Upgrade App Service with .NET 4.8
Upgrade App Service with .NET Framework 4.8. Where is the date?
.NET Framework 4.8 support is coming to App Service.
Public Azure cloud deployment will begin in mid-late July 2020 completing by mid-September 2020. For our Sovereign clouds, deployment will begin by mid-late August 2020 and complete by early-October 2020.
We will update this item periodically to inform you of the deployment progress.
For more information, please see this blog post:
That's nice, but also not really the question. When will the latest .Net framework that is out for almost a year be supported in Azure? The staus says it's PLANNED, so what's the plan?
Regarding some of the comments/questions specifically about SameSite cookie handling. Although App Service is running on 4.7.2, it is rolling out a .NET Framework update that includes the functionality for handling the newer 2019 version of the SameSite spec.
Full details on the App Service update available here:
An ETA would help, so we can determine if we have to downgrade
Please when???? 4.8 had been out since April last year
Duane Gibbs commented
We're also experiencing this issue. Our web app is loading System.Web.dll from the following location in GAC:
When downloaded via Kudu and decompiled I can see that this is an older version which does not contain the SameSite cookies patch.
The patch is working perfectly under local IIS so it seems it may not have been rolled out yet or rolled out incorrectly? Can we get an update on this please? As already mentioned, Chrome is rolling out SameSite Lax by default at the end of the month which will fundamentally break our web app if we cannot apply this patch.
Chris S commented
With the SameSite changes coming in Chrome 80 it's crucial that Azure supports this feature. Really disappointing that we're only a couple of weeks away and still nothing..
Any update /ETA on this? By not supporting .NET 4.8 in Azure app service, Microsoft/Azure is essentially not supporting any applications needing samesite fixes part of December 2019 security update needed for Chrome 80 release on Feb 4th, 2020.
Clunk, Charles commented
Need a timeline for 4.8 and the December update as well, which is required for Same Site cookie purposes in Chrome 80.
Norman Phengvath commented
Adding to this thread that this is severely needed. Not only 4.8 support but the December 2019 security update.
Joshua K commented
We are having the same issue with the Chrome change and SameSite not being able to be set to None in 4.7.2. Please update us on this.
Luis German Cardona Ramirez commented
Tom Woodforde commented
This seems like a crazy delay and a really good way to turn people off to .NET. If you do one of the many MS examples that finish with publishing to Azure App Service then you're going to be really confused when your 4.8 app won't work on Azure.
Surely App Service needs to always be capable of supporting apps written in the latest version of the .NET framework as it's Microsoft's preferred way for people to publish those apps?
Mikkel Christensen commented
We are facing the same problem. As far as I can tell, the version of System.Web found in the GAC in App Service has _not_ been updated to a version that contains the supposed fix.
We use .NET Framework version 4.7.2, and it works as expected locally in both IISExpress and IIS , both on Windows 10 (using VS 2017).
The file- and product-version on System.Web.dll loaded in Azure is 4.7.3429.0.
Locally, the file- and product-version on System.Web.dll is 4.8.4075.0.
Reverse-compiling the DLL from Azure reveals that theHttpCookie.GetSetCookieHeader(HttpContext context) method contains the following:
if (this._sameSite != SameSiteMode.None)
while the local version contains a different implementation:
if (this._sameSite > (AppSettings.SuppressSameSiteNone ? SameSiteMode.None : ~SameSiteMode.None))
We are currently using a (nasty) workaround that appends the string "; SameSite=None" to all HttpCookie values (which works both in Azure and locally) when the HttpRequest.UserAgent value indicates that the browser supports the value. HTH.
so let me answer the question of why this is a big deal:
Next month, Google is going to flip a switch and the default behavior for Chrome is going to change with respect to this cookie property.
Initially, I just went ahead and upgraded all of our code to 4.8, and locally, the SameSite property on the cookie was working great. But then... I published to Azure... and the SameSite property disappeared (i.e. Azure is not supporting 4.8). I then think... ok... they're support 4.7, so let me switch to 4.7.2. which is where this new SameSite property was introduced, compile, publish to Azure... and... :( it's still not being emitted. Which tells me that Azure apparently doesn't even support 4.7.2.
This is going to be REAL bad for us since we have a site that is completely dependent on cross-domain frames.
(I went ahead and turned in a high-severity ticket with Microsoft, so we'll see if this continues to languish)
Chris Ashton commented
Any news on this, .NET 4.8 was realised in April 2019? From an Azure user's perspective I'd expect Azure support for this shortly after.
Dirk Boer commented
There is a CRITICAL bug in ASP.NET 4.7 in relation to Azure - https://stackoverflow.com/questions/55272598/sporadic-error-the-file-has-not-been-pre-compiled-and-cannot-be-requested
Ken Smith commented
Any ETA on this? It's been six months...
Gustavo Américo commented
Randy Ortega commented
Any updates on this .net 4.8 support? Please respond!!!
German Cardona commented
Any updates on this .net 4.8 support? Please respond!!!