Announcing the .NET Framework 4.7.2

Preeti Krishna - MSFT

Today, we are happy to announce the release of the .NET Framework 4.7.2. It’s included in the Windows 10 April 2018 Update. .NET Framework 4.7.2 is also available on Windows 7+ and Windows Server 2008 R2+.

You can download the .NET Framework 4.7.2

The .NET Framework 4.7.2 includes improvements in several areas:

  • [ASP.NET] Support for SameSite cookie in ASP.NET
  • [ASP.NET] Support for ASP.NET Dependency Injection
  • [ClickOnce] Per-monitor support for WPF and HDPI-aware VSTO apps deployed via ClickOnce
  • [SQL] Always Encrypted enhancements in SQL Connectivity
  • [Networking & BCL] Enhanced .NET Framework support for .NET Standard 2.0
  • [BCL] Cryptography improvements
  • [WPF] Diagnostic enhancements

For building applications targeting .NET Framework 4.7.2 download the Developer Pack. You can see the complete list of improvements in the .NET Framework 4.7.2 release notes. .NET Framework 4.7.2 will be available on Windows Update in the near future. Docker images are also available for this release at Docker Hub.

Supported Windows Versions

The .NET Framework 4.7.2 is supported on the following Windows versions:

  • Windows 10 April 2018 Update (included in-box)
  • Windows 10 Fall Creators Update
  • Windows 10 Creators Update
  • Windows 10 Anniversary Update
  • Windows 8.1
  • Windows 7 SP1

The .NET Framework 4.7.2 is supported on the following Windows Server versions:

  • Windows Server, version 1709
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 SP1


ASP.NET – Dependency Injection in WebForms

Dependency injection (DI) is a technique whereby one object supplies the dependencies of another object. It decouples the objects so that no client code has to be changed simply because an object it depends on needs to be changed to a different one. MVC Framework already supports dependency injection, but it has been very difficult to use this technique in ASP.NET Web Forms application. This new feature will make it much easier to use dependency injection in ASP.NET Web Forms application. This feature enables the following:


  • Support setter-based, interface-based and constructor-based injection in web application project in Handler, Module, Page, User control and Custom control.
  • Support setter-based and interface-based injection in web site project in Handler, Module, Page, User controls and Custom controls.
  • Extensebility to support different dependency injection frameworks.
Here’s a simple example of how you can use this feature.
Step 1 – Implement IServiceProvider. You can implement your own DI logic in it or plug in another DI framework, e.g. Unity, Ninject. The following example demonstrates injecting an ILog object through the constructor.

Step 2 – Set WebObjectActivator in Global.asax.

Step 3 – Use Dependency Injection in your Webform page.

SameSite prevents the browser from sending this cookie along with cross-site requests.  In .NET Framework 4.7.2, a new property SameSite has been added in HttpCookie type and ASP.NET will add a SameSite attribute into the set-cookie header if HttpCookie.SameSite is set to SameSiteMode.Strict or SameSiteMode.Lax. The support for SameSite cookie is two-fold in this case:

You can set SameSite for a HttpCookie object as follows.

You can configure HttpCookie SameSite at application level through web.config as follows.

You can add SameSite for FormsAuthentication and SessionState cookies through web.config.

ClickOnce – Per-monitor support for WPF and HDPI-aware ClickOnce deployed apps

Earlier WPF developers were unable to deploy applications that specify HDPI settings other than the default System Aware via ClickOnce. When an end user tried to launch this type of application via ClickOnce they were unable to run it because of a failure in parsing the ClickOnce manifest. Now, with .NET Framework 4.7.2, WPF developers can choose ClickOnce deployments when they are using their application manifest to specify new DPI Awareness modes. With this feature, users on Windows 10 Spring Creators Update or later will be able to specify latest HDPI settings such as PerMonV2 and launch these applications without any problems.
This enables application developers to take advantage of the new HDPI capabilities and can now continue to deploy via ClickOnce:

ClickOnce – Enable SHA256 timestamping of Deployment Manifests

This feature adds support for using RFC3161 timestamp servers (SHA256 based) in timestamping ClickOnce manifests built with Mage.exe. This enables developers to add industry standard timestamping to their ClickOnce manifests. Developer can now specify RFC3161 timestamp server using the existing Mage argument –TimestampUri per the following example:

SQL – Azure AD Universal and Multi-factor Authentication Support

Growing compliance and security demand requires many customers to use Multi-Factor authentication (MFA).  In addition, current best practices directs developers from not including any user password directly in the connection string. We have extended SqlClient Connection String by introducing a new Azure AD Interactive authentication keyword to support MFA. This also enables support of Azure AD Authentication.

This feature introduces a new value for the existing “Authentication” keyword, specifying a new authentication method called “Active Directory Interactive”. The new interactive method supports native and federated Azure AD users as well as Azure AD guest users.  When this method is being used, the MFA authentication imposed by Azure AD is supported for SQL DB. In addition, a user password is requested as part of an interactive dialog enabling us to adhere to security best practices.

Originally SQL connectivity in .NET Framework supported only ActiveDirectoryPassword and ActiveDirectoryIntegrated. Both of these are part of the non-interactive ADAL protocol which do not support MFA. With the new ActiveDirectoryInteractive keyword, the SQL connectivity supports MFA as well as existing authentication methods (password and integrated authentication) allowing users to enter user password interactively without the need to persist passwords in the SQL connection string.

This feature can be configured with tools like SQL Server Data Tools (SSDT), as illustrated below. In the latest Visual Studio 15.7 preview, a new authentication option called “Active Directory Interactive Authentication” can be used to support MFA authentication to SQL database.

The following sample shows how to instantiate the communication provider that is required to register it to a specific authentication method. It also shows creating connections to SQL database using the different authentication methods, of which two are existing ones: ActiveDirectoryPassword, ActiveDirectoryIntegrated and the latest ActiveDirectoryInteractive.

BCL – Cryptographic Improvements

New overloads to RSA.Create and DSA.Create

This simplifies the pattern of creating an RSA or DSA object and calling ImportParameters. The ‘before’ and ‘after’ simplification is illustrated below.

When generating a new RSA or DSA key with a specific keysize the new size overloads can be utilized.

Rfc2898DeriveBytes accepts a hash algorithm name

New constructor overloads have been added to Rfc2898DeriveBytes that accepts a HashAlgorithmName to identify which HMAC algorithm should be used when deriving keys.  Developers are encouraged to generate new keys with a SHA-2-based HMAC as follows instead of using HMAC_SHA1. 

Support for EphemeralKeySet

PFX import can optionally load private keys directly from memory, bypassing the hard drive. The X509KeyStorageFlags enumeration has a new member, EphemeralKeySet. When this flag is specified in an X509Certificate2 constructor or X509Certificate2Collection.Import method, the private keys will be loaded as ephemeral keys. This avoids keys being visible on the disk.
  • Certificates loaded with this flag are not recommended to be added to an X509Store because the keys are not persisted to disk.
  • Keys loaded in this manner will almost always be loaded via Windows CNG, therefore callers must access the private key via the extension methods – for e.g., cert.GetRSAPrivateKey(). The PrivateKey property on X509Certificate2 will not function.
  • Since the legacy PrivateKey property will not work with certificates, developers are advised to perform rigorous testing before switching to EphemeralKeySet.

Programmatic creation of PKCS#10 certification signing requests and X.509 public key certificates

The .NET Framework now enables generation of certificate signing requests (CSRs), allowing certificate request generation to be staged into existing tooling.

The following example creates a CSR to be valid as a TLS Server Authentication certificate for Furthermore, is signed with an existing RSA key using RSA-PSS with SHA-2-256.

The .NET Framework now enables workloads to generate self-signed certificates in a programmatic manner. This is frequently useful in test scenarios.

The following example creates a self-signed version of a TLS Server Authentication certificate for, using an existing ECDSA key with an ECDSA-SHA-2-256 signature.

Other Features

  • The SignerInfo class for SignedCms exposes more information about the signature. SignerInfo.SignatureAlgorithm can be queried to determine the signature algorithm used by the signer. SignerInfo.GetSignature() can be called to get a copy of the cryptographic signature for this signer.
  • CryptoStream now has an additional constructor that allows Dispose to not close the wrapped stream. To continue with the current behavior, no changes are necessary. To leave the wrapped stream open after the CryptoStream is disposed, use `new CryptoStream(stream, transform, mode, leaveOpen: true)`.

BCL – ZLib decompression support to DeflateStream

This feature improves the throughput of decompressing ZIP archives by using native implementation of ZIP. This enables up-to 3x increase in the throughput of ZIP archives during decompression. There are minor differences between the existing and native implementation, hence this feature is enabled by default only for applications targeting .NET Framework 4.7.2. Older applications can opt-into this behavior by using the following AppContext switch:

BCL – Additional Collection APIs

In .NET Framework 4.7.2 we have added a few APIs to the standard Collection types that will enable new functionality as follows.
  • TryGetValue‘ is added to SortedSet and HashSet to match the Try pattern used in other collection types.
  • The `Enumerable.To*` extension methods are added to SortedSet and HashSet.
  • New HashSet constructors allow HashSets to be constructed with a capacity, offering a performance benefit when you know ahead of time what the size of the HashSet will be.
The new Collection APIs are listed below.

WorkflowDesigner High Contrast Improvements

New WorkflowDesignerColors have been added to improve UI experiences in high contrast mode. The following properties are now added to Class System.Activities.Presentation.WorkflowDesignerColors.

Before and after experiences with these changes for various workflow features are illustrated below.

Feature Before After
Foreground colors of selected activities’s title change to black
Foreground colors of selected arguments/variables change to black
Foreground colors of selected context menu items change to black
Foreground colors of selected flowchart connectors change to turquoise
Foreground colors of selected buttons in properties window change to black


WPF – Finding ResourceDictionaries by Source

This feature enables a diagnostic assistant to locate the ResourceDictionaries that have been created from a given Source Uri. A diagnostic assistant such as Visual Studio’s “Edit-and-Continue” facility lets its user edit a ResourceDictionary, with the intent that the changes are applied to the running application. One step in achieving this is finding all the ResourceDictionaries that the running application has created from the dictionary that’s being edited. For example, an application can declare a ResourceDictionary whose content is copied from a given source URI:

A diagnostic assistant that edits the original markup in “MyRD.xaml” can use the new feature to locate the dictionary. The feature is implemented by a new method on the class `System.Windows.Diagnostics.ResourceDictionaryDiagnostics` as illustrated by the first line in the code below. The diagnostic assistant would call the new method using an absolute Uri that identifies the original markup as illustrated by the next line below.

The feature is for use by diagnostic assistants, not by production applications. The method returns an empty enumerable unless VisualDiagnostics are enabled and the ENABLE_XAML_DIAGNOSTICS_SOURCE_INFO environment variable is set.

WPF – Finding ResourceDictionary owners

This feature enables a diagnostic assistant to locate the owners of a given ResourceDictionary. Whenever a change is made to a ResourceDictionary, WPF automatically finds all DynamicResource references that might be affected by the change. A diagnostic assistant such as Visual Studio’s “Edit-and-Continue” facility may want extend this to handle StaticResource references.
The first step in this process is finding the owners of the dictionary – all the objects whose `Resources` property refers to the dictionary (either directly, or indirectly via the `ResourceDictionary.MergedDictionaries`property). The new methods support this step.
The feature is implemented by three new methods on the class `System.Windows.DiagnosticsResourceDictionaryDiagnostics`, one for each of the base types that have a `Resources` property.

The feature is for use by diagnostic assistants and not by production applications. The methods return an empty enumerable unless VisualDiagnostics are enabled and the ENABLE_XAML_DIAGNOSTICS_SOURCE_INFO environment variable is set.

WPF – Finding StaticResource references

This feature allows a diagnostic assistant to receive a notification whenever a StaticResource reference is resolved. A diagnostic assistant such as Visual Studio’s “Edit-and-Continue” facility may want to update all uses of a resource when it changes or replaces a value in a  ResourceDictionary. WPF does this automatically for DynamicResource references, but intentionally does not do so for StaticResource references. The diagnostic assistant is faced with the challenge of locating those uses. This feature helps meet the challenge.

The feature is implemented by a new event on the class `System.Windows.DiagnosticsResourceDictionaryDiagnostics`.

This event is raised whenever the runtime resolves a StaticResource reference. The event args describe the resolution, indicating the object and property that host the StaticResource reference, and the ResourceDictionary and key used for the resolution.

The feature is for use by diagnostic assistants, not by production applications. The event is not raised (and its `add` method is ignored) unless VisualDiagnostics are enabled and the ENABLE_XAML_DIAGNOSTICS_SOURCE_INFO environment variable is set.


Please try out these improvements in the .NET Framework and let us know what you think. Please share your feedback in the comments below or on GitHub.


Discussion is closed. Login to edit/delete existing comments.

  • Mark Turley 0

    Doesn’t show up in VS2015.  Which VS’s are supported moving forward?  Thanks.

Feedback usabilla icon