Overview

The Contrast .NET agent analyzes the behavior of .NET web applications as users interact with these applications.

To start analyzing an application, download the .NET agent installer from the Contrast interface and run this installer on the server where the web application is deployed. You can then point your browser to the web application and use it as you normally would: click on links, submit forms using normal data, etc. The .NET agent's sensors will gather information about the application's security, architecture and libraries. The results of the agent's analysis can be viewed in the Contrast interface.

.NET for Azure App Service

The Contrast .NET agent for Azure App Service is a fully featured version of the .NET agent. It analyzes the behavior of .NET web applications as users interact with their Azure App Service applications.

There are two ways to install the .NET agent for Azure App Service:

System Requirements

Before installing the .NET agent, confirm that you can meet the following requirements:

  • You have administrative access to a web server, and the server is supported by Contrast.
  • There is a deployed application to be analyzed, and the web application technology is supported by Contrast.
  • IIS can be restarted.
  • The web server has network connectivity with Contrast.
  • The server meets the minimum requirements (stated below).

Minimum requirements:

  • .NET Framework 4.5.1 present
  • 2 CPU
  • 4 GB memory

Recommended requirements:

  • .NET Framework 4.5.1 present
  • 4+ CPU
  • 8+ GB memory

Notes:

  • The server must have .NET Framework 4.5.1 installed; however, this requirement doesn't extend to applications that need to be analyzed. The .NET agent can analyze web applications that run on supported Common Language Runtimes (CLRs): CLR 2 (.NET 3.5) and CLR 4 (.NET 4.0+).

  • The .NET agent roughly doubles the RAM requirements of analyzed applications. Applications should use less than half of the available memory when the .NET agent is not installed.

  • The .NET agent uses the CLR Profiling API to perform data and code flow analysis - detect SQL-injection, XSS, weak cryptography, etc. - as well as to detect libraries and technologies used by analyzed applications. The Contrast agent can now exist alongside other .NET Profiler agents, such as performance or APM tools with the ProfilerChainingEnabled configuration setting enabled.

Supported Technologies

.NET for Windows

The Contrast .NET agent supports analysis of web applications built on the following technologies.

Technology Supported versions
.NET Framework 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1
CLR
  • CLR2

  • CLR4
  • Web Servers
  • IIS

  • IIS Express
  • Operating System
  • Windows 7, 8, 10

  • Windows Server 2008 R2, 2012, 2012 R2, 2016

  • Azure Virtual Machines, Cloud Services, Mobile Services

  • Azure App Service
  • Processor Architecture The agent can be installed on both 32-bit and 64-bit systems. On 64-bit systems, you can use the agent to analyze both 32-bit and 64-bit web applications.
    Web Application Frameworks While Contrast has built explicit tests against only the frameworks listed below, Contrast may still be able to analyze your application, if its framework simply wraps the typical ASP.NET classes (e.g., System.Web.HttpRequest).
  • ASP.NET MVC 3-5

  • ASP.NET Web Forms

  • ASP.NET Web Pages

  • IIS-Hosted ASMX-based Web Services

  • IIS-Hosted Web API

  • IIS-Hosted WCF Services
  • Notes:

    • The Mono runtime isn't supported because Mono doesn't have a Profiler API. The Profiler API is an interface based on a Component Object Model (COM), and isn't supported on Linux.
    • The Classic ASP language isn't supported because Classic ASP applications don't run on the .NET runtime.
    • Contrast doesn't support analysis of .NET Core applications at this time because .NET Core applications run on a different runtime (CoreCLR).

    .NET for Azure App Service

    The .NET agent for Azure App Service supports analysis of web applications built on the following technologies.

    Technology Supported versions
    .NET Framework Your application must be set to use CLR4. Any application that can run on this version is supported. (.NET 4.7.1 is deployed currently on Azure. Version 3.5 isn't supported.)
    CLR CLR4
    Processor Architecture Both 32-bit and 64-bit applications are supported.
    Web Application Frameworks All of the frameworks supported by the Windows agent are analyzed on Azure.

    Note: Only applications using the full .NET Framework are currently supported. Contrast plans to add support for .NET Core applications in the future.