If this behavior is undesirable, you can restore the previous behavior by setting the .SetActorAsReferenceWhenCopyingClaimsIdentity switch in your application configuration file to true. NET Framework 4.6.1 and earlier versions, it is equal. NET Framework 4.6.2, the .Actor property of the new ClaimsIdentity object is not equal to the .Actor property of the constructor's argument. In the Framework 4.6.1 and earlier versions, the .Actor property is attached as an existing reference.Because of this change, starting with the. If the argument is a ClaimsIdentity object, and the .Actor property of that ClaimsIdentity object is not null, the .Actor property is attached by using the Clone() method. NET Framework 4.6.2, there is a change in how ClaimsIdentity constructors with an parameter set the .Actor property. AesCryptoServiceProvider.CreateDecryptor()Ĭalls to ClaimsIdentity constructors Details.NET Framework 4.6.2 can opt in to it by adding the following configuration setting to the section of the application's configuration file: NET Framework but are running under a version of the. In addition, applications that target a previous version of the. The impact of this change should be minimal, since this is the expected behavior.Applications that depend on the previous behavior can opt out of it using it by adding the following configuration setting to the section of the application's configuration file: NET Framework, attempting to reuse the decryptor by calling .TransformBlock(Byte, Int32, Int32, Byte, Int32) after a call to .TransformFinalBlock(Byte, Int32, Int32) throws a CryptographicException or produces corrupted data. For apps that target earlier versions of the. After a call to .TransformFinalBlock(Byte, Int32, Int32), the transform is reinitialized and can be reused.
NET Framework 4.6.2, the AesCryptoServiceProvider decryptor provides a reusable transform. Ĭore AesCryptoServiceProvider decryptor provides a reusable transform Details To restore the old behavior, you can add the following setting to your web.config file to opt out of the new behavior. If the limit is reached, a warning will be logged in the event log, and an HTTP 500 response may be recorded in the IIS log. In the fix, we added a counter to track the queued requests and terminate the requests when they exceed a specified limit. If a page takes a long time to respond, it will significantly degrade server performance just by pressing F5 on the browser. NET Framework 4.6.2 and earlier, ASP.NET executes requests with the same Sessionid sequentially, and ASP.NET always issues the Sessionid through cookies by default. NET Framework 4.6.1 to 4.7, review the following topics for application compatibility issues that may affect your app: ASP.NET Throttle concurrent requests per session Details