Skip to content

Use a newer .NET version#

Security · App Service · Rule · 2024_03 · Important

Configure applications to use newer .NET versions.

Description#

Within a App Service app, the version of .NET used to run application/ site code is configurable.

Overtime, a specific version of .NET may become outdated and no longer supported by Microsoft. This can lead to security vulnerabilities or are simply not able to use the latest security features.

.NET 6.0 and .NET 7.0 are approaching end of support.

Recommendation#

Consider updating the site to use a newer .NET version such as v8.0.

Examples#

Configure with Azure template#

To deploy App Services that pass this rule:

  • For Windows-based plans:
    • Set the properties.siteConfig.netFrameworkVersion property to v4.0 or v8.0.
  • For Linux-based plans:
    • Set the properties.siteConfig.linuxFxVersion property to DOTNET|8.0. .NET Framework is not supported on Linux-based plans.

For example:

Azure Template snippet
{
  "type": "Microsoft.Web/sites",
  "apiVersion": "2023-01-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "kind": "web",
  "properties": {
    "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('planName'))]",
    "httpsOnly": true,
    "siteConfig": {
      "alwaysOn": true,
      "minTlsVersion": "1.2",
      "ftpsState": "Disabled",
      "remoteDebuggingEnabled": false,
      "http20Enabled": true,
      "netFrameworkVersion": "v8.0",
      "healthCheckPath": "/healthz",
      "metadata": [
        {
          "name": "CURRENT_STACK",
          "value": "dotnet"
        }
      ]
    }
  },
  "dependsOn": [
    "[resourceId('Microsoft.Web/serverfarms', parameters('planName'))]"
  ]
}

Configure with Bicep#

To deploy App Services that pass this rule:

  • For Windows-based plans:
    • Set the properties.siteConfig.netFrameworkVersion property to v4.0 or v8.0.
  • For Linux-based plans:
    • Set the properties.siteConfig.linuxFxVersion property to DOTNET|8.0. .NET Framework is not supported on Linux-based plans.

For example:

Azure Bicep snippet
resource web 'Microsoft.Web/sites@2023-01-01' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  kind: 'web'
  properties: {
    serverFarmId: plan.id
    httpsOnly: true
    siteConfig: {
      alwaysOn: true
      minTlsVersion: '1.2'
      ftpsState: 'Disabled'
      remoteDebuggingEnabled: false
      http20Enabled: true
      netFrameworkVersion: 'v8.0'
      healthCheckPath: '/healthz'
      metadata: [
        {
          name: 'CURRENT_STACK'
          value: 'dotnet'
        }
      ]
    }
  }
}

#

Comments