Andrew Lock "Sock"
@andrewlock.bsky.social
Microsoft MVP and blogger, focused on ASP.NET Core. Author of ASP.NET Core in Action (https://mng.bz/5mRz)
Blog: https://andrewlock.net
Mastadon: @[email protected]
Twitter: @andrewlocknet
Blog: https://andrewlock.net
Mastadon: @[email protected]
Twitter: @andrewlocknet
Reposted by Andrew Lock "Sock"
Blogged: Digital Authentication and Identity validation
damienbod.com/2025/12/20/d...
#oidc #identity #iam #swiyu #eid #oauth #dpop #openid #security #ecollecting #authentication #loa #loi #vc #oauth2 #swiss #ch #cybersecurity
damienbod.com/2025/12/20/d...
#oidc #identity #iam #swiyu #eid #oauth #dpop #openid #security #ecollecting #authentication #loa #loi #vc #oauth2 #swiss #ch #cybersecurity
December 20, 2025 at 11:36 AM
Blogged: Digital Authentication and Identity validation
damienbod.com/2025/12/20/d...
#oidc #identity #iam #swiyu #eid #oauth #dpop #openid #security #ecollecting #authentication #loa #loi #vc #oauth2 #swiss #ch #cybersecurity
damienbod.com/2025/12/20/d...
#oidc #identity #iam #swiyu #eid #oauth #dpop #openid #security #ecollecting #authentication #loa #loi #vc #oauth2 #swiss #ch #cybersecurity
Reposted by Andrew Lock "Sock"
Today I ran into a deadlock in VS2026. I debugged it, and it turned out to be a common issue you may run into when writing a profiler.
I wrote a short article about it: minidump.net/investigatin...
I wrote a short article about it: minidump.net/investigatin...
Investigating a deadlock in Visual Studio
A short investigation that showcases one of the most common problem faced when writing a profiler.
minidump.net
December 17, 2025 at 5:55 PM
Today I ran into a deadlock in VS2026. I debugged it, and it turned out to be a common issue you may run into when writing a profiler.
I wrote a short article about it: minidump.net/investigatin...
I wrote a short article about it: minidump.net/investigatin...
Reposted by Andrew Lock "Sock"
Creating a .NET CLR profiler using C# and NativeAOT with Silhouette | by Andrew Lock
buff.ly/8dnlOXH
#dotnet #programming #csharp #profiler #aot
buff.ly/8dnlOXH
#dotnet #programming #csharp #profiler #aot
Creating a .NET CLR profiler using C# and NativeAOT with Silhouette
In this post I look at how to create a simple .NET profiler. But instead of using C++, the profiler uses C# and NativeAOT with the Silhouette library
buff.ly
December 16, 2025 at 7:00 PM
Creating a .NET CLR profiler using C# and NativeAOT with Silhouette | by Andrew Lock
buff.ly/8dnlOXH
#dotnet #programming #csharp #profiler #aot
buff.ly/8dnlOXH
#dotnet #programming #csharp #profiler #aot
Blogged: Creating a .NET CLR profiler using C# and NativeAOT with Silhouette
andrewlock.net/creating-a-d...
In this post I look at how to create a simple .NET profiler. But instead of using C++, the profiler uses C# and NativeAOT with @kevingosse.net's Silhouette library
#dotnet
andrewlock.net/creating-a-d...
In this post I look at how to create a simple .NET profiler. But instead of using C++, the profiler uses C# and NativeAOT with @kevingosse.net's Silhouette library
#dotnet
Creating a .NET CLR profiler using C# and NativeAOT with Silhouette
In this post I look at how to create a simple .NET profiler. But instead of using C++, the profiler uses C# and NativeAOT with the Silhouette library
andrewlock.net
December 16, 2025 at 6:10 PM
Blogged: Creating a .NET CLR profiler using C# and NativeAOT with Silhouette
andrewlock.net/creating-a-d...
In this post I look at how to create a simple .NET profiler. But instead of using C++, the profiler uses C# and NativeAOT with @kevingosse.net's Silhouette library
#dotnet
andrewlock.net/creating-a-d...
In this post I look at how to create a simple .NET profiler. But instead of using C++, the profiler uses C# and NativeAOT with @kevingosse.net's Silhouette library
#dotnet
Blogged: Trying out the Zed editor on Windows for .NET and Markdown
andrewlock.net/trying-out-t...
In this post I try out Zed on Windows to see if it can replace my VS Code usages for quick edits of .NET projects and writing Markdown documents.
#dotnet
andrewlock.net/trying-out-t...
In this post I try out Zed on Windows to see if it can replace my VS Code usages for quick edits of .NET projects and writing Markdown documents.
#dotnet
Trying out the Zed editor on Windows for .NET and Markdown
In this post I try out Zed on Windows to see if it can replace my VS Code usages for quick edits of .NET projects and writing Markdown documents
andrewlock.net
December 9, 2025 at 6:30 PM
Blogged: Trying out the Zed editor on Windows for .NET and Markdown
andrewlock.net/trying-out-t...
In this post I try out Zed on Windows to see if it can replace my VS Code usages for quick edits of .NET projects and writing Markdown documents.
#dotnet
andrewlock.net/trying-out-t...
In this post I try out Zed on Windows to see if it can replace my VS Code usages for quick edits of .NET projects and writing Markdown documents.
#dotnet
Reposted by Andrew Lock "Sock"
Kind of scary when you think about it: nesbitt.io/2025/12/06/g...
GitHub Actions Has a Package Manager, and It Might Be the Worst
GitHub Actions has a package manager that ignores decades of supply chain security best practices: no lockfile, no integrity verification, no transitive pinning
nesbitt.io
December 9, 2025 at 3:20 AM
Kind of scary when you think about it: nesbitt.io/2025/12/06/g...
Blogged: Recent updates to NetEscapades.EnumGenerators: [EnumMember] support, analyzers, and bug fixes
andrewlock.net/recent-updat...
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
#dotnet
andrewlock.net/recent-updat...
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
#dotnet
Recent updates to NetEscapades.EnumGenerators: [EnumMember] support, analyzers, and bug fixes
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
andrewlock.net
December 2, 2025 at 5:05 PM
Blogged: Recent updates to NetEscapades.EnumGenerators: [EnumMember] support, analyzers, and bug fixes
andrewlock.net/recent-updat...
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
#dotnet
andrewlock.net/recent-updat...
In this post I describe some recent changes to the NetEscapades.EnumGenerators source generator, including support for [EnumMember] and new analyzers
#dotnet
Reposted by Andrew Lock "Sock"
MSBuild tip: if you're working with binlogs, set the environment variable MSBuildLogPropertyTracking=15.
It enables logging of where each property was initially assigned from during evaluation and lights up more features in the binlog viewer.
It enables logging of where each property was initially assigned from during evaluation and lights up more features in the binlog viewer.
December 2, 2025 at 6:13 AM
MSBuild tip: if you're working with binlogs, set the environment variable MSBuildLogPropertyTracking=15.
It enables logging of where each property was initially assigned from during evaluation and lights up more features in the binlog viewer.
It enables logging of where each property was initially assigned from during evaluation and lights up more features in the binlog viewer.
Reposted by Andrew Lock "Sock"
And it's up! All together now...
🎶 Somebody told me
the user provider
should use an adaptor
to proxy the query
factory builder... 🎶
www.youtube.com/watch?v=p03o...
🎶 Somebody told me
the user provider
should use an adaptor
to proxy the query
factory builder... 🎶
www.youtube.com/watch?v=p03o...
November 28, 2025 at 3:15 PM
And it's up! All together now...
🎶 Somebody told me
the user provider
should use an adaptor
to proxy the query
factory builder... 🎶
www.youtube.com/watch?v=p03o...
🎶 Somebody told me
the user provider
should use an adaptor
to proxy the query
factory builder... 🎶
www.youtube.com/watch?v=p03o...
Blogged: Exploring the .NET boot process via host tracing
andrewlock.net/exploring-th...
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
#dotnet
andrewlock.net/exploring-th...
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
#dotnet
Exploring the .NET boot process via host tracing
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
andrewlock.net
November 25, 2025 at 6:39 PM
Blogged: Exploring the .NET boot process via host tracing
andrewlock.net/exploring-th...
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
#dotnet
andrewlock.net/exploring-th...
In this post we enable host tracing and use that to understand how a .NET app boots up via the dotnet muxer, hostfxr, and hostpolicy.dll
#dotnet
Reposted by Andrew Lock "Sock"
I've also put a blog post together which outlines what this is, how it might affect your web framework or reverse proxy, and things you can put to decision makers.
rjj-software.co.uk/blog/cve-202...
rjj-software.co.uk/blog/cve-202...
CVE-2025-55315: Understanding 'Funky Chunks' and Why Your Organisation Needs to Act Now | Jamie Taylor - Fractional CTO & Technology Consultant
A critical HTTP request smuggling vulnerability affecting web frameworks globally requires immediate attention from decision makers. With a CVSS score of 9.9, CVE-2025-55315 exploits fundamental featu...
rjj-software.co.uk
November 21, 2025 at 2:06 PM
I've also put a blog post together which outlines what this is, how it might affect your web framework or reverse proxy, and things you can put to decision makers.
rjj-software.co.uk/blog/cve-202...
rjj-software.co.uk/blog/cve-202...
Reposted by Andrew Lock "Sock"
If you learn one thing today, please let it be about CVE-2025-55315.
And if you want a place to start, you could try this conversation I had with @unixterminal.bsky.social: dotnetcore.show/season-8/hay...
And if you want a place to start, you could try this conversation I had with @unixterminal.bsky.social: dotnetcore.show/season-8/hay...
S08E07b - Hayden Barnes and CVE-2025-33515
In this bonus episode of The Modern .NET Show, we welcomed Hayden Barnes back to the recording booth to talk about what has been called 'the worst .NET vulnerability ever', what it is, how it affects ...
dotnetcore.show
November 21, 2025 at 6:29 AM
If you learn one thing today, please let it be about CVE-2025-55315.
And if you want a place to start, you could try this conversation I had with @unixterminal.bsky.social: dotnetcore.show/season-8/hay...
And if you want a place to start, you could try this conversation I had with @unixterminal.bsky.social: dotnetcore.show/season-8/hay...
Reposted by Andrew Lock "Sock"
Blogged: Companies complaining .NET moves too fast should just pay for post-EOL support
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
Companies complaining .NET moves too fast should just pay for post-EOL support
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6
andrewlock.net
November 18, 2025 at 5:53 PM
Blogged: Companies complaining .NET moves too fast should just pay for post-EOL support
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
Blogged: Companies complaining .NET moves too fast should just pay for post-EOL support
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
Companies complaining .NET moves too fast should just pay for post-EOL support
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6
andrewlock.net
November 18, 2025 at 5:53 PM
Blogged: Companies complaining .NET moves too fast should just pay for post-EOL support
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
andrewlock.net/companies-us...
In this post I describe a solution to .NET "releasing too quickly": just pay for support of older versions, such as HeroDevs' Never Ending Support for .NET 6…
#dotnet @hero.dev
Reposted by Andrew Lock "Sock"
Given the port from Disqus to Gisqus worked so well for my personal website (thanks to @andrewlock.bsky.social! 🙏), I've just done the same for the podcast!
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
As part of this, I added Giscus for comments instead of Disqus that I was using in the previous version. I haven't ported the old comments yet though.
Just Googled it and found this post (and migration tool!) by @andrewlock.bsky.social!
Andrew - you're a star!!! ⭐
andrewlock.net/migrating-co...
Just Googled it and found this post (and migration tool!) by @andrewlock.bsky.social!
Andrew - you're a star!!! ⭐
andrewlock.net/migrating-co...
The new version of my personal website is now live! I've switched from a DIY solution to @11ty.dev (largely "vibe coded"). I wanted the homepage to be a landing page for all my things - rather than being the blog listing page. Thoughts/feedback are greatly appreciated 😊
www.danclarke.com
www.danclarke.com
November 9, 2025 at 11:10 PM
Given the port from Disqus to Gisqus worked so well for my personal website (thanks to @andrewlock.bsky.social! 🙏), I've just done the same for the podcast!
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
A good time to go and comment on your favorite episodes! 😊
unhandledexceptionpodcast.com
Reposted by Andrew Lock "Sock"
.NET 10 Breaking Changes To Keep An Eye On When Upgrading duendesoftware.com/blog/2025110...
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duendesoftware.com
November 5, 2025 at 6:15 AM
.NET 10 Breaking Changes To Keep An Eye On When Upgrading duendesoftware.com/blog/2025110...
Blogged: Easier reflection with [UnsafeAccessorType] in .NET 10
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
Easier reflection with [UnsafeAccessorType] in .NET 10: Exploring the .NET 10 preview - Part 9
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference
andrewlock.net
November 4, 2025 at 3:42 PM
Blogged: Easier reflection with [UnsafeAccessorType] in .NET 10
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
andrewlock.net/exploring-do...
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time
#dotnet
Reposted by Andrew Lock "Sock"
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
andrewlock.net
October 28, 2025 at 3:35 PM
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Reposted by Andrew Lock "Sock"
Blogged: Implement a secure MCP server using OAuth DPoP and Duende identity provider
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
Implement a secure MCP server using OAuth DPoP and Duende identity provider
Code: This post demonstrates how an ASP.NET Core application can connect to a secure MCP server using OpenID Connect and OAuth. Both applications use Duende IdentityServer as the identity provider.…
damienbod.com
November 3, 2025 at 6:49 AM
Blogged: Implement a secure MCP server using OAuth DPoP and Duende identity provider
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
damienbod.com/2025/11/03/i...
#aspnetcore #mcp #llm #duende #openidconnect #oidc #oauth #dpop #jwt #openai #ai
Reposted by Andrew Lock "Sock"
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 by @andrewlock.bsky.social andrewlock.net/understandin... #aspnetcore
October 31, 2025 at 9:21 PM
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 by @andrewlock.bsky.social andrewlock.net/understandin... #aspnetcore
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
andrewlock.net
October 28, 2025 at 3:35 PM
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Blogged: Adding metadata to fallback endpoints in ASP.NET Core
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
Adding metadata to fallback endpoints in ASP.NET Core
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
andrewlock.net
October 22, 2025 at 4:30 PM
Blogged: Adding metadata to fallback endpoints in ASP.NET Core
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
andrewlock.net/adding-metad...
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
#dotnet #aspnetcore
Reposted by Andrew Lock "Sock"
I just published a new article: Using profiler function hooks in .NET with Silhouette.
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
Using profiler function hooks in .NET with Silhouette
In this article, we see what are function hooks, and how to use them in .NET with Silhouette. We also learn how to statically link a library with NativeAOT.
minidump.net
October 21, 2025 at 11:49 AM
I just published a new article: Using profiler function hooks in .NET with Silhouette.
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
In the process, we also learn how to use static linking with NativeAOT.
minidump.net/using-functi...
Blogged: Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
In this post I describe how you can use nuget.org's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
andrewlock.net
September 30, 2025 at 12:52 PM
Blogged: Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions
andrewlock.net/easily-publi...
In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
#dotnet #NuGet #GitHubActions