ASP.NET 4 Breaking changes

As you know, Visual Studio 2010 currently allows Web applications development using ASP.NET 4.
ASP.NET 4 introduces a number of features that improve core ASP.NET services such as output caching and session-state storage. Microsoft has released a document describing what are the new elements included into that new version of ASP.NET.
This document describes changes that have been made for the .NET Framework version 4 release that can potentially affect applications that were created using earlier releases, including the ASP.NET 4 Beta 1 and Beta 2 releases.

Today I’m sharing with you some great informations regarding the new changed introduced by that.

At the bottom, you will find a link to a pdf document containing a detailed description of each of those points.

Here is a summary of those elements:

01ControlRenderingCompatabilityVersion Setting in the Web.config File
ASP.NET controls have been modified in the .NET Framework version 4 in order to let you specify more precisely how they render markup.

02ClientIDMode Changes
The ClientIDMode setting in ASP.NET 4 lets you specify how ASP.NET generates the id attribute for HTML elements. In previous versions of ASP.NET, the default behavior was equivalent to the AutoID setting of ClientIDMode. However, the default setting is now Predictable.

03– HtmlEncode and UrlEncode Now Encode Single Quotation Marks
In ASP.NET 4, the HtmlEncode and UrlEncode methods of the HttpUtility and HttpServerUtility classes have been updated to encode the single quotation mark character (‘).

04- ASP.NET Page (.aspx) Parser is Stricter
The page parser for ASP.NET pages (.aspx files) and user controls (.ascx files) is stricter in ASP.NET 4 and will reject more instances of invalid markup.

05- Browser Definition Files Updated
The browser definition files have been updated to include information about new and updated browsers and devices. Older browsers and devices such as Netscape Navigator have been removed, and newer browsers and devices such as Google Chrome and Apple iPhone have been added.

06- System.Web.Mobile.dll Removed from Root Web Configuration File
In previous versions of ASP.NET, a reference to the System.Web.Mobile.dll assembly was included in the root Web.config file in the assemblies section under <system.web><compilation>. In order to improve performance, the reference to this assembly was removed.

07- ASP.NET Request Validation
The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks. In previous versions of ASP.NET, request validation was enabled by default. However, it applied only to ASP.NET pages (.aspx files and their class files) and only when those pages were executing.
In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before the BeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests.

08- Default Hashing Algorithm Is Now HMACSHA256
ASP.NET uses both encryption and hashing algorithms to help secure data such as forms authentication cookies and view state. By default, ASP.NET 4 now uses the HMACSHA256 algorithm for hash operations on cookies and view state. Earlier versions of ASP.NET used the older HMACSHA1 algorithm.

09- Configuration Errors Related to New ASP.NET 4 Root Configuration
The root configuration files (the machine.config file and the root Web.config file) for the .NET Framework 4 (and therefore ASP.NET 4) have been updated to include most of the boilerplate configuration information that in ASP.NET 3.5 was found in the application Web.config files. Because of the complexity of the managed IIS 7 and IIS 7.5 configuration systems, running ASP.NET 3.5 applications under ASP.NET 4 and under IIS 7 and IIS 7.5 can result in either ASP.NET or IIS configuration errors

10- ASP.NET 4 Child Applications Fail to Start When Under ASP.NET 2.0 or ASP.NET 3.5 Applications
ASP.NET 4 applications that are configured as children of applications that run earlier versions of ASP.NET might fail to start because of configuration or compilation errors.

11- ASP.NET 4 Web Sites Fail to Start on Computers Where SharePoint Is Installed
Web servers that run SharePoint have a Web.config file that is deployed at the root of a SharePoint Web site (for example, c:\inetpub\wwwroot\web.config for Default Web Site). In this Web.config file, SharePoint sets a custom partial-trust level named WSS_Minimal.
If you try to run an ASP.NET 4 Web site that is deployed as a child of this type of SharePoint Web site, you will see the following error: Could not find permission set named ‘ASP.Net’.

12- The HttpRequest.FilePath Property No Longer Includes PathInfo Values
Previous versions of ASP.NET included a PathInfo value in the value returned from various file path- related properties, including HttpRequest.FilePath, HttpRequest.AppRelativeCurrentExecutionFilePath, and HttpRequest.CurrentExecutionFilePath. ASP.NET 4 no longer includes the PathInfo value in the return values from these properties. Instead, the PathInfo information is available in HttpRequest.PathInfo.

13- ASP.NET 2.0 Applications Might Generate HttpException Errors that Reference eurl.axd
After ASP.NET 4 has been enabled on IIS 6, ASP.NET 2.0 applications that run on IIS 6 (in either Windows Server 2003 or Windows Server 2003 R2) might generate errors such as the following:
System.Web.HttpException: Path ‘/[yourApplicationRoot]/eurl.axd/[Value]‘ was not found.

14- Event Handlers Might Not Be Not Raised in a Default Document in IIS 7 or IIS 7.5 Integrated Mode
ASP.NET 4 includes modifications that change how the action attribute of the HTML form element is rendered when an extensionless URL resolves to a default document. An example of an extensionless URL resolving to a default document would be, resulting in a request to

ASP.NET 4 now renders the HTML form element’s action attribute value as an empty string when a request is made to an extensionless URL that has a default document mapped to it. For example, in earlier releases of ASP.NET, a request to would result in a request to Default.aspx. In that document, the opening form tag would be rendered as in the following example:
<form action=”Default.aspx” />
In ASP.NET 4, a request to also results in a request to Default.aspx.
However, ASP.NET now renders the HTML opening form tag as in the following example: <form action=”” />

15- Changes to the ASP.NET Code Access Security (CAS) Implementation
ASP.NET 2.0, and by extension the ASP.NET features that were added in 3.5, use the .NET Framework 1.1 and 2.0 code access security (CAS) model. However, the implementation of CAS in ASP.NET 4 has been substantially overhauled. As a result, partial-trust ASP.NET applications that rely on trusted code running in the global assembly cache (GAC) might fail with various security exceptions. Partial-trust applications that rely on extensive modifications to machine CAS policy might also fail with security exceptions.

16- MembershipUser and Other Types in the System.Web.Security Namespace Have Been Moved
Some types that are used in ASP.NET membership have been moved from System.Web.dll to the new System.Web.ApplicationServices.dll assembly. The types were moved in order to resolve architectural layering dependencies between types in the client and in extended .NET Framework SKUs.

17- Output Caching Changes to Vary * HTTP Header
In ASP.NET 1.0, a bug caused cached pages that specified Location=”ServerAndClient” as an output–cache setting to emit a Vary:* HTTP header in the response. This had the effect of telling client browsers to never cache the page locally.
In ASP.NET 1.1, the System.Web.HttpCachePolicy.SetOmitVaryStar method was added, which you could call to suppress the Vary:* header.

In ASP.NET 4, the decision was made to fix the root problem. The Vary:* HTTP header is no longer emitted from responses that specify the following directive:
<%@ OutputCache Location=”ServerAndClient” %>

18- System.Web.Security Types for Passport are Obsolete
The Passport support built into ASP.NET 2.0 has been obsolete and unsupported for a few years due to changes in Passport (now LiveID). As a result, the five types related to Passport in System.Web.Security are now marked with the ObsoleteAttribute attribute.

19- The MenuItem.PopOutImageUrl Property Fails to Render an Image in ASP.NET 4
In ASP.NET 3.5, the MenuItem.PopOutImageUrl property lets you specify the URL for an image that is displayed in a menu item to indicate that the menu item has a dynamic submenu. As a result of a design change in ASP.NET 4, no output is rendered for the PopOutImageUrl if the property is set for the MenuItem class.

20- Menu.StaticPopOutImageUrl and Menu.DynamicPopOutImageUrl Fail to Render Images When Paths Contain Backslashes
In ASP.NET 4, the images that you specify using the Menu.StaticPopOutImageUrl and Menu.DynamicPopOutImageUrl properties will not render if the path contains backlashes (\). This is a change from earlier versions of ASP.NET.

Download the complete document.

Have fun, and enjoy programming !
Patrick Goudjo-Ako a.k.a. Pat Amazing.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s