Announcing the .NET Framework 4.7.2
Today, we are happy to announce the release of the .NET Framework 4.7.2. It’s included in the Windows 10 April 2018 Update. .NET Framework 4.7.2 is also available on Windows 7+ and Windows Server 2008 R2+.
You can download the .NET Framework 4.7.2
The .NET Framework 4.7.2 includes improvements in several areas:
- [ASP.NET] Support for SameSite cookie in ASP.NET
- [ASP.NET] Support for ASP.NET Dependency Injection
- [ClickOnce] Per-monitor support for WPF and HDPI-aware VSTO apps deployed via ClickOnce
- [SQL] Always Encrypted enhancements in SQL Connectivity
- [Networking & BCL] Enhanced .NET Framework support for .NET Standard 2.0
- [BCL] Cryptography improvements
- [WPF] Diagnostic enhancements
For building applications targeting .NET Framework 4.7.2 download the Developer Pack. You can see the complete list of improvements in the .NET Framework 4.7.2 release notes. .NET Framework 4.7.2 will be available on Windows Update in the near future. Docker images are also available for this release at Docker Hub.
Supported Windows Versions
The .NET Framework 4.7.2 is supported on the following Windows versions:
- Windows 10 April 2018 Update (included in-box)
- Windows 10 Fall Creators Update
- Windows 10 Creators Update
- Windows 10 Anniversary Update
- Windows 8.1
- Windows 7 SP1
The .NET Framework 4.7.2 is supported on the following Windows Server versions:
- Windows Server, version 1709
- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2 SP1
ASP.NET – Dependency Injection in WebForms
- Support setter-based, interface-based and constructor-based injection in web application project in Handler, Module, Page, User control and Custom control.
- Support setter-based and interface-based injection in web site project in Handler, Module, Page, User controls and Custom controls.
- Extensebility to support different dependency injection frameworks.
ASP.NET – SameSite Cookie
- In HttpCookie object
- In FormsAuthentication and SessionState cookies
You can set SameSite for a HttpCookie object as follows.
You can configure HttpCookie SameSite at application level through web.config as follows.
ClickOnce – Per-monitor support for WPF and HDPI-aware ClickOnce deployed apps
ClickOnce – Enable SHA256 timestamping of Deployment Manifests
SQL – Azure AD Universal and Multi-factor Authentication Support
Growing compliance and security demand requires many customers to use Multi-Factor authentication (MFA). In addition, current best practices directs developers from not including any user password directly in the connection string. We have extended SqlClient Connection String by introducing a new Azure AD Interactive authentication keyword to support MFA. This also enables support of Azure AD Authentication.
This feature introduces a new value for the existing “Authentication” keyword, specifying a new authentication method called “Active Directory Interactive”. The new interactive method supports native and federated Azure AD users as well as Azure AD guest users. When this method is being used, the MFA authentication imposed by Azure AD is supported for SQL DB. In addition, a user password is requested as part of an interactive dialog enabling us to adhere to security best practices.
Originally SQL connectivity in .NET Framework supported only ActiveDirectoryPassword and ActiveDirectoryIntegrated. Both of these are part of the non-interactive ADAL protocol which do not support MFA. With the new ActiveDirectoryInteractive keyword, the SQL connectivity supports MFA as well as existing authentication methods (password and integrated authentication) allowing users to enter user password interactively without the need to persist passwords in the SQL connection string.
This feature can be configured with tools like SQL Server Data Tools (SSDT), as illustrated below. In the latest Visual Studio 15.7 preview, a new authentication option called “Active Directory Interactive Authentication” can be used to support MFA authentication to SQL database.
The following sample shows how to instantiate the communication provider that is required to register it to a specific authentication method. It also shows creating connections to SQL database using the different authentication methods, of which two are existing ones: ActiveDirectoryPassword, ActiveDirectoryIntegrated and the latest ActiveDirectoryInteractive.
BCL – Cryptographic Improvements
New overloads to RSA.Create and DSA.Create
Rfc2898DeriveBytes accepts a hash algorithm name
New constructor overloads have been added to Rfc2898DeriveBytes that accepts a HashAlgorithmName to identify which HMAC algorithm should be used when deriving keys. Developers are encouraged to generate new keys with a SHA-2-based HMAC as follows instead of using HMAC_SHA1.
Support for EphemeralKeySet
- Certificates loaded with this flag are not recommended to be added to an X509Store because the keys are not persisted to disk.
Keys loaded in this manner will almost always be loaded via Windows CNG, therefore callers must access the private key via the extension methods – for e.g., cert.GetRSAPrivateKey(). The PrivateKey property on X509Certificate2 will not function.
Since the legacy PrivateKey property will not work with certificates, developers are advised to perform rigorous testing before switching to EphemeralKeySet.
Programmatic creation of PKCS#10 certification signing requests and X.509 public key certificates
The .NET Framework now enables generation of certificate signing requests (CSRs), allowing certificate request generation to be staged into existing tooling.
The following example creates a CSR to be valid as a TLS Server Authentication certificate for www.adatum.com. Furthermore, adatum.com is signed with an existing RSA key using RSA-PSS with SHA-2-256.
The .NET Framework now enables workloads to generate self-signed certificates in a programmatic manner. This is frequently useful in test scenarios.
The following example creates a self-signed version of a TLS Server Authentication certificate for www.adatum.com, using an existing ECDSA key with an ECDSA-SHA-2-256 signature.
The SignerInfo class for SignedCms exposes more information about the signature. SignerInfo.SignatureAlgorithm can be queried to determine the signature algorithm used by the signer. SignerInfo.GetSignature() can be called to get a copy of the cryptographic signature for this signer.
- CryptoStream now has an additional constructor that allows Dispose to not close the wrapped stream. To continue with the current behavior, no changes are necessary. To leave the wrapped stream open after the CryptoStream is disposed, use `new CryptoStream(stream, transform, mode, leaveOpen: true)`.
BCL – ZLib decompression support to DeflateStream
This feature improves the throughput of decompressing ZIP archives by using native implementation of ZIP. This enables up-to 3x increase in the throughput of ZIP archives during decompression. There are minor differences between the existing and native implementation, hence this feature is enabled by default only for applications targeting .NET Framework 4.7.2. Older applications can opt-into this behavior by using the following AppContext switch:
BCL – Additional Collection APIs
- ‘TryGetValue‘ is added to SortedSet and HashSet to match the Try pattern used in other collection types.
- The `Enumerable.To*` extension methods are added to SortedSet and HashSet.
- New HashSet constructors allow HashSets to be constructed with a capacity, offering a performance benefit when you know ahead of time what the size of the HashSet will be.
WorkflowDesigner High Contrast Improvements
Before and after experiences with these changes for various workflow features are illustrated below.
Foreground colors of selected activities’s title change to black
Foreground colors of selected arguments/variables change to black
Foreground colors of selected context menu items change to black
Foreground colors of selected flowchart connectors change to turquoise
Foreground colors of selected buttons in properties window change to black
WPF – Finding ResourceDictionaries by Source
WPF – Finding ResourceDictionary owners
WPF – Finding StaticResource references
This feature allows a diagnostic assistant to receive a notification whenever a StaticResource reference is resolved. A diagnostic assistant such as Visual Studio’s “Edit-and-Continue” facility may want to update all uses of a resource when it changes or replaces a value in a ResourceDictionary. WPF does this automatically for DynamicResource references, but intentionally does not do so for StaticResource references. The diagnostic assistant is faced with the challenge of locating those uses. This feature helps meet the challenge.
Please try out these improvements in the .NET Framework and let us know what you think. Please share your feedback in the comments below or on GitHub.
Doesn’t show up in VS2015. Which VS’s are supported moving forward? Thanks.