[release/9.0] AppContext for HttpSys CBT hardening#64297
Merged
wtgodbe merged 1 commit intorelease/9.0from Nov 13, 2025
Merged
Conversation
BrennanConroy
added
the
Servicing-consider
JamesNK
approved these changes
Nov 10, 2025
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds an opt-in AppContext switch (Microsoft.AspNetCore.Server.HttpSys.EnableCBTHardening) that enables hardened Channel Binding Token (CBT) security for HTTP.Sys applications. This change was requested by a partner team to support enhanced security configurations.
Key changes:
- Added support for HTTP_CHANNEL_BIND_INFO native structure
- Implemented CBT hardening configuration in UrlGroup constructor with medium hardening level
- Made the feature opt-in via AppContext switch to ensure no impact to existing applications
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/Servers/HttpSys/src/NativeMethods.txt | Added HTTP_CHANNEL_BIND_INFO to the list of native types for P/Invoke generation |
| src/Servers/HttpSys/src/NativeInterop/UrlGroup.cs | Implemented CBT hardening logic in UrlGroup constructor, checking AppContext switch and calling SetProperty with channel binding settings |
| ServiceNames = (HTTP_SERVICE_BINDING_BASE**)IntPtr.Zero, | ||
| NumberOfServiceNames = 0, | ||
| }; | ||
| SetProperty(HTTP_SERVER_PROPERTY.HttpServerChannelBindProperty, new(&channelBindingSettings), (uint)ChannelBindInfoSize); |
There was a problem hiding this comment.
The SetProperty call in the constructor should handle potential errors. If this call fails, the UrlGroup is still constructed but without CBT hardening, which could lead to a silent security configuration failure. Consider adding error handling or logging similar to other property setters in this class, or document that failures are intentionally ignored during construction.
Suggested change
| SetProperty(HTTP_SERVER_PROPERTY.HttpServerChannelBindProperty, new(&channelBindingSettings), (uint)ChannelBindInfoSize); | |
| try | |
| { | |
| SetProperty(HTTP_SERVER_PROPERTY.HttpServerChannelBindProperty, new(&channelBindingSettings), (uint)ChannelBindInfoSize); | |
| } | |
| catch (Exception ex) | |
| { | |
| _logger.LogError(ex, "Failed to set CBT hardening on UrlGroup during construction. Security configuration may be incomplete."); | |
| // Optionally, rethrow or handle as needed for your application's security requirements. | |
| } |
wtgodbe
added
Servicing-approved
Member
|
Approved over email |
Contributor
|
Hi @@BrennanConroy. This PR was just approved to be included in the upcoming servicing release. Somebody from the @dotnet/aspnet-build team will get it merged when the branches are open. Until then, please make sure all the CI checks pass and the PR is reviewed. |
This was referenced Jan 13, 2026
Closed
This was referenced Feb 23, 2026
Closed
renebentes
pushed a commit
to renebentes/3054
that referenced
this pull request
Feb 25, 2026
Updated [Microsoft.AspNetCore.OpenApi](https://github.com/dotnet/aspnetcore) from 9.0.9 to 9.0.13. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.OpenApi's releases](https://github.com/dotnet/aspnetcore/releases)._ ## 9.0.13 [Release](https://github.com/dotnet/core/releases/tag/v9.0.13) ## What's Changed * Update branding to 9.0.13 by @vseanreesermsft in dotnet/aspnetcore#64938 * [release/9.0] (deps): Bump src/submodules/googletest from `1b96fa1` to `9156d4c` by @dependabot[bot] in dotnet/aspnetcore#64908 * [release/9.0] Pass container image correctly for source-build job in official build by @akoeplinger in dotnet/aspnetcore#64781 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#64686 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#64685 * [release/9.0] Update gradle by @github-actions[bot] in dotnet/aspnetcore#64980 * Backport #64657: Use shallow clones for CI jobs by @Copilot in dotnet/aspnetcore#64677 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#65012 * [release/9.0] Add .slnx fallback for TestHost content root discovery by @Copilot in dotnet/aspnetcore#64953 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#65046 **Full Changelog**: dotnet/aspnetcore@v9.0.12...v9.0.13) ## 9.0.12 [Release](https://github.com/dotnet/core/releases/tag/v9.0.12) ## What's Changed * Update branding to 9.0.12 by @vseanreesermsft in dotnet/aspnetcore#64248 * Update `Microsoft.Build` versions to 17.8.43 by @MackinnonBuck in dotnet/aspnetcore#64277 * [release/9.0] (deps): Bump src/submodules/googletest from `9706f75` to `6ec14df` by @dependabot[bot] in dotnet/aspnetcore#64230 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#64111 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#64065 * [release/9.0] Upgrade to MacOS 15 for CI by @wtgodbe in dotnet/aspnetcore#64310 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#64312 * [release/9.0] Don't use netcoreapp2.1 in dotnet-get-document by @wtgodbe in dotnet/aspnetcore#64351 * [release/9.0] AppContext for HttpSys CBT hardening by @BrennanConroy in dotnet/aspnetcore#64297 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#64350 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#64388 * [release/9.0] Delete signalr-daily-tests.yml by @github-actions[bot] in dotnet/aspnetcore#64589 * [release/9.0] (deps): Bump src/submodules/googletest from `6ec14df` to `1b96fa1` by @dependabot[bot] in dotnet/aspnetcore#64580 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#64503 **Full Changelog**: dotnet/aspnetcore@v9.0.11...v9.0.12 ## 9.0.11 [Release](https://github.com/dotnet/core/releases/tag/v9.0.11) ## What's Changed * Update branding to 9.0.11 by @vseanreesermsft in dotnet/aspnetcore#63950 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#63677 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63678 * [release/9.0] (deps): Bump src/submodules/googletest from `eb2d85e` to `9706f75` by @dependabot[bot] in dotnet/aspnetcore#63894 * [release/9.0] Fixed devtools url used for debug with chrome and edge by @github-actions[bot] in dotnet/aspnetcore#61948 * [release/9.0] (http2): Lower WINDOWS_UPDATE received on (half)closed stream to stream abortion by @DeagleGross in dotnet/aspnetcore#63934 * [release/9.0] Re-quarantine ServerRoutingTest.NavigationLock_OverlappingNavigationsCancelExistingNavigations_HistoryNavigation by @github-actions[bot] in dotnet/aspnetcore#63956 * [release/9.0] Fix nginx install on mac, linux by @wtgodbe in dotnet/aspnetcore#63966 * [Hot Reload] Do not attempt to apply empty deltas. by @tmat in dotnet/aspnetcore#63979 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#64036 * Revert log level severity for unknown proxy in ForwardedHeadersMiddleware by @BrennanConroy in dotnet/aspnetcore#64091 * Set timeoutInMinutes to 0 for Windows build job by @vseanreesermsft in dotnet/aspnetcore#64126 **Full Changelog**: dotnet/aspnetcore@v9.0.10...v9.0.11 ## 9.0.10 [Release](https://github.com/dotnet/core/releases/tag/v9.0.10) ## What's Changed * Update branding to 9.0.10 by @vseanreesermsft in dotnet/aspnetcore#63510 * [9.0] Make duplicate deb/rpm packages so we can sign them with the new PMC key by @jkoritzinsky in dotnet/aspnetcore#63249 * [release/9.0] Extend Unofficial 1ES template in IdentityModel nightly tests job by @github-actions[bot] in dotnet/aspnetcore#63465 * [release/9.0] (deps): Bump src/submodules/googletest from `373af2e` to `eb2d85e` by @dependabot[bot] in dotnet/aspnetcore#63501 * [release/9.0] Quarantine ResponseBody_WriteContentLength_PassedThrough by @wtgodbe in dotnet/aspnetcore#63533 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63304 * [release/9.0] [OpenAPI] Use invariant culture for TextWriter by @martincostello in dotnet/aspnetcore#62239 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#63303 * Unquarantine `RadioButtonGetsResetAfterSubmittingEnhancedForm` by @ilonatommy in dotnet/aspnetcore#63556 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#63577 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#63604 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63648 * backport(9.0): Fix runtime architecture detection logic in ANCM. by @DeagleGross in dotnet/aspnetcore#63707 **Full Changelog**: dotnet/aspnetcore@v9.0.9...v9.0.10 Commits viewable in [compare view](dotnet/aspnetcore@v9.0.9...v9.0.13). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This was referenced Feb 25, 2026
Closed
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
AppContext for HttpSys CBT hardening
Description
Request from a partner team to allow setting hardened security for their HTTP.Sys applications.
Customer Impact
By default there is no impact, this change is opt-in. If the change is enabled then it sets hardened security for the endpoints exposed by the HTTP.Sys application.
Regression?
Risk
Purely opt-in change. We've also verified the change with the partner team.
Verification
Packaging changes reviewed?