I have a Windows AppFramework 4.5 application with a method (below) that downloads blobs, specifically photos, using Microsoft.WindowsAzure.Storage. We tried updating our TLS protocol to TLS 1.2, and this method is no longer functioning (our Azure admin immediately reset to TLS protocol 1.0 so that the photos can be viewed in our application, which means I cannot see where the method fails, though I'm guessing it's throwing an error and is returning null per the try/catch).

I haven't found any documentation on how to migrate code that is using the Microsoft.WindowsAzure.Storage namespace. Do I need to update my references? Add security?

Thank you.

public static MemoryStream DownloadBlob_AsMemStreamTemp(string blobFilePath)
{
    try
    {
        // Retrieve reference to a blob
        string blobStorageConnectionString = "DefaultEndpointsProtocol=https;AccountName=MyAccount;AccountKey=[key];EndpointSuffix=core.windows";

        CloudStorageAccount blobStorageAccount = CloudStorageAccount.Parse(blobStorageConnectionString);
        CloudBlobClient blobClient = blobStorageAccount.CreateCloudBlobClient();
        CloudBlobContainer containerReference = blobClient.GetContainerReference("MyContainer");                
        containerReference.CreateIfNotExists();
        CloudBlobContainer blobContainer = containerReference;
        
        CloudBlockBlob blob = blobContainer.GetBlockBlobReference(blobFilePath);

        // Read content
        MemoryStream ms = new MemoryStream();
        blob.DownloadToStream(ms);
        return ms;

    }
    catch (Exception ex)
    {
        return null;
    }

}

I have a Windows AppFramework 4.5 application with a method (below) that downloads blobs, specifically photos, using Microsoft.WindowsAzure.Storage. We tried updating our TLS protocol to TLS 1.2, and this method is no longer functioning (our Azure admin immediately reset to TLS protocol 1.0 so that the photos can be viewed in our application, which means I cannot see where the method fails, though I'm guessing it's throwing an error and is returning null per the try/catch).

I haven't found any documentation on how to migrate code that is using the Microsoft.WindowsAzure.Storage namespace. Do I need to update my references? Add security?

Thank you.

public static MemoryStream DownloadBlob_AsMemStreamTemp(string blobFilePath)
{
    try
    {
        // Retrieve reference to a blob
        string blobStorageConnectionString = "DefaultEndpointsProtocol=https;AccountName=MyAccount;AccountKey=[key];EndpointSuffix=core.windows";

        CloudStorageAccount blobStorageAccount = CloudStorageAccount.Parse(blobStorageConnectionString);
        CloudBlobClient blobClient = blobStorageAccount.CreateCloudBlobClient();
        CloudBlobContainer containerReference = blobClient.GetContainerReference("MyContainer");                
        containerReference.CreateIfNotExists();
        CloudBlobContainer blobContainer = containerReference;
        
        CloudBlockBlob blob = blobContainer.GetBlockBlobReference(blobFilePath);

        // Read content
        MemoryStream ms = new MemoryStream();
        blob.DownloadToStream(ms);
        return ms;

    }
    catch (Exception ex)
    {
        return null;
    }

}

• c#
• azure-blob-storage
• tls1.2

Share Improve this question Follow edited Feb 5 at 19:37 E. A. Bagby asked Feb 4 at 19:38 E. A. BagbyE. A. Bagby 9341010 silver badges2727 bronze badges 14

• "our Azure admin immediately reset to TLS protocol 1.0" why? And what exact error are you seeing? Please show the full error message and stack trace. – Charlieface Commented Feb 4 at 19:50
• Are you looking for this documentation link? – Odrai Commented Feb 4 at 19:53
• 1 I think you need to set it explicitly for now. On Nov 1, 2025 Microsoft will stop supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). – Odrai Commented Feb 4 at 20:15
• 1 The next Microsoft link might be usefull. – Odrai Commented Feb 4 at 20:19
• 1 Use the free tool IIS Crypto is the easiest, otherwise you need to change registry manually, see learn.microsoft/en-us/mem/configmgr/core/plan-design/…. Having said that, Win 10 and 11 already support it, so no need. .NET Framework 4.5 and below actually do need to set ServicePointManager.SecurityProtocol, but I would strongly advise to upgrade the target framework version to 4.8 instead. – Charlieface Commented Feb 5 at 22:17

 |  Show 9 more comments

1 Answer 1

Sorted by: Reset to default 1

How to migrate to Azure TLS 1.2 When Using Microsoft.WindowsAzure.Storage

Posting the comment an answer so that it will help community to find better solution.

• I agree with Odrai's comment that explicitly setting ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; is necessary for .NET Framework 4.5 applications, as older versions do not enable TLS 1.2 by default.. This should be done before making Azure Storage requests to ensure compatibility after the upgrade.
• Also, Charlieface comment highlighted that enabling TLS 1.2 at the OS level is important. While Windows 10 and 11 already support it, additional steps like using IIS Crypto or modifying the Windows registry (as explained in Microsoft’s guide) may be required for certain environments.
• Additionally, upgrading to .NET Framework 4.8 is strongly recommended, as it includes native support for TLS 1.2, eliminating the need for manual configuration.
• Since you mentioned that the application is being rebuilt in .NET 8, a temporary fix using ServicePointManager.SecurityProtocol should work until the migration is complete.

However, long-term, it’s advisable to migrate from the deprecated Microsoft.WindowsAzure.Storage to Azure.Storage.Blobs for better security and future compatibility.

Code:

public static async Task ConfigureTls12()
{
    // Enable TLS 1.2 before connecting to Azure Storage
    System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

    // Add your connection string here.
    string connectionString = "";

    // Create a new container with Shared Key authorization.
    BlobContainerClient containerClient = new BlobContainerClient(connectionString, "sample-container");
    await containerClient.CreateIfNotExistsAsync();
}

Reference: Configure Transport Layer Security (TLS) for a client application - Azure Storage | Microsoft Learn