Andrew Lock "Sock"
@andrewlock.bsky.social
Microsoft MVP and blogger, focused on ASP.NET Core. Author of ASP.NET Core in Action (https://mng.bz/5mRz)
Blog: https://andrewlock.net
Mastadon: @[email protected]
Twitter: @andrewlocknet
Blog: https://andrewlock.net
Mastadon: @[email protected]
Twitter: @andrewlocknet
Blogged: Recent updates to NetEscapades.EnumGenerators: [EnumMember] support, analyzers, and bug fixes
andrewlock.net/recent-updat...
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
#dotnet
andrewlock.net/recent-updat...
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
#dotnet
Recent updates to NetEscapades.EnumGenerators: [EnumMember] support, analyzers, and bug fixes
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
andrewlock.net
December 2, 2025 at 5:05 PM
Blogged: Recent updates to NetEscapades.EnumGenerators: [EnumMember] support, analyzers, and bug fixes
andrewlock.net/recent-updat...
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
#dotnet
andrewlock.net/recent-updat...
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
#dotnet
Reposted by Andrew Lock "Sock"
MSBuild tip: if you're working with binlogs, set the environment variable MSBuildLogPropertyTracking=15.
It enables logging of where each property was initially assigned from during evaluation and lights up more features in the binlog viewer.
It enables logging of where each property was initially assigned from during evaluation and lights up more features in the binlog viewer.
December 2, 2025 at 6:13 AM
MSBuild tip: if you're working with binlogs, set the environment variable MSBuildLogPropertyTracking=15.
It enables logging of where each property was initially assigned from during evaluation and lights up more features in the binlog viewer.
It enables logging of where each property was initially assigned from during evaluation and lights up more features in the binlog viewer.
Reposted by Andrew Lock "Sock"
And it's up! All together now...
🎶 Somebody told me
the user provider
should use an adaptor
to proxy the query
factory builder... 🎶
www.youtube.com/watch?v=p03o...
🎶 Somebody told me
the user provider
should use an adaptor
to proxy the query
factory builder... 🎶
www.youtube.com/watch?v=p03o...
November 28, 2025 at 3:15 PM
And it's up! All together now...
🎶 Somebody told me
the user provider
should use an adaptor
to proxy the query
factory builder... 🎶
www.youtube.com/watch?v=p03o...
🎶 Somebody told me
the user provider
should use an adaptor
to proxy the query
factory builder... 🎶
www.youtube.com/watch?v=p03o...
Blogged: Exploring the .NET boot process via host tracing
andrewlock.net/exploring-th...
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
#dotnet
andrewlock.net/exploring-th...
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
#dotnet
Exploring the .NET boot process via host tracing
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
andrewlock.net
November 25, 2025 at 6:39 PM
Blogged: Exploring the .NET boot process via host tracing
andrewlock.net/exploring-th...
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
#dotnet
andrewlock.net/exploring-th...
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
#dotnet
Reposted by Andrew Lock "Sock"
I've also put a blog post together which outlines what this is, how it might affect your web framework or reverse proxy, and things you can put to decision makers.
rjj-software.co.uk/blog/cve-202...
rjj-software.co.uk/blog/cve-202...
CVE-2025-55315: Understanding 'Funky Chunks' and Why Your Organisation Needs to Act Now | Jamie Taylor - Fractional CTO & Technology Consultant
A critical HTTP request smuggling vulnerability affecting web frameworks globally requires immediate attention from decision makers. With a CVSS score of 9.9, CVE-2025-55315 exploits fundamental featu...
rjj-software.co.uk
November 21, 2025 at 2:06 PM
I've also put a blog post together which outlines what this is, how it might affect your web framework or reverse proxy, and things you can put to decision makers.
rjj-software.co.uk/blog/cve-202...
rjj-software.co.uk/blog/cve-202...
Reposted by Andrew Lock "Sock"
If you learn one thing today, please let it be about CVE-2025-55315.
And if you want a place to start, you could try this conversation I had with @unixterminal.bsky.social: dotnetcore.show/season-8/hay...
And if you want a place to start, you could try this conversation I had with @unixterminal.bsky.social: dotnetcore.show/season-8/hay...
S08E07b - Hayden Barnes and CVE-2025-33515
In this bonus episode of The Modern .NET Show, we welcomed Hayden Barnes back to the recording booth to talk about what has been called 'the worst .NET vulnerability ever', what it is, how it affects ...
dotnetcore.show
November 21, 2025 at 6:29 AM
If you learn one thing today, please let it be about CVE-2025-55315.
And if you want a place to start, you could try this conversation I had with @unixterminal.bsky.social: dotnetcore.show/season-8/hay...
And if you want a place to start, you could try this conversation I had with @unixterminal.bsky.social: dotnetcore.show/season-8/hay...
Reposted by Andrew Lock "Sock"
Blogged: Companies complaining .NET moves too fast should just pay for post-EOL support
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
Companies complaining .NET moves too fast should just pay for post-EOL support
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6
andrewlock.net
November 18, 2025 at 5:53 PM
Blogged: Companies complaining .NET moves too fast should just pay for post-EOL support
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
Blogged: Companies complaining .NET moves too fast should just pay for post-EOL support
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
Companies complaining .NET moves too fast should just pay for post-EOL support
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6
andrewlock.net
November 18, 2025 at 5:53 PM
Blogged: Companies complaining .NET moves too fast should just pay for post-EOL support
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
Reposted by Andrew Lock "Sock"
Given the port from Disqus to Gisqus worked so well for my personal website (thanks to @andrewlock.bsky.social! 🙏), I've just done the same for the podcast!
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
As part of this, I added Giscus for comments instead of Disqus that I was using in the previous version. I haven't ported the old comments yet though.
Just Googled it and found this post (and migration tool!) by @andrewlock.bsky.social!
Andrew - you're a star!!! ⭐
andrewlock.net/migrating-co...
Just Googled it and found this post (and migration tool!) by @andrewlock.bsky.social!
Andrew - you're a star!!! ⭐
andrewlock.net/migrating-co...
The new version of my personal website is now live! I've switched from a DIY solution to @11ty.dev (largely "vibe coded"). I wanted the homepage to be a landing page for all my things - rather than being the blog listing page. Thoughts/feedback are greatly appreciated 😊
www.danclarke.com
www.danclarke.com
November 9, 2025 at 11:10 PM
Given the port from Disqus to Gisqus worked so well for my personal website (thanks to @andrewlock.bsky.social! 🙏), I've just done the same for the podcast!
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
Reposted by Andrew Lock "Sock"
.NET 10 Breaking Changes To Keep An Eye On When Upgrading duendesoftware.com/blog/2025110...
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duendesoftware.com
November 5, 2025 at 6:15 AM
.NET 10 Breaking Changes To Keep An Eye On When Upgrading duendesoftware.com/blog/2025110...
Blogged: Easier reflection with [UnsafeAccessorType] in .NET 10
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
Easier reflection with [UnsafeAccessorType] in .NET 10: Exploring the .NET 10 preview - Part 9
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference
andrewlock.net
November 4, 2025 at 3:42 PM
Blogged: Easier reflection with [UnsafeAccessorType] in .NET 10
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
Reposted by Andrew Lock "Sock"
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
andrewlock.net
October 28, 2025 at 3:35 PM
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Reposted by Andrew Lock "Sock"
Blogged: Implement a secure MCP server using OAuth DPoP and Duende identity provider
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
Implement a secure MCP server using OAuth DPoP and Duende identity provider
Code: This post demonstrates how an ASP.NET Core application can connect to a secure MCP server using OpenID Connect and OAuth. Both applications use Duende IdentityServer as the identity provider.…
damienbod.com
November 3, 2025 at 6:49 AM
Blogged: Implement a secure MCP server using OAuth DPoP and Duende identity provider
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
Reposted by Andrew Lock "Sock"
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 by @andrewlock.bsky.social andrewlock.net/understandin... #aspnetcore
October 31, 2025 at 9:21 PM
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 by @andrewlock.bsky.social andrewlock.net/understandin... #aspnetcore
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
andrewlock.net
October 28, 2025 at 3:35 PM
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Blogged: Adding metadata to fallback endpoints in ASP.NET Core
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
Adding metadata to fallback endpoints in ASP.NET Core
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
andrewlock.net
October 22, 2025 at 4:30 PM
Blogged: Adding metadata to fallback endpoints in ASP.NET Core
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
Reposted by Andrew Lock "Sock"
I just published a new article: Using profiler function hooks in .NET with Silhouette.
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
Using profiler function hooks in .NET with Silhouette
In this article, we see what are function hooks, and how to use them in .NET with Silhouette. We also learn how to statically link a library with NativeAOT.
minidump.net
October 21, 2025 at 11:49 AM
I just published a new article: Using profiler function hooks in .NET with Silhouette.
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
Blogged: Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
In this post I describe how you can use nuget.org's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
andrewlock.net
September 30, 2025 at 12:52 PM
Blogged: Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
Blogged: sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout
andrewlock.net/sleep-pc-a-d...
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
#dotnet
andrewlock.net/sleep-pc-a-d...
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
#dotnet
sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
andrewlock.net
September 23, 2025 at 5:06 PM
Blogged: sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout
andrewlock.net/sleep-pc-a-d...
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
#dotnet
andrewlock.net/sleep-pc-a-d...
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
#dotnet
Reposted by Andrew Lock "Sock"
As requested, I published an article about how the UI profiler works: minidump.net/measuring-ui...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.
I also made the source code available on github: github.com/kevingosse/U...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.
I also made the source code available on github: github.com/kevingosse/U...
September 18, 2025 at 12:54 PM
As requested, I published an article about how the UI profiler works: minidump.net/measuring-ui...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.
I also made the source code available on github: github.com/kevingosse/U...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.
I also made the source code available on github: github.com/kevingosse/U...
Reposted by Andrew Lock "Sock"
.NET STS releases are now supported for 2 years instead of 18 months starting with .NET 9 (the current STS). STS releases now go out-of-support on the same day as the previous LTS release. Upgrading to an STS release will no longer cause you to lose support!
devblogs.microsoft.com/dotnet/dotne...
devblogs.microsoft.com/dotnet/dotne...
.NET STS releases supported for 24 months - .NET Blog
.NET STS releases will be supported for 24 months
devblogs.microsoft.com
September 16, 2025 at 5:56 PM
.NET STS releases are now supported for 2 years instead of 18 months starting with .NET 9 (the current STS). STS releases now go out-of-support on the same day as the previous LTS release. Upgrading to an STS release will no longer cause you to lose support!
devblogs.microsoft.com/dotnet/dotne...
devblogs.microsoft.com/dotnet/dotne...
Supporting platform-specific .NET 10 tools on old .NET SDKs
Exploring the .NET 10 preview - Part 8
andrewlock.net/exploring-do...
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs
#dotnet
Exploring the .NET 10 preview - Part 8
andrewlock.net/exploring-do...
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs
#dotnet
Supporting platform-specific .NET tools on old .NET SDKs: Exploring the .NET 10 preview - Part 8
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10, and how to support old SDKs
andrewlock.net
September 16, 2025 at 6:00 PM
Supporting platform-specific .NET 10 tools on old .NET SDKs
Exploring the .NET 10 preview - Part 8
andrewlock.net/exploring-do...
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs
#dotnet
Exploring the .NET 10 preview - Part 8
andrewlock.net/exploring-do...
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs
#dotnet
Blogged: Packaging self-contained and native AOT .NET tools for NuGet - Exploring the .NET 10 preview - Part 7
andrewlock.net/exploring-do...
This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages
#dotnet
andrewlock.net/exploring-do...
This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages
#dotnet
Packaging self-contained and native AOT .NET tools for NuGet: Exploring the .NET 10 preview - Part 7
In this post we look at the new support for platform-specific .NET tools, so that you can pack your tools as self-contained or Native AOT packages
andrewlock.net
September 9, 2025 at 5:45 PM
Blogged: Packaging self-contained and native AOT .NET tools for NuGet - Exploring the .NET 10 preview - Part 7
andrewlock.net/exploring-do...
This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages
#dotnet
andrewlock.net/exploring-do...
This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages
#dotnet
Reposted by Andrew Lock "Sock"
If you're using github.com/VerifyTests/..., e.g. to protect your library's public API, also check out plugins.jetbrains.com/plugin/17240... created by Mathias Koch.
September 6, 2025 at 1:02 PM
If you're using github.com/VerifyTests/..., e.g. to protect your library's public API, also check out plugins.jetbrains.com/plugin/17240... created by Mathias Koch.