Skip to content

Use a newer .NET version#

Security · App Service · 2020_12

Configure applications to use newer .NET versions.

Description#

Within a App Service app, the version of .NET used to run application/ site code is configurable. Older versions of .NET may not use the latest security features.

Recommendation#

Consider updating the site to use a newer .NET version such as v6.0.

Examples#

Configure with Azure template#

To deploy App Services that pass this rule:

  • Set properties.siteConfig.netFrameworkVersion to a minimum of v4.0.

For example:

Azure Template snippet
{
    "type": "Microsoft.Web/sites",
    "apiVersion": "2021-03-01",
    "name": "[parameters('name')]",
    "location": "[parameters('location')]",
    "identity": {
        "type": "SystemAssigned"
    },
    "kind": "web",
    "properties": {
        "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('planName'))]",
        "httpsOnly": true,
        "siteConfig": {
            "alwaysOn": true,
            "minTlsVersion": "1.2",
            "ftpsState": "FtpsOnly",
            "remoteDebuggingEnabled": false,
            "http20Enabled": true,
            "netFrameworkVersion": "v6.0"
        }
    },
    "tags": "[parameters('tags')]",
    "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', parameters('planName'))]"
    ]
}

Configure with Bicep#

To deploy App Services that pass this rule:

  • Set properties.siteConfig.netFrameworkVersion to a minimum of v4.0.

For example:

Azure Bicep snippet
resource webApp 'Microsoft.Web/sites@2021-03-01' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  kind: 'web'
  properties: {
    serverFarmId: plan.id
    httpsOnly: true
    siteConfig: {
      alwaysOn: true
      minTlsVersion: '1.2'
      ftpsState: 'FtpsOnly'
      remoteDebuggingEnabled: false
      http20Enabled: true
      netFrameworkVersion: 'v6.0'
    }
  }
  tags: tags
}

Last update: 2022-12-03

Comments