Member-only story
In this article I am going to explain HttpClient by walking you through a real life issue and what I learned along the way. I will first explain the issue I was trying to solve and the problems I encountered along the way. By the end of this article you will have an understanding of the do’s and don’ts when working with HttpClient in .NET.
Issue
I needed a solution that would tell me if an email and password where in a known data breach. If I knew a password or email was in a know breach I wanted to see how this related to fraud.
Solution
According to NIST 800–63–3 it is recommended to check passwords against known data breaches. To conform with this standard I decided to use the haveIbeenPwn API to check if both the password and email where in a known data breach.
Third-party API
The haveIbeenPwn API is a great resource because you send in the first five chars of a password hash and it will return what breach the password was discovered in and number of pwned password for that particular breach. The password was straight forward and easy to implement.
The email was a bit more challenging because it is a paid service and Troy Hunt did a great job explaining why is his blog post. In the end I purchased sixed api keys and was able to process ~200 request per min, since the email has a rate 1500ms.
HttpClient