I'm getting more and more confused with .NET Core's SDK and runtime versioning, and I doubt I'm the only one. I want to get a few things straight.
I've created an ASP.NET Core application targeting .NET 4.6.1 - it hits 4.6.1 libraries and Net Standard libraries. Recently I made the switch from project.json to csproj as part of the VS2017 rollout. The 1.1.1 runtime came out with SDK 1.0.1 a few weeks ago, which I downloaded (https://github.com/dotnet/core/blob/master/release-notes/download-archive.md).
dotnet --version gives me the correct SDK (1.0.1)
However, typing "dotnet" into cmd I see "Version : 1.1.0". Shouldn't this say 1.1.1? My Programs and Features shows that the 1.1.1 runtime is installed.
Fast forward to hosting my app: I install the latest windows server hosting package to host on IIS according to https://learn.microsoft.com/en-us/aspnet/core/publishing/iis, that is 1.0.4&1.1.1. Installing this on my server installs "Microsoft .NET Core 1.0.4 & 1.1.1 - Windows Server Hosting" and "Microsoft .NET Core 1.0.4 - Runtime". Shouldn't it have also installed the 1.1.1 runtime? It works, so maybe it's not necessary.
Ultimately, my questions are the following:
Does the runtime version matter when targeting .NET 4.6.1 at all?
Is runtime just used to run the AspNetCoreModule for the IIS to kestrel reverse proxy?
Will installing new Windows Hosting packages break existing projects already running on the servers?
Does .Net's netstandard packages (such as MVC) versioning correspond in any way to the runtime version, or is it just regular semantic versioning? The newest versions of most "Microsoft.AspNetCore.X" packages are 1.1.1.
I'm in the same situation, compiling my ASP.NET Core app against the full .NET Framework (4.5.2 in my case) and deploying it on IIS. Hopefully I can help.
When using the full .NET framework, you need to install the SDK on your developper machine to compile, but to deploy it on an IIS server you don't need any .NET Core runtime installed at all. On my IIS server, I just need .NET Framework installed and then I'm installing the "Windows Server Hosting" as suggested here: https://github.com/dotnet/core/blob/master/release-notes/download-archives/1.0.4-download.md with a command line that won't even install any .NET Core on my server:
DotNetCore.1.0.4_1.1.1-WindowsHosting.exe OPT_INSTALL_LTS_REDIST=0 OPT_INSTALL_FTS_REDIST=0
This installation is super quick and is just deploying the minimum amount of files IIS needs to run your .NET Core app, which is mainly the aspnetcore.dll. I don't even have a directory "C:\Program Files\dotnet" (so no runtime or sdk) on my server and my app is working fine.
So, I would say:
no, it doesn't matter, it won't run against any .NET Core runtime
no, AspNetCore.dll is a C++ module (https://github.com/aspnet/AspNetCoreModule)
I don't see how it could break anything
at the moment, when you add a Nuget package in your ASP.NET Core app, its versionning seems quite independant to me, that's why Microsoft is now providing metapackage to help people using the proper set of Nuget package (https://andrewlock.net/what-is-the-microsoft-aspnetcore-metapackage/)
Regarding:
However, typing "dotnet" into cmd I see "Version : 1.1.0". Shouldn't
this say 1.1.1? My Programs and Features shows that the 1.1.1 runtime
is installed.
I'm wondering the same thing and can't figure out where this is coming from, maybe it's just the version of the "dotnet" command line tool that is package with the SDK 1.0.1, but I can't prove it.
Related
I am beginner to .NET framework and ReactJS. I have a code repository which is .NET framework, with ReactJS dependency.
When I opened the repository, VS Code suggested me to install C# extension, I installed.
Now when I opened the main file abc.csproj; it automatically started installing packages.
It ended with message:
Finished
Failed to spawn 'dotnet --info'
and notified:
The .NET core SDK cannot be located. .NET Core debugging will not be enabled. Make sure the .NET Core SDK is installed and is on path.
What is process and list of extensions if I need it to be ran in VS Code?
P. S. It is a .NET framework 4.5 project and not core .NET project
The C# extension no longer ships with an included Mono & MSBuild Tools...
If you still need Unity or .NET Framework support, you can set
omnisharp.useModernNet to false
in your VS Code settings and restart OmniSharp.
See issue #5120 for more details.
https://github.com/OmniSharp/omnisharp-vscode/issues/5120
it seems you don't have the .net framework SDK installed on your machine.
you can download and install .net sdk from here : https://dotnet.microsoft.com/download/visual-studio-sdks to be able to build .net framework projects
I will suggest to use Microsoft Visual Studio. I am using it and it's good and dragless rather than getting SDKs and having installation troubles.
I have a .Net Web API project targeting .Net Framework 4.6, in this project I have Microsoft.AspNetCore 2.2.0.0 DLL.
I have read that Microsoft.AspNetCore 2.2.0.0 DLL has DoS (Denial of Service) security vulnerability.
https://github.com/aspnet/AspNetCore/issues/6488
When I look into the recommended resolution it says to upgrade to Version 2.7, now issue is I can't upgrade to 2.7 as highest I can upgraded for .Net Framework is 2.2.0.0 which I already have.
Query:
Is this security vulnerability only for apps created by targeting
.Net Core and not .Net Framework even though Microsoft.AspNetCore
2.2.0.0 library is used?
If first is true, then does it mean I don't have to do anything for this security vulnerability? If not, then what should I do to get over this security concern (given that I can't upgrade Microsoft.AspNetCore to 2.7 in a .Net Framework project)?
All our security advisories include sections describing how to detect if you're affected and how to update. The linked issue has this down in the "Advisory FAQs". In this case you need to install the latest version of the Windows Hosting Bundle. This is true even if you are using .NET Framework. That particular vulnerability is in the ASP.NET Core Module for IIS, which is the native component that allows you to host ASP.NET Core apps (on both .NET Core and .NET Framework) in IIS. If you install the hosting bundle, all your ASP.NET Core apps (including those targeting .NET Framework) should be protected from this issue. The FAQs also include instructions on how to verify you have the right version installed (using a PowerShell script to check the version number of the aspnetcore.dll file)
For packages: We don't update every single package for every patch release. Only the affected packages are updated. The Microsoft.AspNetCore package hasn't been patched at all, so it's still at 2.2.0. Other packages, like Microsoft.AspNetCore.Mvc.RazorPages have had some patches, so they're at versions like 2.2.5. You should always ensure that all your packages that start with Microsoft.AspNetCore have the latest patch version (the third component of the version number) installed in order to get all necessary security updates.
I have .NET Core installed and I am a little confused about the version numbers I am seeing. When I run the dotnet command, I get this output:
Microsoft .NET Core Shared Framework Host
Version : 1.1.0
Build : 928f77c4bc3f49d892459992fb6e1d5542cb5e86
Usage: dotnet [common-options] [[options] path-to-application]
Common Options:
--help Display .NET Core Shared Framework Host help.
--version Display .NET Core Shared Framework Host version.
Options:
--fx-version Version of the installed Shared Framework to use to run the application.
--additionalprobingpath Path containing probing policy and assemblies to probe for.
Path to Application:
The path to a .NET Core managed application, dll or exe file to execute.
If you are debugging the Shared Framework Host, set 'COREHOST_TRACE' to '1' in your environment.
To get started on developing applications for .NET Core, install the SDK from:
http://go.microsoft.com/fwlink/?LinkID=798306&clcid=0x409
That is telling me I have .NET Core v1.1.0, which is what I expected based on what I installed.
However, if I then run dotnet --version, it tells me I have version 1.0.1. Why the discrepancy? What is the difference between these two version numbers?
1.0.1 is a .NET Core SDK version
1.1.1 is a .NET Core runtime version
See related SO question .Net Core Version Confusion on Installer
Recently, there is RC2 release for donet core tools. Previously, I have been using RC1 for asp.net 5. It was installed using .pkg file provided at get.asp.net.
Now, I am planning to try out dotnet core release. The instructions provided at get.asp.net ask to unistall the previous versions of dotnet core using this script.
I have 2 questions here.
Is it required to remove the RC1 release (dnvm,dnx and dnu etc) before installing dotnet core?
If it is required to uninstall, what is preferred way of doing it (something like above script) without damaging the required/shared files?
Ad 1. Yes. As you can read in ASP.NET Core installation guide:
Before you start
Remove all previous versions of .NET Core from your system.
Ad 2. In my case I just use Add/Remove programs, but it's Windows.
I have no experience with Linux, but you do not need DNX any more so no worries about required files - after a while you will install new RC2 with all required files ;)
In this video, Scott Hanselman interviews a guy from the ASP.NET team. He says that one of the goals of ASP.NET 5, on top of .NET Core, is that the apps won't depend on the .NET Framework and GAC assemblies on the hosting server. Instead, .NET Core libraries will be released via NuGet packages and apps will be deployed with their dependencies.
One of the reasons for this is so Microsoft can quickly release a bug fix or new feature, and we don't have to wait until the new version (of the full framework) is installed on our hosting environment.
My question is:
Are the apps built on .NET Core really independent of the version of .NET installed on the target machine, and can they run even without the .NET Framework installed?
Yes, the framework you use in your application is completely independent of the .NET Framework installed on the target server, because the Core .NET Framework is referenced via NuGet packages and can be bundled up for deployment via the DNX Utility, specifically of interest to you will be the dnu publish command.
Here is an excerpt, describing what dnu publish does:
Publish (dnu publish)
The publish command will package your application into a self-contained directory that can be launched. It will create the following directory structure:
output/
output/packages
output/appName
output/commandName.cmd
The packages directory contains all the packages your application needs to run.
The appName directory will contain all of your applications code, if you have project references they will appear as their own directory with code at this level as well.
So the .NET Core will exist in the output/packages directory and will not need to be installed on the target server.
A normal .net core app requires that you install .net core on the machine you wish to run the application on. There is a way to avoid this however, by publishing a self contained app. You can publish your app with the requisite version of .net core included. This will make your app larger, but if you only need one application on a machine to run .net, you need a specific version of .net, or you want to make a portable application, this is a good choice.