Enable TLS 1.2 or above on your ASP.NET Web App or WebAPI

The Transport Layer Security (TLS) 1.2 is a stadnard that provides security improvements over previous versions. More and more thrid-party APIs were configured to disable any requests from clients that were using TLS 1.0/1.1. So if your ASP.NET Web App or WebAPI Services Web Site will need to update to TLS 1.2 as well if your ASP.NET Web App or WebAPI Services Web Site has some calls to the third-party APIs, otherwise they will only return empty responses.

You could disable TLS 1.0/1.1 and only enable TLS 1.2 in your Web Server or in Azure, so that your hosting environments will no longer accept requests from earlier version of TLS.

But what happens on your application (ASP.NET Web App or WebAPI Services)? Depend on what version of .NET framework your project usrs will dicate the possible solutions available to you.

  1. If your project compiles against .NET Framework 4.7 or above, then you don’t have to do anything.
  2. If your project has been developed in a earlier version of .NET Framework, then you could either
    1. Recompile your project using .NET Framework 4.7 or above
    2. If recompiling is not an option, then you will have to update your .config file as below,
<configuration>
  <runtime>
    <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
  </runtime>
  <system.web>
    <compilation targetFramework="x.y.z" />
    <httpRuntime targetFramework="x.y.z" /> 
  </system.web>
</configuration>

It is preferred that x.y.z are the same. So if your application is 4.6.2, then replacing x.y.z into 4.6.2.

Microsoft also has post a useful document on describing the best pratices to TLS 1.2. It will be great if you could read them all and understand them in order to fully secure your application(ASP.NET Web App or WebAPI Services).
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

 

“Package is not found…” when updating NuGet Package from Azure DevOps

if you are using the Azure DevOps, you may already know that it provides Azure Artifacts (it was called NuGet Package Management before VSTS renamed to Azure DevOps). With that you could create and share NuGet pacakges feed from public and private sources.

With the Azure DevOps CI pipeline, you could then build your solution, pack and push the NuGet package into private Azure Artifacts.

If you are already running in this way, you may have experience on trying to update the existing NuGet Package and it returns an error,

“Attempting to gather dependency information for package ‘xxx.newer.version’ with respect to project ‘ThisProject’, targeting ‘.NETFramework,Version=v4.7’

Package ‘xxx.newer.version’ is not found in the following primary source(s): ‘https://[YourDevOps_Name].pkgs.visualstudio.com/_packaging/[Your_AzureArtifacts_Name]/nuget/v3/index.json,https://api.nuget.org/v3/index.json’. Please verify all your online package sources are available (OR) package id, version are specified correctly.”

I tried to search from internet and found someone who is working in Microsoft has replied on 10th May 2018 as the following,


“Seems you are trying to download the package or packages that where just freshly pushed to VSTS nuget feed.
Since Visual Studio 2017 is listing it correctly, then the issue should not related to the feed on VSTS server.
If this occurs very recently(download the new refresh package) and your package is very large, this maybe a network delay. Suggest you use a fiddler trace when this issue happens again. This makes “some” sense, what you see is probably an incorrect propagation of pushed packages showing up in the search results but not yet available to download.
And some other also encounter the same issue and error as you.”

Well, I tried to use fiddler to see what is happening when I tried to update the package. Because I have also set up the upstream sources, so it checks on all the available NuGet Packages in private Azure Artifact until it founds the match one. (That also explains me another question, why it takes so long to attempt the dependency information for the updating NuGet Package). I could confirm that the newer package is updated in feed and may be taking a longer time to upload the actual package.

So next time, if you found the similar message when updating NuGet Package from Azure Artifact, you could do,

  1. Wait and retry later.
  2. if the problem keep exists, you could try to clear the NuGet Cache from VS–>Tools–>Nuget Package Manager–>Package manager Settings–>General.

Adding Support of .NET Framework 4.6.1 Prerequisite into InstallShield 2015 in VS2015

For most of .NET developers, you might need to create a installer package for your developed application and you might be using InstallShield. One of the configuration that you would do is setting up the .NET Framework requirement for your project.

In VS2015 with InstallShield 2015, you will found the pre-defined package for the requirement of .NET framework is only up to “Microsoft .NET Framework 4.5 Full package”. I am going to show you how to add the package into InstallShield 2015 for the “Microsoft .NET Framework 4.6.1 Full Package”.

Below is the text that can be used to create your own .prq file for the Microsoft .NET Framework 4.6.1 Full Prerequisite.
+++++++++
<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>
< SetupPrereq>
<conditions>
<condition Type=”2″ Comparison=”2″ Path=”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full” FileName=”Release” ReturnValue=”394254″/>
</conditions>
<operatingsystemconditions>
<operatingsystemcondition MajorVersion=”6″ MinorVersion=”1″ PlatformId=”2″ CSDVersion=”” Bits=”4″ ServicePackMajorMin=”1″/>
<operatingsystemcondition MajorVersion=”6″ MinorVersion=”2″ PlatformId=”2″ CSDVersion=”” Bits=”4″/>
<operatingsystemcondition MajorVersion=”10″ MinorVersion=”0″ PlatformId=”2″ CSDVersion=”” Bits=”4″/>
</operatingsystemconditions>
<files>
<file LocalFile=”.\Microsoft.net\4.6\Full\NDP461-KB3102436-x86-x64-AllOS-ENU.exe” URL=”https://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe” CheckSum=”864056903748706E251FEC9F5D887EF9″ FileSize=”0,67681000″/>
</files>
<execute file=”NDP461-KB3102436-x86-x64-AllOS-ENU.exe” cmdline=”/q /norestart” cmdlinesilent=”/q /norestart” returncodetoreboot=”1641,3010″/>
<properties Id=”{B1C982A7-100D-4691-9DCF-F5986F404DD8}” Description=”This prerequisite installs the .NET Framework 4.6.1 full standalone package.”/>
<behavior Reboot=”32″/>
< /SetupPrereq>
+++++++++

Notes:

  • The Conditions are set for 64bit only, Windows 7, Windows 8, Windows 10.
  • The download location is good as of 10th March 2017. No telling how long it will last. If the download does not work any more, you would download the offline installer from https://www.microsoft.com/en-us/download/details.aspx?id=49982 and then copy it into “C:\Program Files (x86)\InstallShield\2015\SetupPrerequisites\Microsoft .net\4.6\Full” folder
  • If you received similar error as below
    “An error occurred streaming ‘Microsoft.net\4.6\Full\NDP461-KB3102436-x86-x64-AllOS-ENU.exe’ into setup.exe”
    You could try to run the InstallShield or VS in Admin mode.

Help:
For those new to making a Prerequisite .prq file:

  •  On your desktop create a new text file.
  • Rename this file “Microsoft .NET Framework 4.6.1 Full.prq”
  • Copy the above text to this new file. (Between the +++++)
  • Move this new file to folder C:\Program Files (x86)\InstallShield\2015\SetupPrerequisites
  • Open any InstallShield project
  • Go to the Installation Designer tab > Application Data > Redistributables
  • The list should now contain the new entry “Microsoft .NET Framework 4.6.1 Full”
  • To the right of the list it will say “Needs to be downloaded”
  • Right-click on the item Microsoft .NET Framework 4.6.1 Full.prq and select Download Selected Item…
  • This downloads the 66 MB file to C:\Program Files (x86)\InstallShield\2015\SetupPrerequisites\Microsoft.net\4.6\Full\

You should be good.

To edit any of the Conditions:
Right-click on the item Microsoft .NET Framework 4.6.1 Full.prq and select Edit Prerequisite

To Support 32bit and 64bit:
You could remove the “Bits” or leave the value of it to be blank in the above sample, and that will work for both x32 and x64

To find out more on OS version number
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx

To find out more on Value of Release for the .NET Framework
https://msdn.microsoft.com/en-us/library/hh925568%28v=vs.110%29.aspx