message handler chain, which is still managed by the `IHttpClientFactory`, in the same way it is for the Named clients created directly from factory. `HttpClient`s with the _same_ name, but resolved (within a `HandlerLifetime` timeframe) in two different scopes (for example, two concurrent requests to the same endpoint), can reuse the _same_ `HttpMessageHandler` instance. That instance, in turn, has its own separate scope, as illustrated in the [Message handler scopes](httpclient-factory.md#message-handler-scopes-in-ihttpclientfactory). + +> [!NOTE] +> The [Scope Mismatch](httpclient-factory-troubleshooting.md#httpclient-doesnt-respect-scoped-lifetime) problem is nasty and long-existing one, and as of .NET 9 still remains [unsolved](https://github.com/dotnet/runtime/issues/47091). From a service injected through the regular DI infra, you would expect all the dependencies to be satisfied from the same scope—but for the Keyed Scoped `HttpClient` instances, that's unfortunately not the case. + +## Keyed message handler chain + +For some advanced scenarios, you might want to access `HttpMessageHandler` chain directly, instead of an `HttpClient` object. `IHttpClientFactory` provides `IHttpMessageHandlerFactory` interface to create the handlers; and if you enable Keyed DI, then not only `HttpClient`, but also the respective `HttpMessageHandler` chain is registered as a Keyed service: + +```csharp +services.AddHttpClient("keyed-handler").AddAsKeyed(); + +var handler = provider.GetRequiredKeyedService("keyed-handler"); +var invoker = new HttpMessageInvoker(handler, disposeHandler: false); +``` + +## How to: Switch from Typed approach to Keyed DI + +> [!NOTE] +> We currently recommend using Keyed DI approach instead of Typed clients. + +A minimal-change switch from an existing Typed client to a Keyed dependency can look as follows: + +```diff +- services.AddHttpClient( // (1) Typed client ++ services.AddHttpClient(nameof(Service), // (1) Named client + c => { /* ... */ } // HttpClient configuration + //).Configure.... +- ); ++ ).AddAsKeyed(); // (1) + Keyed DI opt-in + ++ services.AddTransient(); // (1) Plain Transient service + + public class Service( +- // (2) "Hidden" Named dependency ++ [FromKeyedServices(nameof(Service))] // (2) Explicit Keyed dependency + HttpClient httpClient) // { ... +``` + +In the example: + +1. The registration of the Typed client `Service` is split into: + - A registration of a Named client `nameof(Service)` with the same `HttpClient` configuration, and an opt-in to Keyed DI; and + - Plain Transient service `Service`. +2. `HttpClient` dependency in `Service` is explicitly bound to a Keyed Service with a key `nameof(Service)`. + +The name doesn't have to be `nameof(Service)`, but the example aimed to minimize the behavioral changes. Internally, typed clients use Named clients, and by default, such "hidden" Named clients go by the linked Typed client's type name. In this case, the "hidden" name was `nameof(Service)`, so the example preserved it. + +Technically, the example "unwraps" the Typed client, so that the previously "hidden" Named client becomes "exposed," and the dependency is satisfied via the Keyed DI infra instead of the Typed client infra. + +## How to: Opt in to Keyed DI by default + +You don't have to call for every single client—you can easily opt in "globally" (for any client name) via . From Keyed Services perspective, it results in the registration. + +```csharp +services.ConfigureHttpClientDefaults(b => b.AddAsKeyed()); + +services.AddHttpClient("first", /* ... */); +services.AddHttpClient("second", /* ... */); +services.AddHttpClient("third", /* ... */); + +public class MyController( + [FromKeyedServices("first")] HttpClient first, + [FromKeyedServices("second")] HttpClient second, + [FromKeyedServices("third")] HttpClient third) +//{ ... +``` + +### Beware Of "Unknown" clients + +> [!NOTE] +> `KeyedService.AnyKey` registrations define a mapping from _any_ key value to some service instance. However, as a result, the Container validation doesn't apply, and an _erroneous_ key value _silently_ leads to a _wrong instance_ being injected. + +> [!IMPORTANT] +> For Keyed `HttpClient`s, a mistake in the client name can result in erroneously injecting an "unknown" client—meaning, a client whose name was never registered. + +The same is true for the plain Named clients: `IHttpClientFactory` doesn't require the client name to be explicitly registered (aligning with the way the [Options pattern](options.md) works). The factory gives you an unconfigured—or, more precisely, default-configured—`HttpClient` for any unknown name. + +> [!NOTE] +> Therefore, it's important to keep in mind: the "Keyed by default" approach covers not only all _registered_ `HttpClient`s, but all the clients that `IHttpClientFactory` is _able to create_. + +```csharp +services.ConfigureHttpClientDefaults(b => b.AddAsKeyed()); +services.AddHttpClient("known", /* ... */); + +provider.GetRequiredKeyedService("known"); // OK +provider.GetRequiredKeyedService("unknown"); // OK (unconfigured instance) +``` + +### "Opt-in" strategy considerations + +Even though the "global" opt-in is a one-liner, it's unfortunate that the feature still requires it, instead of just working "out of the box." For full context and reasoning on that decision, see [dotnet/runtime#89755](https://github.com/dotnet/runtime/issues/89755) and [dotnet/runtime#104943](https://github.com/dotnet/runtime/pull/104943). In short, the main blocker for "on by default" is the `ServiceLifetime` "controversy": for the current (`9.0.0`) state of the DI and `IHttpClientFactory` implementations, there's no single `ServiceLifetime` that would be reasonably safe for all `HttpClient`s in all possible situations. There's an intention, however, to address the caveats in the upcoming releases, and switch the strategy from "opt-in" to "opt-out". + +## How to: Opt out from keyed registration + +You can explicitly opt out from Keyed DI for `HttpClient`s by calling the extension method, either per client name: + +```csharp +services.ConfigureHttpClientDefaults(b => b.AddAsKeyed()); // opt IN by default +services.AddHttpClient("keyed", /* ... */); +services.AddHttpClient("not-keyed", /* ... */).RemoveAsKeyed(); // opt OUT per name + +provider.GetRequiredKeyedService("keyed"); // OK +provider.GetRequiredKeyedService("not-keyed"); // Throws: No service for type 'System.Net.Http.HttpClient' has been registered. +provider.GetRequiredKeyedService("unknown"); // OK (unconfigured instance) +``` + +Or "globally" with : + +```csharp +services.ConfigureHttpClientDefaults(b => b.RemoveAsKeyed()); // opt OUT by default +services.AddHttpClient("keyed", /* ... */).AddAsKeyed(); // opt IN per name +services.AddHttpClient("not-keyed", /* ... */); + +provider.GetRequiredKeyedService("keyed"); // OK +provider.GetRequiredKeyedService("not-keyed"); // Throws: No service for type 'System.Net.Http.HttpClient' has been registered. +provider.GetRequiredKeyedService("unknown"); // Throws: No service for type 'System.Net.Http.HttpClient' has been registered. +``` + +## Order of precedence + +If called together or any of them more than once, `AddAsKeyed()` and `RemoveAsKeyed()` generally follow the rules of `IHttpClientFactory` configs and DI registrations: + +1. If called for the same name, the last setting wins: the lifetime from the last `AddAsKeyed()` is used to create the Keyed registration (unless `RemoveAsKeyed()` was called last, in which case the name is excluded). +2. If used only within `ConfigureHttpClientDefaults`, the last setting wins. +3. If both `ConfigureHttpClientDefaults` and specific client name were used, all defaults are considered to "happen" before all per-name settings. Thus, defaults can be disregarded, and the last of the per-name settings wins. + +## See also + +- [IHttpClientFactory with .NET][hcf] +- [Dependency injection in .NET][di] +- +- [Common `IHttpClientFactory` usage issues][hcf-troubleshooting] + +[hcf]: httpclient-factory.md +[di]: dependency-injection.md +[hcf-troubleshooting]: httpclient-factory-troubleshooting.md diff --git a/docs/core/extensions/httpclient-factory.md b/docs/core/extensions/httpclient-factory.md index 3c1d98af119bb..5c67bc01c4f33 100644 --- a/docs/core/extensions/httpclient-factory.md +++ b/docs/core/extensions/httpclient-factory.md @@ -293,6 +293,77 @@ A further workaround can follow with an extension method for registering a scope For more information, see the [full example](https://github.com/dotnet/docs/tree/main/docs/core/extensions/snippets/http/scopeworkaround). +## Avoid depending on "factory-default" Primary Handler + +In this section, the term _"factory-default" Primary Handler_ refers to the Primary Handler that the default `IHttpClientFactory` implementation (or more precisely, the default `HttpMessageHandlerBuilder` implementation) assigns if _not configured in any way_ whatsoever. + +> [!NOTE] +> The "factory-default" Primary Handler is an _implementation detail_ and subject to change. +> ❌ AVOID depending on a specific implementation being used as a "factory-default" (for example, `HttpClientHandler`). + +There are cases in which you need to know the specific type of a Primary Handler, especially if working on a class library. While preserving the end user's configuration, you might want to update, for example, `HttpClientHandler`-specific properties like `ClientCertificates`, `UseCookies`, and `UseProxy`. It might be tempting to cast the Primary handler to `HttpClientHandler`, which _happened to_ work while `HttpClientHandler` was used as the "factory-default" Primary Handler. But as any code depending on implementation details, such a workaround is _fragile_ and bound to break. + +Instead of relying on the "factory-default" Primary Handler, you can use `ConfigureHttpClientDefaults` to set up an "app-level" default Primary Handler instance: + +```csharp +// Contract with the end-user: Only HttpClientHandler is supported. + +// --- "Pre-configure" stage --- +// The default is fixed as HttpClientHandler to avoid depending on the "factory-default" +// Primary Handler. +services.ConfigureHttpClientDefaults(b => + b.ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler() { UseCookies = false })); + +// --- "End-user" stage --- +// IHttpClientBuilder builder = services.AddHttpClient("test", /* ... */); +// ... + +// --- "Post-configure" stage --- +// The code can rely on the contract, and cast to HttpClientHandler only. +builder.ConfigurePrimaryHttpMessageHandler((handler, provider) => + { + if (handler is not HttpClientHandler h) + { + throw new InvalidOperationException("Only HttpClientHandler is supported"); + } + + h.ClientCertificates.Add(GetClientCert(provider, builder.Name)); + + //X509Certificate2 GetClientCert(IServiceProvider p, string name) { ... } + }); +``` + +Alternatively, you can consider checking the Primary Handler type, and configure the specifics like client certificates only in the well-known supporting types (most likely, `HttpClientHandler` and `SocketsHttpHandler`): + +```csharp +// --- "End-user" stage --- +// IHttpClientBuilder builder = services.AddHttpClient("test", /* ... */); +// ... + +// --- "Post-configure" stage --- +// No contract is in place. Trying to configure main handler types supporting client +// certs, logging and skipping otherwise. +builder.ConfigurePrimaryHttpMessageHandler((handler, provider) => + { + if (handler is HttpClientHandler h) + { + h.ClientCertificates.Add(GetClientCert(provider, builder.Name)); + } + else if (handler is SocketsHttpHandler s) + { + s.SslOptions ??= new System.Net.Security.SslClientAuthenticationOptions(); + s.SslOptions.ClientCertificates ??= new X509CertificateCollection(); + s.SslOptions.ClientCertificates!.Add(GetClientCert(provider, builder.Name)); + } + else + { + // Log warning + } + + //X509Certificate2 GetClientCert(IServiceProvider p, string name) { ... } + }); +``` + ## See also - [Common `IHttpClientFactory` usage issues][hcf-issues] diff --git a/docs/core/extensions/snippets/http/keyedservices/Program.cs b/docs/core/extensions/snippets/http/keyedservices/Program.cs new file mode 100644 index 0000000000000..c648dab21f278 --- /dev/null +++ b/docs/core/extensions/snippets/http/keyedservices/Program.cs @@ -0,0 +1,22 @@ +var builder = WebApplication.CreateBuilder(args); + +// --- (1) Registration --- +builder.Services.AddHttpClient("github", c => + { + c.BaseAddress = new Uri("https://api.github.com/"); + c.DefaultRequestHeaders.Add("Accept", "application/vnd.github.v3+json"); + c.DefaultRequestHeaders.Add("User-Agent", "dotnet"); + }) + .AddAsKeyed(); // Add HttpClient as a Keyed Scoped service for key="github" + +var app = builder.Build(); + +// --- (2) Obtaining HttpClient instance --- +// Directly inject the Keyed HttpClient by its name +app.MapGet("/", ([FromKeyedServices("github")] HttpClient httpClient) => + // --- (3) Using HttpClient instance --- + httpClient.GetFromJsonAsync("/repos/dotnet/runtime")); + +app.Run(); + +record Repo(string Name, string Url); diff --git a/docs/core/extensions/snippets/http/keyedservices/keyedservices.csproj b/docs/core/extensions/snippets/http/keyedservices/keyedservices.csproj new file mode 100644 index 0000000000000..f5c993c757d95 --- /dev/null +++ b/docs/core/extensions/snippets/http/keyedservices/keyedservices.csproj @@ -0,0 +1,10 @@ + + + + net9.0 + enable + enable + KeyedServices + + + diff --git a/docs/fundamentals/toc.yml b/docs/fundamentals/toc.yml index f3c21c755d52a..17fbf7ace9f01 100644 --- a/docs/fundamentals/toc.yml +++ b/docs/fundamentals/toc.yml @@ -1098,6 +1098,9 @@ items: - name: HTTP client factory troubleshooting href: ../core/extensions/httpclient-factory-troubleshooting.md displayName: httpclient,http,client,factory,named client,named httpclient,typed client,typed httpclient + - name: Keyed DI support in HTTP client factory + href: ../core/extensions/httpclient-factory-keyed-di.md + displayName: httpclient,http,client,factory,dependency injection,keyed,keyed di,keyed services - name: Build resilient HTTP apps href: ../core/resilience/http-resilience.md displayName: resilience,transient fault handling,http,httpclient,recovery,polly