dotnetapp
(Dockerfile)docker pull mcr.microsoft.com/dotnet/samples:dotnetapp
docker pull mcr.microsoft.com/dotnet/samples:dotnetapp-chiseled
aspnetapp
(Dockerfile)docker pull mcr.microsoft.com/dotnet/samples:aspnetapp
docker pull mcr.microsoft.com/dotnet/samples:aspnetapp-chiseled
These images contain sample .NET and ASP.NET Core applications.
Watch discussions for Docker-related .NET announcements.
The .NET Docker samples show various ways to use .NET and Docker together. See Building Docker Images for .NET Applications to learn more.
You can quickly run a container with a pre-built .NET Docker image, based on the .NET console sample.
Type the following command to run a sample console application:
docker run --rm mcr.microsoft.com/dotnet/samples
You can quickly run a container with a pre-built .NET Docker image, based on the ASP.NET Core sample.
Type the following command to run a sample web application:
docker run -it --rm -p 8000:8080 --name aspnetcore_sample mcr.microsoft.com/dotnet/samples:aspnetapp
After the application starts, navigate to http://localhost:8000
in your web browser. You can also view the ASP.NET Core site running in the container from another machine with a local IP address such as http://192.168.1.18:8000
.
Note: ASP.NET Core apps (in official images) listen to port 8080 by default, starting with .NET 8. The
-p
argument in these examples maps host port8000
to container port8080
(host:container
mapping). The container will not be accessible without this mapping. ASP.NET Core can be configured to listen on a different or additional port.
See Hosting ASP.NET Core Images with Docker over HTTPS to use HTTPS with this image.
.NET container images have several variants that offer different combinations of flexibility and deployment size. The Image Variants documentation contains a summary of the image variants and their use-cases.
.NET distroless container images contain only the minimal set of packages .NET needs, with everything else removed. Due to their limited set of packages, distroless containers have a minimized security attack surface, smaller deployment sizes, and faster start-up time compared to their non-distroless counterparts. They contain the following features:
- Minimal set of packages required for .NET applications
- Non-root user by default
- No package manager
- No shell
.NET offers distroless images for Azure Linux and Ubuntu (Chiseled).
.NET:
- dotnet: .NET
- dotnet/sdk: .NET SDK
- dotnet/aspnet: ASP.NET Core Runtime
- dotnet/runtime: .NET Runtime
- dotnet/runtime-deps: .NET Runtime Dependencies
- dotnet/monitor: .NET Monitor Tool
- dotnet/aspire-dashboard: .NET Aspire Dashboard
.NET Framework:
- dotnet/framework: .NET Framework, ASP.NET and WCF
- dotnet/framework/samples: .NET Framework, ASP.NET and WCF Samples
Tags | Dockerfile | OS Version |
---|---|---|
dotnetapp-9.0 | Dockerfile | Alpine |
dotnetapp-chiseled-9.0 | Dockerfile | Ubuntu |
aspnetapp-9.0 | Dockerfile | Alpine |
aspnetapp-chiseled-9.0 | Dockerfile | Ubuntu |
dotnetapp-8.0, dotnetapp, latest | Dockerfile | Alpine |
dotnetapp-chiseled-8.0, dotnetapp-chiseled | Dockerfile | Ubuntu |
aspnetapp-8.0, aspnetapp | Dockerfile | Alpine |
aspnetapp-chiseled-8.0, aspnetapp-chiseled | Dockerfile | Ubuntu |
Tags | Dockerfile | OS Version |
---|---|---|
dotnetapp-9.0 | Dockerfile | Alpine |
dotnetapp-chiseled-9.0 | Dockerfile | Ubuntu |
aspnetapp-9.0 | Dockerfile | Alpine |
aspnetapp-chiseled-9.0 | Dockerfile | Ubuntu |
dotnetapp-8.0, dotnetapp, latest | Dockerfile | Alpine |
dotnetapp-chiseled-8.0, dotnetapp-chiseled | Dockerfile | Ubuntu |
aspnetapp-8.0, aspnetapp | Dockerfile | Alpine |
aspnetapp-chiseled-8.0, aspnetapp-chiseled | Dockerfile | Ubuntu |
Tags | Dockerfile | OS Version |
---|---|---|
dotnetapp-9.0 | Dockerfile | Alpine |
dotnetapp-chiseled-9.0 | Dockerfile | Ubuntu |
aspnetapp-9.0 | Dockerfile | Alpine |
aspnetapp-chiseled-9.0 | Dockerfile | Ubuntu |
dotnetapp-8.0, dotnetapp, latest | Dockerfile | Alpine |
dotnetapp-chiseled-8.0, dotnetapp-chiseled | Dockerfile | Ubuntu |
aspnetapp-8.0, aspnetapp | Dockerfile | Alpine |
aspnetapp-chiseled-8.0, aspnetapp-chiseled | Dockerfile | Ubuntu |
Tag | Dockerfile |
---|---|
dotnetapp-9.0-nanoserver-ltsc2022, dotnetapp-9.0 | Dockerfile |
aspnetapp-9.0-nanoserver-ltsc2022, aspnetapp-9.0 | Dockerfile |
dotnetapp-8.0-nanoserver-ltsc2022, dotnetapp-nanoserver-ltsc2022, dotnetapp-8.0, dotnetapp, latest | Dockerfile |
aspnetapp-8.0-nanoserver-ltsc2022, aspnetapp-nanoserver-ltsc2022, aspnetapp-8.0, aspnetapp | Dockerfile |
Tag | Dockerfile |
---|---|
dotnetapp-9.0-nanoserver-1809, dotnetapp-9.0 | Dockerfile |
aspnetapp-9.0-nanoserver-1809, aspnetapp-9.0 | Dockerfile |
dotnetapp-8.0-nanoserver-1809, dotnetapp-nanoserver-1809, dotnetapp-8.0, dotnetapp, latest | Dockerfile |
aspnetapp-8.0-nanoserver-1809, aspnetapp-nanoserver-1809, aspnetapp-8.0, aspnetapp | Dockerfile |
Tags not listed in the table above are not supported. See the Supported Tags Policy. See the full list of tags for all supported and unsupported tags.
These sample images are not intended for production use and may be subject to breaking changes or removal at any time. They are provided as a starting point for developers to experiment with and learn about .NET in a containerized environment.
- Base Image Updates: Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
- .NET Releases: Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
- Critical CVEs: Images are re-built to pick up critical CVE fixes as described by the CVE Update Policy below.
- Monthly Re-builds: Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
- Out-Of-Band Updates: Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the Fixed version tags documentation.
.NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when:
- We detect the image contains a CVE with a CVSS score of "Critical"
- AND the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages)
- AND there is a CVE fix for the package available in the affected base image's package repository.
Please refer to the Security Policy and Container Vulnerability Workflow for more detail about what to do when a CVE is encountered in a .NET image.
- Legal Notice: Container License Information
- .NET license
- Discover licensing for Linux image contents
- Windows base image license (only applies to Windows containers)
- Pricing and licensing for Windows Server