---
title: .NET Compatibility Requirements
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > App and API Protection > Enabling App and API
  Protection > Compatibility Requirements > .NET Compatibility Requirements
---

# .NET Compatibility Requirements

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## App and API Protection capabilities{% #app-and-api-protection-capabilities %}

The following App and API Protection capabilities are supported in the .NET library, for the specified tracer version:

| App and API Protection capability           | Minimum .NET tracer version |
| ------------------------------------------- | --------------------------- |
| HTTP Monitoring                             | 2.42.0                      |
| gRPC Monitoring                             | not supported               |
| GraphQL Monitoring                          | not supported               |
| Exploit Prevention                          | 3.7.0                       |
| API Security                                | 3.44.0                      |
| Account Takeover Protection                 | 3.4.0                       |
| Runtime Activation                          | 2.15.0                      |
| Runtime Software Composition Analysis (SCA) | 2.17.0                      |
| Runtime Code Analysis (IAST)                | 3.2.0                       |

The minimum tracer version to get all supported App and API Protection capabilities for .NET is 3.44.0. The following capabilities are not yet supported: gRPC Monitoring, GraphQL Monitoring. **Note**: AAP requires enabling [Remote Configuration](https://docs.datadoghq.com/tracing/guide/remote_config.md), which is included in the listed minimum tracer version.

### Supported deployment types{% #supported-deployment-types %}

| Deployment type   | Support |
| ----------------- | ------- |
| Docker            | yes     |
| Kubernetes        | yes     |
| Amazon ECS        | yes     |
| AWS Fargate       | yes     |
| AWS Lambda        | yes     |
| Azure App Service | yes     |

**Note**: Azure App Service is supported for **web applications only**. App and API Protection capabilities are not supported for Azure Functions.

## Language and framework compatibility{% #language-and-framework-compatibility %}

.NET App and API Protection uses the Datadog .NET tracer and therefore inherits the same runtime and platform compatibility constraints as APM instrumentation. For applications running on modern .NET runtimes, see the [.NET tracer compatibility page for .NET Core and later](https://docs.datadoghq.com/tracing/trace_collection/compatibility/dotnet-core.md). For applications running on .NET Framework, see the [.NET tracer compatibility page for .NET Framework](https://docs.datadoghq.com/tracing/trace_collection/compatibility/dotnet-framework.md).

## Integrations{% #integrations %}

The .NET tracer includes support for the following frameworks, data stores and libraries.

{% alert level="info" %}
If you don't see your library of choice listed, fill out [this short form to send details](https://forms.gle/gHrxGQMEnAobukfn7).
{% /alert %}

### Web framework compatibility{% #web-framework-compatibility %}

- Attacker source HTTP request details
- Tags for the HTTP request (status code, method, etc)
- Distributed Tracing to see attack flows through your applications

| Framework                                                                                            | HTTP Monitoring | HTTP Blocking |
| ---------------------------------------------------------------------------------------------------- | --------------- | ------------- |
| [ASP.NET](https://docs.datadoghq.com/tracing/trace_collection/compatibility/dotnet-core.md)          | yes             | yes           |
| [ASP.NET MVC](https://docs.datadoghq.com/tracing/trace_collection/compatibility/dotnet-framework.md) | yes             | yes           |
| [ASP.NET Web API 2](https://dotnet.microsoft.com/en-us/apps/aspnet)                                  | yes             | yes           |
| [ASP.NET Core](https://dotnet.microsoft.com/en-us/apps/aspnet/mvc)                                   | yes             | yes           |

### Networking framework compatibility{% #networking-framework-compatibility %}

| Framework                                                                              | Server-side Request Forgery (SSRF) |
| -------------------------------------------------------------------------------------- | ---------------------------------- |
| [HttpClient / HttpMessageHandler](https://dotnet.microsoft.com/en-us/apps/aspnet/apis) | yes                                |
| [WebRequest / HttpWebRequest](https://dotnet.microsoft.com/en-us/apps/aspnet)          | yes                                |

### Data store compatibility{% #data-store-compatibility %}

**Datastore tracing provides:**

- SQL attack detection
- Query info (for example, a sanitized query string)
- Error and stacktrace capturing

**Note**: The table below lists database integrations with explicit datastore-level coverage. App and API Protection also analyzes untrusted HTTP request input, so some protections can still apply even when a database integration is not listed here.

| Framework                                                                                                                                | SQL Injection (SQLi) |
| ---------------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
| [SQL Server (System.Data.SqlClient / Microsoft.Data.SqlClient)](https://learn.microsoft.com/en-us/dotnet/api/system.net.http.httpclient) | yes                  |
| [MySQL (MySql.Data / MySqlConnector)](https://learn.microsoft.com/en-us/dotnet/api/system.net.webrequest)                                | yes                  |
| [PostgreSQL (Npgsql)](https://learn.microsoft.com/en-us/dotnet/api/microsoft.data.sqlclient)                                             | yes                  |
| [Oracle (Oracle.ManagedDataAccess / Oracle.DataAccess)](https://dev.mysql.com/doc/connector-net/en/)                                     | yes                  |
| [SQLite (Microsoft.Data.Sqlite / System.Data.SQLite)](https://www.npgsql.org/)                                                           | yes                  |
| [NHibernate](https://docs.oracle.com/en/database/oracle/oracle-data-access-components/)                                                  | yes                  |
| [Entity Framework Core](https://learn.microsoft.com/en-us/dotnet/standard/data/sqlite/)                                                  | yes                  |

### Filesystem compatibility{% #filesystem-compatibility %}

| Framework                                                            | Local File Inclusion (LFI) |
| -------------------------------------------------------------------- | -------------------------- |
| [System.IO (filesystem)](https://learn.microsoft.com/en-us/ef/core/) | yes                        |

### Subprocess compatibility{% #subprocess-compatibility %}

| Framework                                                                  | Command Injection | Shell Injection |
| -------------------------------------------------------------------------- | ----------------- | --------------- |
| [System.Diagnostics.Process](https://www.mongodb.com/docs/drivers/csharp/) | yes               | yes             |