Changes in .NET Framework 3.5 SP1

This document describes design changes that may need to be accounted for in your application or environment when you upgrade from .NET Framework version 3.5 to .NET Framework version 3.5 Service Pack 1 (SP1).

Changes occur for several reasons including fixes for product issues, standards compliance, customer feedback, and security. This topic describes only notable changes. For information about new features, see What’s New in the .NET Framework . To provide feedback, please visit the MSDN Product Feedback Center.

The following sections describe the changes made in .NET Framework version 3.5 SP1.

Common Language Runtime

Performance Improvements

Applications now use Data Execution Prevention to prevent attempts to insert and execute code from non-executable memory locations.

Security for managed code execution (including MSIL assemblies, NGen images, and unmanaged code) is bolstered by Address Space Layout Randomization (ASLR).

Strong-named, signed assemblies no longer need to have their signatures checked at load time provided they are fully trusted and are loaded into fully trusted application domains. This change eliminates redundant checks and improves the startup performance of applications that have signed assemblies but are not installed in the Global Assembly Cache (GAC).

Applications launched from network shares have the same behavior as unmanaged executables and operate in full trust as opposed to partial trust.

The StringFreezingAttribute attribute is now ignored. This attribute was used for creating native images using the Native Image Generator (Ngen.exe).

The just-in-time (JIT) compiler’s inliner has been significantly improved to generate better quality code. However, changing the inliner has an impact on applications that have classes instantiated with constructors that use the TypeAttributes.BeforeFieldInit enumeration value. Static initialization of these types is guaranteed to occur at a time before any of the static fields are accessed, but not before a static method or instance constructor is invoked. The exact time when the class constructor is invoked can be different in the .NET Framework version 3.5 and 3.5 SP1.

Other JIT compiler changes include changes to floating-point rounding errors and changes in the timing of finalizers.

No modifications are required.


CanConvertToString methods on Value Serializer classes

The CanConvertToString methods on the value serializer classes in the System.Windows.Converters namespace throw an ArgumentException instead of returning false.

The System.Data.SqlClient.SQLDataReader.GetString and oth er Get methods throw an InvalidCastException if the data cannot be cast into the type being requested. Messages now include the types, such as: “Unable to cast object of type 'System.Decimal' to type 'System.String'".

No modifications are required.

SQLDataReader.GetString on UDT columns

Calling the SQLDataReader.GetString method on User Defined Type (UDT) columns now throws an InvalidCastException instead of the error message “Cast is not supported from Byte[] to String".

No modifications are required.


Queries over non-generic collections now use standard C# cast semantics.

In LINQ query expressions over non-generic collections such as System.Collections.ArrayList , the from clause of the query is rewritten by the compiler to include a call to the Cast<T> operator. Cast<T> converts all element types to the type specified in the from clause in the query. In addition, in the original release version of Visual C# 2008, the Cast<T> operator also performs some value type conversions and user-defined conversions. However, these conversions are performed by using the System.Convert class instead of the standard C# semantics. These conversions also cause significant performance issues in certain scenarios. In Visual C# 2008 SP1, the Cast<T> operator is modified to throw an InvalidCastException for numeric value type and user-defined conversions. This change eliminates both the non-standard C# cast semantics and the performance issue. This change is illustrated in the following example.

using System;
using System.Linq;

class Program
    public struct S { }
    static void Main()
        var floats = new    float[] { 2.7f, 3.1f, 4.5f };
        var ints = from    int i in floats
                   select    i;

        // Visual C# 2008    SP1 throws InvalidCastException.
        foreach (var v in    ints)
               Console.Write("{0} ", v.ToString());

        // The original    release version of Visual C# 2008
        // compiles and    outputs 3 3 4

Suggested modifications: If you have code that performs LINQ queries over non-generic collections, and that code now throws an exception, change the type of the query expression to match the type of the elements in the collection you are querying. If you need to perform a value-type or user-defined conversion on the elements, you can do this as you execute the query, as shown in the following example:

using System;
using System.Linq;

class Program

    static void    Main(string[] args)
        ArrayList floats =    new ArrayList();


        var query = from    float f in floats
                    where    f > 3.0f
                    select    f;

        foreach (int i in    floats)
            // Perform the    conversion as you
            // execute the    query.
            int num =    Convert.ToInt32(i);
               Console.Write("{0} ", num.ToString());

           Console.ReadLine(); // output is 3 4


IIS Integrated Mode

On the Integration mode for Internet Information Services (IIS) 7.0, the HttpServerUtility.TransferRequest method incorrectly uses the HTTPResponse.End method to stop the parent request. This results in throwing a ThreadAbortException , which can impact performance for terminating execution of a response. In the .NET Framework 3.5 SP1, the TransferRequest method now ends the parent request by using the HttpApplication.CompleteRequest method. This also terminates the current request gracefully by transferring control to the HttpApplication.EndRequest event handler without throwing an exception.

Suggested modifications:  If you have error-handling code that uses the TransferRequest method to determine whether the ThreadAbortException was thrown, you can remove that code from the catch block. (Finally blocks will continue to run.)

Integrated Windows authentication

A security change affects how integrated Windows authentication is handled by the System.Net.HttpWebRequest , System.Net.HttpListener , System.Net.Security.NegotiateStream , and related classes in the System.Net namespace. This change can impact Web servers and client applications that are configured to use integrated Windows authentication.

The Microsoft Windows NT LAN Manager (NTLM) authentication process used with integrated Windows authentication includes a challenge issued by the destination computer that is sent back to the client computer. When a computer receives a challenge it generated itself, the authentication will fail unless the connection is a loop back connection (for example, IPv4 address The HttpWebRequest class now defaults to specifying the Host name used in the request URL in the Service Principal Name (SPN) used in the NTLM authentication process.

Suggested Modifications: You can provide a custom SPN to use during authentication to a dictionary of strings that is indexed by the URI. This dictionary is obtained with the System.Net.AuthenticationManager.CustomTargetNameDictionary property. You can also add the following registry setting to map names to the loop back connection:



The classes in the System.Web.Mail namespace rely on Collaboration Data Objects for Windows 2000 components, which will not be available in the next version of Windows (Windows 7). As a result, using these classes in Windows 7 will throw a PlatformNotSupportedException .

Suggested modifications: System.Web.Mail was deprecated in the .NET Framework version 2.0. Use the mail support in the System.Net.Mail namespace instead.

ASP.NET request validations

ASP.NET request validation now includes checking for the left angle bracket and question mark character sequence: <?

Su ggested Modifications: The impact of this change should be minimal because there usually is no reason for an XML comment to be included in the query string of the cookie variable.

URL validations

ASP.NET now validates portions of the URL when accessed from an ASP.NET page. However, when URL rewriting is used, it is possible to access the old version of the URL on the page with the Request.RawUrl property.

Suggested Modifications:  Disable validation on a page, if necessary.

Session states

Session state providers are expected to implement all members defined on the System.Web.SessionState.SessionStateStoreProviderBase class, including the CreateUninitializedItem method. However, this method was called only when a cookieless session state was in use by the site. Developers who did not use a cookieless session state did not have to implement CreateUninitializedItem in a custom provider.

With the release of the .NET Framework 3.5 SP1, the CreateUninitializedItem method can now also be called in certain circumstances when a cookied session state is being used.

Suggested modifications: Implement CreateUninitializedItem in custom providers. Determine whether a "live" item already exists for the specified session ID. If an item does not exist, the providers should create an item for the session ID.

URL encoding

ASP.NET now expands URL encoding of outbound HTTP headers to include the delete character (7F) and all ASCII control characters (except horizontal tab).

Suggested Modifications: If needed, you can turn off the default header encoding behavior as follows:

<httpRuntime enableHeaderChecking="true|false" />

DefaultHTTPHandler on IIS

Although the   System.Web.DefaultHTTPHandler class for integrated mode applications was made an obsolete module in IIS 7.0, it was still possible to use. It now throws a PlatformNotSupported exception.

Suggested Modifications: Change the application configuration to work properly in Integrated mode.

Server and client number formatting consistencies

The formatting behavior of the Number.localeFormat function (run on the client) now conforms to the String.Format method (run on the server). For example, the following code returns 1000.00% :

String.Format("{0:p2}", 10)

Before .NET Framework 3.5 SP1, the following code would return 10.00% :

String.localeFormat("{0:p2}", 10)

Now, localeFormat returns 1000.00% .

No modifications are required.

ASP.NET hidden fields

Hidden ASP.NET fields, such as VIEWSTATE, are now rendered at the top of the <form /> prior to rendering any controls.

Suggested modifications:  I f needed, you can turn off this behavior by setting the new renderAllHiddenFieldsAtTopOfForm attribute to false:

  <pages renderAllHiddenFieldsAtTopOfForm="false" />

The default value is true.

Windows Presentation Foundation (WPF)

BitmapEffect classes are obsolete

The System.Windows.Media.Effects.BitmapEffect class, and its derived classes (BevelBitmapEffect, BitmapEffectGroup, BlurBitmapEffect, DropShadowBitmapEffect, EmbossBitmapEffect, and OuterGlowBitmapEffect), are now obsolete.

Suggested modifications: Discontinue using the legacy BitmapEffect and derived classes and instead use the new classes derived from Effect:BlurEffect, DropShadowEffect, and ShaderEffect.

 You can also create your own effects by deriving from ShaderEffect.

Assembly name change

The assembly that contains the core rendering layer of WPF has been renamed from milcore.dll to wpfgfx_v0300.dll. This assembly has never had any public APIs.

No modifications are required.

Hyperlink behavior

If the value of the Hyperlink.NavigateUri property changes between the time when the user hovers the mouse cursor over a hyperlink and the time when the user clicks that hyperlink, navigation will occur using the URI obtained when the cursor hovered over the hyperlink.

No modifications are required.

Internet Explorer in Protected Mode on Windows Vista

When Internet Explorer is in Protected Mode on Windows Vista, modal dialogs from the DHTML alert () function and ActiveX controls hosted in HTML are blocked rather than displayed. In addition, when the WebBrowser control or Frame control hosting the HTML is in a XMAL Browser Application (XBAP), and the XBAP is loaded cross-domain in an HTML page, an exception is thrown.

No modifications are required.

CanConvertToString methods on Value Serializer classes

The CanConvertToString methods on the value serializer classes in the System.Windows.Media.Converters and System.Windows.Media.Media3D.Converters namespaces throw an ArgumentException instead of returning false.

No modifications are required.

Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF)

Schema matching

The schema matching scheme that is used by the UriTemplate and UriTemplateTable classes has been relaxed to accept base addresses with schemes other than HTTP. Now neither of these classes uses the scheme or port number when matching candidate URIs to templates. Template support for trailing slashes and default values has been added.

No modifications are required.

Security improvements for authentication

When a service is running under a user account with mixed-mode security, an EndPointIdentity must have an user principal name (UPN) identity. This was not necessary with earlier versions of WCF.

Suggested modifications: When a client is set to use the SecurityMode.TransportWithMessageCredential setting (using Windows authentication, UPN authentication, or thumbprint authentication), create an instance of the EndPointAddress class with a UPN identity and provide custom code to handle any thumbprint verification.

Partial trust support for event logging

Partial trust now supports limited event logging. Only service activation faults, tracing failures, and logging failures are logged to the Event Log. To avoid writing excessive messages to the Event Log, the maximum number of events that can be logged by a process is 5.

No modifications are required.

RemoteEndpointMessageProperty availability

Accessing an instance of the RemoteEndpointMessageProperty class when using HTTP hosted in IIS depends on having a currently active request.  Therefore, it cannot be obtained after the request has completed (for example, when performing a one-way receive).

No modifications are required.

Note: To address late-breaking issues that were critical for some applications, Microsoft plans to provide an update to the NET Framework 3.5 SP1 that may be included in an important Windows Update. More information about this update will be available at the .NET Framework 3.5 SP1 download page at the Microsoft Download Center.

See Also

.NET Framework Version and Assembly Information