.NET Framework Validator
An Azure DevOps extension for enforcing organization governance on allowed .NET framework versions. This extension helps standardize the .NET versions used across your organization's projects and prevents usage of unapproved, deprecated, or potentially vulnerable framework versions.
Purpose and Benefits
- Governance and Standardization: Enforce organization standards for .NET frameworks
- Technical Debt Prevention: Prevent usage of obsolete or deprecated frameworks
- Security Posture: Ensure projects only use supported frameworks with security updates
- Modernization: Guide teams toward using newer frameworks
- Centralized Management: Configure framework whitelists once for the entire organization or customize at project level
Key Features
- Centralized Management UI: Admin portals for organization-wide and project-specific whitelists
- Flexible Whitelist Hierarchy: Global whitelist with project-level overrides and pipeline-level exceptions
- Zero Configuration Required: Works out of the box with default whitelists
- Build Validation: Automatically validates all projects during build
- Non-Blocking Option: Can be configured to warn rather than fail builds
Getting Started
Basic Usage (Zero Configuration)
Simply add the task to your pipeline - no additional configuration required:
# Add to your azure-pipelines.yml
steps:
- task: DotNetFrameworkValidator@2
displayName: 'Validate .NET Framework Versions'
inputs:
projectPath: '**/*.csproj' # Default: validate all project files
failOnInvalidFramework: true # Fail build on unapproved frameworks
Important: Enable "Allow scripts to access the OAuth token" in your pipeline settings to allow retrieving organization whitelists.
Configuring Whitelists
Organization Level (Global Whitelist)
- Navigate to Organization Settings → Extensions → .NET Framework Whitelist
- Add/remove frameworks to create your organization-wide standard
- Save your changes - they apply automatically to all projects using the global whitelist
Project Level (Project-Specific Whitelist)
- Navigate to Project Settings → Extensions → .NET Framework Whitelist
- Create a project-specific whitelist that overrides the global settings
- Projects can maintain their own whitelists when they have special requirements
Pipeline Level (One-time Override)
Override the whitelist directly in your pipeline when special exceptions are needed:
- task: DotNetFrameworkValidator@2
inputs:
projectPath: '**/*.csproj'
overrideWhitelist: 'net6.0,net5.0,netcoreapp3.1,net48' # Comma-separated list
failOnInvalidFramework: true
Whitelist Hierarchy
The extension follows a clear hierarchy when determining the whitelist to use:
- Pipeline Override: Highest priority -
overrideWhitelist
parameter in task
- Project Whitelist: Project-specific settings configured in Project Admin
- Global Whitelist: Organization-wide settings configured in Organization Admin
- Default Whitelist: Fallback with common frameworks if no whitelist is configured
Default whitelist includes: net8.0, net7.0, net6.0, net481, net48, net472, net471, net47, net462, net461, netstandard2.1, netstandard2.0, net5.0, netcoreapp3.1
Task Configuration
The task supports the following inputs:
Parameter |
Description |
Default |
projectPath |
Pattern to find .NET projects to validate |
**/*.csproj |
overrideWhitelist |
Comma-separated list of frameworks to override the whitelist |
Empty (use configured whitelist) |
failOnInvalidFramework |
Whether to fail the build if invalid frameworks are found |
true |
How It Works
The task performs the following steps:
- Retrieves the appropriate whitelist following the hierarchy described above
- Scans all project files matching the provided pattern
- Extracts target frameworks from each project's
TargetFramework
and TargetFrameworks
properties
- Validates each framework against the whitelist
- Either fails the build or issues warnings for non-compliant frameworks
Troubleshooting
If the task doesn't find your whitelist:
- Check if "Allow scripts to access OAuth token" is enabled in pipeline settings
- Verify that the correct whitelist is configured in the admin UI
- Try using the
overrideWhitelist
parameter to explicitly set the allowed frameworks