Working with Yandex IoT Core in C#

Written by

Updated at June 15, 2026

Getting started
Create the required Yandex IoT Core resources
- Create a registry and add a certificate to it
- Create a device and add a certificate to it
Connect to Yandex IoT Core
Get authenticated in Yandex IoT Core
- Authentication with certificates
- Authenticating by username and password
Establish a connection
Subscribe to a topic and get messages
Send a message
Terminate the connection

Warning

Yandex IoT Core is no longer available to new users.

Current users can create resources until November 1, 2026. Afterwards, the service will go read-only and cease to operate on December 1, 2026. For more information on the timing and procedure, see Service shutdown.

In this tutorial, you will learn how to connect to Yandex IoT Core using the Paho library written in C#. The tutorial assumes that you know how to develop apps on .NET in C#.

Note

For the source code discussed in the tutorial, visit GitHub. Interactions with Yandex IoT Core are encapsulated in the YaClient class that you can use in your projects.

Once connected, you can:

To connect to Yandex IoT Core and start messaging:

Getting started

If you do not have the Yandex Cloud CLI yet, install and initialize it.
Download and install a development environment for .Net, e.g., Microsoft Visual Studio.

Create the required Yandex IoT Core resources

Create a registry and add a certificate to it

If you already have a certificate, start with the second step.

Create a certificate for the registry (skip this step if you already have a registry certificate):

openssl req -x509 \
  -newkey rsa:4096 \
  -keyout registry-key.pem \
  -out registry-cert.pem \
  -nodes \
  -days 365 \
  -subj '/CN=localhost'

Create a registry:

yc iot registry create --name my-registry

Add a certificate to the registry:

yc iot registry certificate add \
  --registry-name my-registry \ # Registry name.
  --certificate-file registry-cert.pem # Path to the public part of the certificate.

Create a device and add a certificate to it

If you already have a certificate, start with the second step.

(Optional) Create a certificate for the device:

openssl req -x509 \
  -newkey rsa:4096 \
  -keyout device-key.pem \
  -out device-cert.pem \
  -nodes \
  -days 365 \
  -subj '/CN=localhost'

Review a list of the registries where you can create a device or create a new registry.

Create a device:

yc iot device create --registry-name my-registry --name my-device

Add a certificate to the device:

yc iot device certificate add \
  --device-name my-device \ # Device name.
  --certificate-file device-cert.pem # Path to the public part of the certificate.

Connect to Yandex IoT Core

Before connecting, configure the connection parameters using the following code:

// Setting up a TLS connection
MqttClientOptionsBuilderTlsParameters tlsOptions = new MqttClientOptionsBuilderTlsParameters
{
  SslProtocol = SslProtocols.Tls12,
  UseTls = true
};

// Enabling the server validation event handler
tlsOptions.CertificateValidationCallback += CertificateValidationCallback;

// Setting up the connection parameters
var options = new MqttClientOptionsBuilder()
    .WithClientId($"Test_C#_Client_{Guid.NewGuid()}")
    .WithTcpServer(MqttServer, MqttPort)
    .WithTls(tlsOptions)
    .WithCleanSession()
    .WithCredentials(id, password)
    .WithKeepAlivePeriod(TimeSpan.FromSeconds(90))
    .WithKeepAliveSendInterval(TimeSpan.FromSeconds(60))
    .Build();

var factory = new MqttFactory();
IMqttClient mqttClient = factory.CreateMqttClient();

// Enabling the data receipt event handler
mqttClient.UseApplicationMessageReceivedHandler(DataHandler);

// Enabling the event handler for connections to Yandex IoT Core
mqttClient.UseConnectedHandler(ConnectedHandler);

// Enabling the event handler for losing connections to Yandex IoT Core
mqttClient.UseDisconnectedHandler(DisconnectedHandler);

Where:

MqttClientOptionsBuilderTlsParameters: Class that specifies the TLS usage parameters when connecting to Yandex IoT Core.
MqttClientOptionsBuilder: Constructor class that sets the connection options. You can use the default settings, but we recommend setting the WithKeepAlivePeriod and WithKeepAliveSendInterval parameters. The values of these parameters determine:
- Rate of sending the PINGREQ commands.
- Client response time to a broken connection.
  
  The lower the above parameters, the sooner the client will find out that the connection was terminated abnormally. However, this increases the frequency of billable PINGREQ commands.

Get authenticated in Yandex IoT Core

There are two authentication methods:

Authentication with certificates

When authenticating with X.509 certificates, it is most convenient to use PKCS#12 certificates in PFX format. To generate a certificate in PKCS#12 format from PEM certificates, run the command:

openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem

To load certificates in your project, use the following code:

X509Certificate2 certificate = new X509Certificate2(certPath);

The client certificate used for authentication on the server is specified when setting up a TLS connection:

X509Certificate2 certificate = new X509Certificate2(certPath);
List<byte[]> certificates = new List<byte[]>();
certificates.Add(certificate.Export(X509ContentType.SerializedCert));

// Setting up a TLS connection
MqttClientOptionsBuilderTlsParameters tlsOptions = new MqttClientOptionsBuilderTlsParameters
{
  Certificates = certificates,
  SslProtocol = SslProtocols.Tls12,
  UseTls = true
};

The certificate used for server authentication is used in the server validation event handler:

private static X509Certificate2 rootCrt = new X509Certificate2("rootCA.crt");

private static bool CertificateValidationCallback(X509Certificate cert, X509Chain chain, SslPolicyErrors errors, IMqttClientOptions opts)
{
  try
  {
    if (errors == SslPolicyErrors.None)
    {
      return true;
    }

    if (errors == SslPolicyErrors.RemoteCertificateChainErrors)
    {
      chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
      chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
      chain.ChainPolicy.ExtraStore.Add(rootCrt);

      chain.Build((X509Certificate2)rootCrt);
      // Comparing certificate thumbprints
      var res = chain.ChainElements.Cast<X509ChainElement>().Any(a => a.Certificate.Thumbprint == rootCrt.Thumbprint);
      return res;
    }
  }
  catch { }

  return false;
}

Authenticating by username and password

Authentication with a username and password in Yandex IoT Core requires the TLS protocol. To do this, use the MqttClientOptionsBuilderTlsParameters class:

// Setting up a TLS connection
MqttClientOptionsBuilderTlsParameters tlsOptions = new MqttClientOptionsBuilderTlsParameters
{
  SslProtocol = SslProtocols.Tls12,
  UseTls = true
};

// Enabling the server validation event handler
tlsOptions.CertificateValidationCallback += CertificateValidationCallback;

In the connection settings, use the WithCredentials method to specify the username (registry or device id) and password:

// Setting up the connection parameters
var options = new MqttClientOptionsBuilder()
    .WithClientId($"Test_C#_Client_{Guid.NewGuid()}")
    .WithTcpServer(MqttServer, MqttPort)
    .WithTls(tlsOptions)
    .WithCleanSession()
    .WithCredentials(id, password)
    .WithKeepAlivePeriod(TimeSpan.FromSeconds(90))
    .WithKeepAliveSendInterval(TimeSpan.FromSeconds(60))
    .Build();

Establish a connection

Establish a connection to Yandex IoT Core using the following code:

mqttClient.ConnectAsync(options, CancellationToken.None);

Use a callback function to receive messages:

...
  mqttClient.UseApplicationMessageReceivedHandler(DataHandler);
...

private Task DataHandler(MqttApplicationMessageReceivedEventArgs arg)
{
  return Task.CompletedTask;
}

Subscribe to a topic using the following code. In the SubscribeAsync method, specify the topic (topic) you want to subscribe to and the QoS level (qos).

mqttClient.SubscribeAsync(topic, qos);

Send a message

Send a message using the following code. In the PublishAsync method, specify the topic you want to send a message to, the message text, and the preferred quality of service level (qos).

mqttClient.PublishAsync(topic, "Your message text.", qos);

Handle connection loss events and track message delivery using callback functions:

...
  mqttClient.UseConnectedHandler(ConnectedHandler);
  mqttClient.UseDisconnectedHandler(DisconnectedHandler);
...

private Task ConnectedHandler(MqttClientConnectedEventArgs arg)
{
  return Task.CompletedTask;
}

private static Task DisconnectedHandler(MqttClientDisconnectedEventArgs arg)
{
  return Task.CompletedTask;
}

Terminate the connection

Disconnect from Yandex IoT Core using the following code:

mqttClient.DisconnectAsync();

Working with Yandex IoT Core in C#

Getting startedGetting started

Create the required Yandex IoT Core resourcesCreate the required Yandex IoT Core resources

Create a registry and add a certificate to itCreate a registry and add a certificate to it

Create a device and add a certificate to itCreate a device and add a certificate to it

Connect to Yandex IoT CoreConnect to Yandex IoT Core

Get authenticated in Yandex IoT CoreGet authenticated in Yandex IoT Core

Authentication with certificatesAuthentication with certificates

Authenticating by username and passwordAuthenticating by username and password

Establish a connectionEstablish a connection

Subscribe to a topic and get messagesSubscribe to a topic and get messages

Send a messageSend a message

Terminate the connectionTerminate the connection

Was the article helpful?