Andrew Lock "Sock"
@andrewlock.bsky.social
Microsoft MVP and blogger, focused on ASP.NET Core. Author of ASP.NET Core in Action (https://mng.bz/5mRz)
Blog: https://andrewlock.net
Mastadon: @[email protected]
Twitter: @andrewlocknet
Blog: https://andrewlock.net
Mastadon: @[email protected]
Twitter: @andrewlocknet
Reposted by Andrew Lock "Sock"
Given the port from Disqus to Gisqus worked so well for my personal website (thanks to @andrewlock.bsky.social! 🙏), I've just done the same for the podcast!
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
As part of this, I added Giscus for comments instead of Disqus that I was using in the previous version. I haven't ported the old comments yet though.
Just Googled it and found this post (and migration tool!) by @andrewlock.bsky.social!
Andrew - you're a star!!! ⭐
andrewlock.net/migrating-co...
Just Googled it and found this post (and migration tool!) by @andrewlock.bsky.social!
Andrew - you're a star!!! ⭐
andrewlock.net/migrating-co...
The new version of my personal website is now live! I've switched from a DIY solution to @11ty.dev (largely "vibe coded"). I wanted the homepage to be a landing page for all my things - rather than being the blog listing page. Thoughts/feedback are greatly appreciated 😊
www.danclarke.com
www.danclarke.com
November 9, 2025 at 11:10 PM
Given the port from Disqus to Gisqus worked so well for my personal website (thanks to @andrewlock.bsky.social! 🙏), I've just done the same for the podcast!
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
Reposted by Andrew Lock "Sock"
.NET 10 Breaking Changes To Keep An Eye On When Upgrading duendesoftware.com/blog/2025110...
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duendesoftware.com
November 5, 2025 at 6:15 AM
.NET 10 Breaking Changes To Keep An Eye On When Upgrading duendesoftware.com/blog/2025110...
Blogged: Easier reflection with [UnsafeAccessorType] in .NET 10
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
Easier reflection with [UnsafeAccessorType] in .NET 10: Exploring the .NET 10 preview - Part 9
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference
andrewlock.net
November 4, 2025 at 3:42 PM
Blogged: Easier reflection with [UnsafeAccessorType] in .NET 10
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
Reposted by Andrew Lock "Sock"
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
andrewlock.net
October 28, 2025 at 3:35 PM
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Reposted by Andrew Lock "Sock"
Blogged: Implement a secure MCP server using OAuth DPoP and Duende identity provider
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
Implement a secure MCP server using OAuth DPoP and Duende identity provider
Code: This post demonstrates how an ASP.NET Core application can connect to a secure MCP server using OpenID Connect and OAuth. Both applications use Duende IdentityServer as the identity provider.…
damienbod.com
November 3, 2025 at 6:49 AM
Blogged: Implement a secure MCP server using OAuth DPoP and Duende identity provider
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
Reposted by Andrew Lock "Sock"
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 by @andrewlock.bsky.social andrewlock.net/understandin... #aspnetcore
October 31, 2025 at 9:21 PM
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 by @andrewlock.bsky.social andrewlock.net/understandin... #aspnetcore
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
andrewlock.net
October 28, 2025 at 3:35 PM
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Blogged: Adding metadata to fallback endpoints in ASP.NET Core
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
Adding metadata to fallback endpoints in ASP.NET Core
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
andrewlock.net
October 22, 2025 at 4:30 PM
Blogged: Adding metadata to fallback endpoints in ASP.NET Core
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
Reposted by Andrew Lock "Sock"
I just published a new article: Using profiler function hooks in .NET with Silhouette.
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
Using profiler function hooks in .NET with Silhouette
In this article, we see what are function hooks, and how to use them in .NET with Silhouette. We also learn how to statically link a library with NativeAOT.
minidump.net
October 21, 2025 at 11:49 AM
I just published a new article: Using profiler function hooks in .NET with Silhouette.
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
Blogged: Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
In this post I describe how you can use nuget.org's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
andrewlock.net
September 30, 2025 at 12:52 PM
Blogged: Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
Blogged: sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout
andrewlock.net/sleep-pc-a-d...
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
#dotnet
andrewlock.net/sleep-pc-a-d...
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
#dotnet
sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
andrewlock.net
September 23, 2025 at 5:06 PM
Blogged: sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout
andrewlock.net/sleep-pc-a-d...
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
#dotnet
andrewlock.net/sleep-pc-a-d...
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
#dotnet
Reposted by Andrew Lock "Sock"
As requested, I published an article about how the UI profiler works: minidump.net/measuring-ui...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.
I also made the source code available on github: github.com/kevingosse/U...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.
I also made the source code available on github: github.com/kevingosse/U...
September 18, 2025 at 12:54 PM
As requested, I published an article about how the UI profiler works: minidump.net/measuring-ui...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.
I also made the source code available on github: github.com/kevingosse/U...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.
I also made the source code available on github: github.com/kevingosse/U...
Reposted by Andrew Lock "Sock"
.NET STS releases are now supported for 2 years instead of 18 months starting with .NET 9 (the current STS). STS releases now go out-of-support on the same day as the previous LTS release. Upgrading to an STS release will no longer cause you to lose support!
devblogs.microsoft.com/dotnet/dotne...
devblogs.microsoft.com/dotnet/dotne...
.NET STS releases supported for 24 months - .NET Blog
.NET STS releases will be supported for 24 months
devblogs.microsoft.com
September 16, 2025 at 5:56 PM
.NET STS releases are now supported for 2 years instead of 18 months starting with .NET 9 (the current STS). STS releases now go out-of-support on the same day as the previous LTS release. Upgrading to an STS release will no longer cause you to lose support!
devblogs.microsoft.com/dotnet/dotne...
devblogs.microsoft.com/dotnet/dotne...
Supporting platform-specific .NET 10 tools on old .NET SDKs
Exploring the .NET 10 preview - Part 8
andrewlock.net/exploring-do...
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs
#dotnet
Exploring the .NET 10 preview - Part 8
andrewlock.net/exploring-do...
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs
#dotnet
Supporting platform-specific .NET tools on old .NET SDKs: Exploring the .NET 10 preview - Part 8
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10, and how to support old SDKs
andrewlock.net
September 16, 2025 at 6:00 PM
Supporting platform-specific .NET 10 tools on old .NET SDKs
Exploring the .NET 10 preview - Part 8
andrewlock.net/exploring-do...
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs
#dotnet
Exploring the .NET 10 preview - Part 8
andrewlock.net/exploring-do...
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs
#dotnet
Blogged: Packaging self-contained and native AOT .NET tools for NuGet - Exploring the .NET 10 preview - Part 7
andrewlock.net/exploring-do...
This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages
#dotnet
andrewlock.net/exploring-do...
This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages
#dotnet
Packaging self-contained and native AOT .NET tools for NuGet: Exploring the .NET 10 preview - Part 7
In this post we look at the new support for platform-specific .NET tools, so that you can pack your tools as self-contained or Native AOT packages
andrewlock.net
September 9, 2025 at 5:45 PM
Blogged: Packaging self-contained and native AOT .NET tools for NuGet - Exploring the .NET 10 preview - Part 7
andrewlock.net/exploring-do...
This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages
#dotnet
andrewlock.net/exploring-do...
This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages
#dotnet
Reposted by Andrew Lock "Sock"
If you're using github.com/VerifyTests/..., e.g. to protect your library's public API, also check out plugins.jetbrains.com/plugin/17240... created by Mathias Koch.
September 6, 2025 at 1:02 PM
If you're using github.com/VerifyTests/..., e.g. to protect your library's public API, also check out plugins.jetbrains.com/plugin/17240... created by Mathias Koch.
Reposted by Andrew Lock "Sock"
Great post! Something I think missed (because it is not correctly documented😀) is `dotnet tool install --allow-roll-forward`. You can use this when installing a tool to force it to allow roll forward, even if the tool itself doesn't.
Unfortunately I can't recall which SDK introduced it.
Unfortunately I can't recall which SDK introduced it.
September 2, 2025 at 7:36 PM
Great post! Something I think missed (because it is not correctly documented😀) is `dotnet tool install --allow-roll-forward`. You can use this when installing a tool to force it to allow roll forward, even if the tool itself doesn't.
Unfortunately I can't recall which SDK introduced it.
Unfortunately I can't recall which SDK introduced it.
Blogged: Using and authoring .NET tools
andrewlock.net/using-and-au...
In this post I describe some of the complexities around authoring .NET tools, specifically around supporting multiple .NET runtimes and testing in CI
#dotnet
andrewlock.net/using-and-au...
In this post I describe some of the complexities around authoring .NET tools, specifically around supporting multiple .NET runtimes and testing in CI
#dotnet
Using and authoring .NET tools
In this post I describe some of the complexities around authoring .NET tools, specifically around supporting multiple .NET runtimes and testing in CI
andrewlock.net
September 2, 2025 at 5:52 PM
Blogged: Using and authoring .NET tools
andrewlock.net/using-and-au...
In this post I describe some of the complexities around authoring .NET tools, specifically around supporting multiple .NET runtimes and testing in CI
#dotnet
andrewlock.net/using-and-au...
In this post I describe some of the complexities around authoring .NET tools, specifically around supporting multiple .NET runtimes and testing in CI
#dotnet
Blogged: Fixing an old .NET Core native library loading issue on Alpine
andrewlock.net/fixing-an-ol...
In this post I walk through the process of solving a native library loading issue on alpine with an old .NET runtime, showing the steps we took and the solution
#dotnet
andrewlock.net/fixing-an-ol...
In this post I walk through the process of solving a native library loading issue on alpine with an old .NET runtime, showing the steps we took and the solution
#dotnet
Fixing an old .NET Core native library loading issue on Alpine
In this post I walk through the process of solving a native library loading issue on alpine with an old .NET runtime, showing the steps we took and the solution
andrewlock.net
August 26, 2025 at 5:41 PM
Blogged: Fixing an old .NET Core native library loading issue on Alpine
andrewlock.net/fixing-an-ol...
In this post I walk through the process of solving a native library loading issue on alpine with an old .NET runtime, showing the steps we took and the solution
#dotnet
andrewlock.net/fixing-an-ol...
In this post I walk through the process of solving a native library loading issue on alpine with an old .NET runtime, showing the steps we took and the solution
#dotnet
Reposted by Andrew Lock "Sock"
Running .NET in the browser without Blazor by @andrewlock.bsky.social andrewlock.net/running-dotn... #aspnetcore #blazor
August 19, 2025 at 8:44 AM
Running .NET in the browser without Blazor by @andrewlock.bsky.social andrewlock.net/running-dotn... #aspnetcore #blazor
Blogged: Converting an xUnit test project to TUnit
andrewlock.net/converting-a...
In this post I discuss the new TUnit testing framework, why I ported one of my libraries to use it instead of xUnit and related issues I had to deal with
#dotnet #testing
andrewlock.net/converting-a...
In this post I discuss the new TUnit testing framework, why I ported one of my libraries to use it instead of xUnit and related issues I had to deal with
#dotnet #testing
Converting an xUnit test project to TUnit
In this post I discuss the new TUnit testing framework, why I ported one of my libraries to use it instead of xUnit and related issues I had to deal with
andrewlock.net
August 19, 2025 at 6:00 PM
Blogged: Converting an xUnit test project to TUnit
andrewlock.net/converting-a...
In this post I discuss the new TUnit testing framework, why I ported one of my libraries to use it instead of xUnit and related issues I had to deal with
#dotnet #testing
andrewlock.net/converting-a...
In this post I discuss the new TUnit testing framework, why I ported one of my libraries to use it instead of xUnit and related issues I had to deal with
#dotnet #testing
Reposted by Andrew Lock "Sock"
Blogged: Reset Cookies and force new sign-in using ASP.NET Core Identity
damienbod.com/2025/08/18/r...
#aspnetcore #identity #iam #cookie #duende #dotnet #net
damienbod.com/2025/08/18/r...
#aspnetcore #identity #iam #cookie #duende #dotnet #net
Reset Cookies and force new sign-in using ASP.NET Core Identity
This post looks at implementing a cookie reset in an ASP.NET Core application using Duende identity server which federates to Entra ID. Sometimes cookies need to be reset for end users due to size …
damienbod.com
August 18, 2025 at 5:18 AM
Blogged: Reset Cookies and force new sign-in using ASP.NET Core Identity
damienbod.com/2025/08/18/r...
#aspnetcore #identity #iam #cookie #duende #dotnet #net
damienbod.com/2025/08/18/r...
#aspnetcore #identity #iam #cookie #duende #dotnet #net
Reposted by Andrew Lock "Sock"
Redid the way my content engine handled file watchers thanks to this post ( and @maartenballiauw.be, @woodruff.dev , @khalidabuhakmeh.mastodon.social.ap.brid.gy on @breakpoint.show ). Took the drifter example and tweaked it so that the lifetime of the object is determined by a file watcher.
August 14, 2025 at 4:15 AM
Redid the way my content engine handled file watchers thanks to this post ( and @maartenballiauw.be, @woodruff.dev , @khalidabuhakmeh.mastodon.social.ap.brid.gy on @breakpoint.show ). Took the drifter example and tweaked it so that the lifetime of the object is determined by a file watcher.
Reposted by Andrew Lock "Sock"
Andrew Lock explains that .NET 10 preview 6 adds passkey support to ASP.NET Core Identity, enabling passwordless login with WebAuthn in the new Blazor template. via andrewlocknet https://andrewlock.net/exploring-dotnet-10-preview-features-6-passkey-support-for-aspnetcore-identity/
Passkey support for ASP.NET Core identity: Exploring the .NET 10 preview - Part 6
In this post I look at the passkey support added to ASP.NET Core Identity and the Blazor Web App template, explore how it works, and look at the implementation
andrewlock.net
August 13, 2025 at 3:04 AM
Andrew Lock explains that .NET 10 preview 6 adds passkey support to ASP.NET Core Identity, enabling passwordless login with WebAuthn in the new Blazor template. via andrewlocknet https://andrewlock.net/exploring-dotnet-10-preview-features-6-passkey-support-for-aspnetcore-identity/
Blogged: Running .NET in the browser without Blazor
andrewlock.net/running-dotn...
In this post I show how to run .NET in your browser without using Blazor, and instead rely on lower-level abstractions provided by [JSImport] and [JSExport]
#dotnet #aspnetcore #wasm #webassembly
andrewlock.net/running-dotn...
In this post I show how to run .NET in your browser without using Blazor, and instead rely on lower-level abstractions provided by [JSImport] and [JSExport]
#dotnet #aspnetcore #wasm #webassembly
Running .NET in the browser without Blazor
In this post I show how to run .NET in your browser without using Blazor, and instead rely on lower-level abstractions provided by [JSImport] and [JSExport]
andrewlock.net
August 12, 2025 at 4:04 PM
Blogged: Running .NET in the browser without Blazor
andrewlock.net/running-dotn...
In this post I show how to run .NET in your browser without using Blazor, and instead rely on lower-level abstractions provided by [JSImport] and [JSExport]
#dotnet #aspnetcore #wasm #webassembly
andrewlock.net/running-dotn...
In this post I show how to run .NET in your browser without using Blazor, and instead rely on lower-level abstractions provided by [JSImport] and [JSExport]
#dotnet #aspnetcore #wasm #webassembly