April 18th, 2019

Announcing the .NET Framework 4.8

Namrata Karnam
Senior Program Manager

We are thrilled to announce the release of the .NET Framework 4.8 today. It’s included in the Windows 10 May 2019 Update. .NET Framework 4.8 is also available on Windows 7+ and Windows Server 2008 R2+.

You can install .NET 4.8 from our .NET Download site. For building applications targeting .NET Framework 4.8, you can download the NET 4.8 Developer Pack. If you just want the .NET 4.8 runtime, you can try:

The .NET Framework 4.8 includes an updated toolset as well as improvements in several areas:

  • [Runtime] JIT and NGEN Improvements
  • [BCL] Updated ZLib
  • [BCL] Reducing FIPS Impact on Cryptography
  • [WinForms] Accessibility Enhancements
  • [WCF] Service Behavior Enhancements
  • [WPF] High DPI Enhancements, UIAutomation Improvements

You can see the complete list of improvements in the .NET Framework 4.8 release notesReference sources have also been updated for .NET 4.8.

Supported Windows Versions

Windows Client versions: Windows 10 version 1903, Windows 10 version 1809, Windows 10 version 1803, Windows 10 version 1709, Windows 10 version 1703, Windows 10 version 1607, Windows 8.1, Windows 7 SP1 Windows Server versions: Windows Server 2019, Windows Server version 1803, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2 SP1

New Features in .NET Framework 4.8

Runtime – JIT improvements

The JIT in .NET 4.8 is based on .NET Core 2.1.  All bug fixes and many code generation-based performance optimizations from .NET Core 2.1 are now available in the .NET Framework.

Runtime – NGEN improvements

NGEN images in the .NET Framework no longer contain writable & executable sections. This reduces the surface area available to attacks that attempt to execute arbitrary code by modifying memory that will be executed.

While there will still be writable & executable data in memory at runtime, this change removes those mapped from NGEN images, allowing them to run in restricted environments that don’t permit executable/writable sections in images.

Runtime – Antimalware Scanning for All Assemblies

In previous versions of .NET Framework, Windows Defender or third-party antimalware software would automatically scan all assemblies loaded from disk for malware. However, assemblies loaded from elsewhere, such as by using Assembly.Load(byte[]), would not be scanned and could potentially carry viruses undetected.

.NET Framework 4.8 on Windows 10 triggers scans for those assemblies by Windows Defender and many other antimalware solutions that implement the Antimalware Scan Interface. We expect that this will make it harder for malware to disguise itself in .NET programs.

BCL – Updated ZLib

Starting with .NET Framework 4.5 we used the native version of ZLib (a native external compression library used for data compression) from http://zlib.net in clrcompression.dll in order to provide an implementation for the deflate algorithm. In .NET Framework 4.8 we updated clrcompression.dll to use version 1.2.11 which includes several key improvements and fixes.

BCL – Reducing FIPS Impact on Cryptography

.NET Framework 2.0+ have cryptographic provider classes such as SHA256Managed, which throw a CryptographicException when the system cryptographic libraries are configured in “FIPS mode”. These exceptions are thrown because the managed versions have not undergone FIPS (Federal Information Processing Standards) 140-2 certification (JIT and NGEN image generation would both invalidate the certificate), unlike the system cryptographic libraries. Few developers have their development machines in “FIPS mode”, which results in these exceptions being raised in production (or on customer systems). The “FIPS mode” setting was also used by .NET Framework to block cryptographic algorithms which were not considered an approved algorithm by the FIPS rules.

For applications built for .NET Framework 4.8, these exceptions will no longer be thrown (by default). Instead, the SHA256Managed class (and the other managed cryptography classes) will redirect the cryptographic operations to a system cryptography library. This policy change effectively removes a potentially confusing difference between developer environments and the production environments in which the code runs and makes native components and managed components operate under the same cryptographic policy.

Applications targeting .NET Framework 4.8 will automatically switch to the newer, relaxed policy and will no longer see exceptions being thrown from MD5Cng, MD5CryptoServiceProvider, RC2CryptoServiceProvider, RIPEMD160Managed, and RijndaelManaged when in “FIPS mode”. Applications which depend on the exceptions from previous versions can return to the previous behavior by setting the AppContext switch “Switch.System.Security.Cryptography.UseLegacyFipsThrow” to “true”.

Windows Forms – Accessibility Enhancements

In .NET Framework 4.8 WinForms is adding three new features to enable developers to write more accessible applications. The features added are intended to make communication of application data to visually impaired users more robust. We’ve added support for ToolTips when a user navigates via the keyboard, we’ve added LiveRegions and Notification Events to many commonly used controls.

To enable these features your application needs to have the following AppContextSwitches enabled in the App.config file:

Windows Forms – UIA LiveRegions Support in Labels and StatusStrips

UIA Live Regions allow application developers to notify screen readers of a text change on a control that is located apart from the location where the user is working. Examples of where this would come in handy could be a StatusStrip that shows a connection status. If the connection is dropped and the Status changes, the developer might want to notify the screen reader of this change. Windows Forms has implemented UIA LiveRegions for both the Label control and the StatusStrip control.

Example use of the LiveRegion in a Label Control:

Narrator will now announce “Ready” Regardless of where the user is interacting with the application. You can also implement your UserControl as a Live region:

Windows Forms – UIA Notification Events

In Windows 10 Fall Creators Update Windows introduced a new method of having an application notify Narrator that content has changed, and Narrator should announce the change. The UIA Notification event provides a way for your app to raise a UIA event which leads to Narrator simply making an announcement based on text you supply with the event, without the need to have a corresponding control in the UI. In some scenarios, this could be a straightforward way to dramatically improve the accessibility of your app.  For more information about UIA Notification Events, see this blog post.

An example of where a Notification might come in handy is to notify the progress of some process that may take some time.

An example of raising the Notification event:

Windows Forms – ToolTips on keyboard access

Currently a control tooltip can only be triggered to pop up by moving a mouse pointer into the control. This new feature enables a keyboard user to trigger a control’s tooltip by focusing the control using a Tab key or arrow keys with or without modifier keys. This particular accessibility enhancement requires an additional AppContextSwitch as seen in the following example:

  1. Create a new WinForms application
  2. Add the following XML to the App.config file

  1. Add several buttons and a ToolTip control to the application’s form.
  2. Set tooltips for the buttons.
  3. Run the application and navigate between the buttons using a keyboard:

Windows Forms – DataGridView control accessible hierarchy changes

Currently the accessible hierarchy (UI Automation tree) shows the editing box tree element as a child of currently edited cell but not as a root child element of DataGridView. The hierarchy tree update can be observed using Inspect tool:

 WCF – ServiceHealthBehavior

Health endpoints have many benefits and are widely used by orchestration tools to manage the service based on the service health status. Health checks can also be used by monitoring tools to track and alert on the availability and performance of the service, where they serve as early problem indicators.

ServiceHealthBehavior is a WCF service behavior that extends IServiceBehavior.  When added to the ServiceDescription.Behaviors collection, it will enable the following:

  • Return service health status with HTTP response codes: One can specify in the query string the HTTP status code for a HTTP/GET health probe request.
  • Publication of service health: Service specific details including service state and throttle counts and capacity are displayed using an HTTP/GET request using the “?health” query string. Knowing and easily having access to the information displayed is important when trouble-shooting a mis-behaving WCF service.

Config ServiceHealthBehavior:

There are two ways to expose the health endpoint and publish WCF service health information: by using code or by using a configuration file.

  1. Enable health endpoint using code 

  1. Enable health endpoint using config

Return service health status with HTTP response codes:

Health status can be queried by query parameters (OnServiceFailure, OnDispatcherFailure, OnListenerFailure, OnThrottlePercentExceeded). HTTP response code (200 – 599) can be specified for each query parameter. If the HTTP response code is omitted for a query parameter, a 503 HTTP response code is used by default.

Query parameters and examples:

  1. OnServiceFailure:
  • Example: by querying https://contoso:81/Service1?health&OnServiceFailure=450, a 450 HTTP response status code is returned when ServiceHost.State is greater than CommunicationState.Opened.
  1. OnDispatcherFailure:
  • Example: by querying https://contoso:81/Service1?health&OnDispatcherFailure=455, a 455 HTTP response status code is returned when the state of any of the channel dispatchers is greater than CommunicationState.Opened.
  1. OnListenerFailure:
  • Example: by querying https://contoso:81/Service1?health&OnListenerFailure=465, a 465 HTTP response status code is returned when the state of any of the channel listeners is greater than CommunicationState.Opened.
  1. OnThrottlePercentExceeded: Specifies the percentage {1 – 100} that triggers the response and its HTTP response code {200 – 599}.
  • Example: by querying https://contoso:81/Service1?health&OnThrottlePercentExceeded= 70:350,95:500, when the throttle percentage is equal or larger than 95%, 500 the HTTP response code is returned; when the percentage is equal or larger than 70% and less then 95%,   350 is returned; otherwise, 200 is returned.

Publication of service health:

After enabling the health endpoint, the service health status can be displayed either in html (by specifying the query string: https://contoso:81/Service1?health) or xml (by specifying the query string: https://contoso:81/Service1?health&Xml) formats. https://contoso:81/Service1?health&NoContent returns empty html page.

Note:

It’s best practice to always limit access to the service health endpoint. You can restrict access by using the following mechanisms:

  1. Use a different port for the health endpoint than what’s used for the other services as well as use a firewall rule to control access.
  2. Add the desirable authentication and authorization to the health endpoint binding.

WPF – Screen narrators no longer announce elements with Collapsed or Hidden visibility

Elements with Collapsed or Hidden visibility are no longer announced by the screen readers. User interfaces containing elements with a Visibility of Collapsed or Hidden can be misrepresented by screen readers if such elements are announced to the user. In .NET Framework 4.8, WPF no longer includes Collapsed or Hidden elements in the Control View of the UIAutomation tree, so that the screen readers can no longer announce these elements.

WPF – SelectionTextBrush Property for use with Non-Adorner Based Text Selection

In the .NET Framework 4.7.2 WPF added the ability to draw TextBox and PasswordBox text selection without using the adorner layer (See Here). The foreground color of the selected text in this scenario was dictated by SystemColors.HighlightTextBrush.

In the .NET Framework 4.8 we are adding a new property, SelectionTextBrush, that allows developers to select the specific brush for the selected text when using non-adorner based text selection.

This property works only on TextBoxBase derived controls and PasswordBox in WPF applications with non-adorner based text selection enabled. It does not work on RichTextBox. If non-adorner based text selection is not enabled, this property is ignored.

To use this property, simply add it to your XAML code and use the appropriate brush or binding.

The resulting text selection will look like this:

You can combine the use of SelectionBrush and SelectionTextBrush to generate any color combination of background and foreground that you deem appropriate.

WPF – High DPI Enhancements

WPF has added support for Per-Monitor V2 DPI Awareness and Mixed-Mode DPI scaling in .NET 4.8. Additional information about these Windows concepts is available here.

The latest Developer Guide for Per monitor application development in WPF states that only pure-WPF applications are expected to work seamlessly in a high-DPI WPF application and that Hosted HWND’s and Windows Forms controls are not fully supported.

.NET 4.8 improves support for hosted HWND’s and Windows Forms interoperation in High-DPI WPF applications on platforms that support Mixed-Mode DPI scaling (Windows 10 v1803). When hosted HWND’s or Windows Forms controls are created as Mixed-Mode DPI scaled windows, (as described in the “Mixed-Mode DPI Scaling and DPI-aware APIs” documentation by calling SetThreadDpiHostingBehavior and SetThreadDpiAwarenessContext API’s), it will be possible to host such content in a Per-Monitor V2 WPF application and have them be sized and scaled appropriately. Such hosted content will not be rendered at the native DPI – instead, the OS will scale the hosted content to the appropriate size.

The support for Per-Monitor v2 DPI awareness mode also allows WPF controls to be hosted (i.e., parented) under a native window in a high-DPI application. Per-Monitor V2 DPI Awareness support will be available on Windows 10 v1607 (Anniversary Update). Windows adds support for child-HWND’s to receive DPI change notifications when Per-Monitor V2 DPI Awareness mode is enabled via the application manifest.

This support is leveraged by WPF to ensure that controls that are hosted under a native window can respond to DPI changes and update themselves. For e.g.- a WPF control hosted in a Windows Forms or a Win32 application that is manifested as Per Monitor V2 – will now be able to respond correctly to DPI changes and update itself.

Note that Windows supports Mixed-Mode DPI scaling on Windows 10 v1803, whereas Per-Monitor V2 is supported on v1607 onwards.

To try out these features, the following application manifest and AppContext flags must be enabled:

  1. Enable Per-Monitor DPI in your application
      • Turn on Per-Monitor V2 in your app.manifest

  2. Turn on High DPI support in WPF
    • Target .NET Framework 4.6.2 or greater

and

3. Set AppContext switch in your app.config

Alternatively,

Set AppContextSwitch Switch.System.Windows.DoNotUsePresentationDpiCapabilityTier2OrGreater=false in App.Config to enable Per-Monitor V2 and Mixed-Mode DPI support introduced in .NET 4.8.

The runtime section in the final App.Config might look like this:

AppContext switches can also be set in registry. You can refer to the AppContext Class for additional documentation.

WPF – Support for UIAutomation ControllerFor property

UIAutomation’s ControllerFor property returns an array of automation elements that are manipulated by the automation element that supports this property. This property is commonly used for Auto-suggest accessibility. ControllerFor is used when an automation element affects one or more segments of the application UI or the desktop. Otherwise, it is hard to associate the impact of the control operation with UI elements. This feature adds the ability for controls to provide a value for ControllerFor property.

A new virtual method has been added to AutomationPeer:

To provide a value for the ControllerFor property, simply override this method and return a list of AutomationPeers for the controls being manipulated by this AutomationPeer:

WPF – Tooltips on keyboard access

Currently tooltips only display when a user hovers the mouse cursor over a control. In .NET Framework 4.8, WPF is adding a feature that enables tooltips to show on keyboard focus, as well as via a keyboard shortcut.

To enable this feature, an application needs to target .NET Framework 4.8 or opt-in via AppContext switch “Switch.UseLegacyAccessibilityFeatures.3” and “Switch.UseLegacyToolTipDisplay”.

Sample App.config file:

Once enabled, all controls containing a tooltip will start to display it once the control receives keyboard focus. The tooltip can be dismissed over time or when keyboard focus changes. Users can also dismiss the tooltip manually via a new keyboard shortcut Ctrl + Shift + F10. Once the tooltip has been dismissed it can be displayed again via the same keyboard shortcut.

Note: RibbonToolTips on Ribbon controls won’t show on keyboard focus – they will only show via the keyboard shortcut.

WPF – Added Support for SizeOfSet and PositionInSet UIAutomation properties

Windows 10 introduced new UIAutomation properties SizeOfSet and PositionInSet which are used by applications to describe the count of items in a set. UIAutomation client applications such as screen readers can then query an application for these properties and announce an accurate representation of the application’s UI.

This feature adds support for WPF applications to expose these two properties to UIAutomation. This can be accomplished in two ways:

      1. DependencyProperties 

New DependencyProperties SizeOfSet and PositionInSet have been added to the System.Windows.Automation.AutomationProperties namespace. A developer can set their values via XAML:

    2. AutomationPeer virtual methods 

Virtual methods GetSizeOfSetCore and GetPositionInSetCore have also been added to the AutomationPeer class. A developer can provide values for SizeOfSet and PositionInSet by overriding these methods:

 Automatic values 

Items in ItemsControls will provide a value for these properties automatically without additional action from the developer. If an ItemsControl is grouped, the collection of groups will be represented as a set and each group counted as a separate set, with each item inside that group providing its position inside that group as well as the size of the group. Automatic values are not affected by virtualization. Even if an item is not realized, it is still counted towards the total size of the set and affects the position in the set of it’s sibling items.

Automatic values are only provided if the developer is targeting .NET Framework 4.8 or has set the AppContext switch “Switch.UseLegacyAccessibilityFeatures.3” – for example via App.config file:

Closing

Please try out these improvements in the .NET Framework 4.8 and share your feedback in the comments below or via GitHub.

Thank you!

 

Author

Namrata Karnam
Senior Program Manager

35 comments

Discussion is closed. Login to edit/delete existing comments.

  • Arash Motallebi

    Could I install .net framework 4.8on Visual Studio 2010 Professional ?

  • Mark Pahulje MS-MVP

    What percentage of the unmanaged WinAPI functions has been implemented in the current .NET 4.8 Framework? Thank you.

  • Alain Cardenas

    Hello,

    Do you know why the UseLegacyFipsThrow switch for VSTO add-ins is set to true (old behavior) by default?
    Was it intentional?
    All other project types I tested use the new policy as default.

    Thanks,
    Alain

  • Robert

    Hi,
    where can I find the 64-bit version of NGEN.EXE (.Net 4.8) after installing .Net 4.8 runtime or SDK?

    When I entered this in the Developer Command Prompt:

    install ClientApp.exe

    I get this message:

    Microsoft (R) CLR Native Image Generator – Version 4.8.3752.0
    Copyright (c) Microsoft Corporation. All rights reserved.
    Failed to compile ClientApp.exe because this image is a 64bit assembly; try using 64bit ngen instead.

    Regards
    Robert

  • Ben Clark

    I have been using Tls1.2 now for several months. Now I want to switch to Tls1.3.
    My Server and Client side code snippets look like this. This works.
       ((SslStream)comStream).AuthenticateAsServer(serverCertificate, true, SslProtocols.Tls1.2, checkCertificateRevocation: true);
        ((SslStream)comStream).AuthenticateAsClient(serverName, certs, SslProtocols.Tls1.2, true);
    My assumption is that to now use Tls1.3, all I need to do is change the SslProtocols value as shown below.
    However, the AuthenticateAsClient now throws an exception of "The client and server cannot communicate, because they do...

    Read more
    • Karel ZikmundMicrosoft employee

      Hello Ben,
      I believe that TLS1.3 is not yet supported by the OS, that’s why it does not work for you. First wait for the OS to support TLS1.3 by default (there are some reg-key options AFAIK), then try the code above with Tls1.3. I believe that should just work then.

  • Jim Auman

    Will 4.8 be available to deploy via WSUS as previous frameworks have been made available?  No rush.  I just want to confirm that is coming to WSUS. In other words, i want to be able to approve the install of 4.8 on a Windows Server 2019/2016/2012R2 server, as well as Windows 10/7 desktops through WSUS (i used to be able to do this).

  • Ariel Atkinson

    It was really a good article. Microsoft is always doing its best to provide updates. اجاره خودرو 

    • IranAmaze mohsen

      Over time, Microsoft’s updates get better and better! Iran Tours

  • Gordon Andersen

    Build Tools + VS 2019 Installer not supporting .Net 4.8?
    When will the Visual Studio Installer have .Net 4.8 as an available payload/component?
    This is highly confusing – I’d like to be able to use 4.8 on headless build agents.

    • Tore Østergaard Jensen (TORE)

      I am wondering the same!

      • Underwood, David

        If you install the 2019 Build Tools and then install the .NET 4.8 Developer Pack you should be good to go as I’ve verified it working in my environment. You can download it here.