dotnet/Documentation/compatibility/wcf-transport-security-supp...

## WCF transport security supports certificates stored using CNG

### Scope
Minor

### Version Introduced
4.6.2

### Source Analyzer Status
Investigating

### Change Description
Starting with apps that target the .NET Framework 4.6.2, WCF transport security supports certificates stored using the Windows Cryptography Library (CNG). This support is limited to certificates with a public key that has an exponent no more than 32 bits in length. When an application targets the .NET Framework 4.6.2, this feature is on by default.

In earlier versions of the .NET Framework, the attempt to use X509 certificates with a CSG key storage provider throws an exception.

- [X] Quirked
- [ ] Build-time break

### Recommended Action
Apps that target the .NET Framework 4.6.1 and earlier but are running on the .NET Framework 4.6.2 can enable support for CNG certificates by adding the following line to the `<runtime>` section of the app.config or web.config file:

   ```xml
   <runtime>
      <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableCngCertificates=false" />
   </runtime>
   ```

This can also be done programmatically with the following code:

   ```cs
   private const string DisableCngCertificates = @"Switch.System.ServiceModel.DisableCngCertificate";
   AppContext.SetSwitch(disableCngCertificates, false);
   ```

   ```vb
   Const DisableCngCertificates As String = "Switch.System.ServiceModel.DisableCngCertificates"
   AppContext.SetSwitch(disableCngCertificates, False)
   ```

Note that, because of this change, any exception handling code that depends on the attempt to initiate secure communication with a CNG certificate to fail will no longer execute.

### Category
Windows Communication Foundation (WCF)

<!--
    ### Original Bug
    182182
-->

<!-- breaking change id: 166 -->
Update READMEs and compatibility docs (#379) * Update breaking change doc formatting * Update release and breaking change READMEs * Update Readme with BC Links 1 * Add BC changes for releases * Update TOC for BC README * Update 4.6.1 release * Move breaking-change to compatibility * Update compatiblity links * Update compatiblity links * Update breaking change wording * Add testing with RyuJIT doc * Update breaking change wording 2017-04-18 07:52:04 +08:00			`## WCF transport security supports certificates stored using CNG`
Add breaking change docs (#371) * Add breaking change docs * Update README 2017-04-06 04:52:19 +08:00
			`### Scope`
			`Minor`

			`### Version Introduced`
			`4.6.2`

			`### Source Analyzer Status`
			`Investigating`

			`### Change Description`
			`Starting with apps that target the .NET Framework 4.6.2, WCF transport security supports certificates stored using the Windows Cryptography Library (CNG). This support is limited to certificates with a public key that has an exponent no more than 32 bits in length. When an application targets the .NET Framework 4.6.2, this feature is on by default.`

Updating change description and recommended actions to use UIDs that can be mapped in docs.microsoft.com 2017-04-21 02:19:05 +08:00			`In earlier versions of the .NET Framework, the attempt to use X509 certificates with a CSG key storage provider throws an exception.`

Add breaking change docs (#371) * Add breaking change docs * Update README 2017-04-06 04:52:19 +08:00			`- [X] Quirked`
			`- [ ] Build-time break`

			`### Recommended Action`
			Apps that target the .NET Framework 4.6.1 and earlier but are running on the .NET Framework 4.6.2 can enable support for CNG certificates by adding the following line to the `<runtime>` section of the app.config or web.config file:

			```xml
			`<runtime>`
			`<AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableCngCertificates=false" />`
			`</runtime>`
Updating change description and recommended actions to use UIDs that can be mapped in docs.microsoft.com 2017-04-21 02:19:05 +08:00			```
Add breaking change docs (#371) * Add breaking change docs * Update README 2017-04-06 04:52:19 +08:00
			`This can also be done programmatically with the following code:`

			```cs
Updating change description and recommended actions to use UIDs that can be mapped in docs.microsoft.com 2017-04-21 02:19:05 +08:00			`private const string DisableCngCertificates = @"Switch.System.ServiceModel.DisableCngCertificate";`
Add breaking change docs (#371) * Add breaking change docs * Update README 2017-04-06 04:52:19 +08:00			`AppContext.SetSwitch(disableCngCertificates, false);`
			```

			```vb
			`Const DisableCngCertificates As String = "Switch.System.ServiceModel.DisableCngCertificates"`
			`AppContext.SetSwitch(disableCngCertificates, False)`
			```

Updating change description and recommended actions to use UIDs that can be mapped in docs.microsoft.com 2017-04-21 02:19:05 +08:00			`Note that, because of this change, any exception handling code that depends on the attempt to initiate secure communication with a CNG certificate to fail will no longer execute.`
Add breaking change docs (#371) * Add breaking change docs * Update README 2017-04-06 04:52:19 +08:00
			`### Category`
			`Windows Communication Foundation (WCF)`

			`<!--`
			`### Original Bug`
			`182182`
			`-->`

Update READMEs and compatibility docs (#379) * Update breaking change doc formatting * Update release and breaking change READMEs * Update Readme with BC Links 1 * Add BC changes for releases * Update TOC for BC README * Update 4.6.1 release * Move breaking-change to compatibility * Update compatiblity links * Update compatiblity links * Update breaking change wording * Add testing with RyuJIT doc * Update breaking change wording 2017-04-18 07:52:04 +08:00			`<!-- breaking change id: 166 -->`