Microsoft published the seventh preview of .NET 10 on August 12, 2025, releasing a build that looks and feels like a near-feature-complete milestone ahead of the Long Term Support (LTS) release scheduled for November. The preview delivers a trio of developer-focused additions—WebSocketStream for stream-based WebSocket communication, passkey authentication scaffolding in ASP.NET Core Identity and Blazor templates, and a strongly-typed XAML source generator for .NET MAUI—alongside a broad set of quality fixes and cryptographic enhancements.

The LTS moment: why this preview matters

.NET 10 will be an LTS release, meaning three years of servicing and security patches. For enterprises, that locking in a version with extended support is a key migration trigger. Microsoft’s calendar-driven release cadence brings a new major version each November, and this one is on track for general availability during the virtual .NET Conf event in mid-November 2025. Preview 7, then, is late-stage consolidation: a small set of new APIs paired with a wide net of refinements across the runtime, libraries, ASP.NET Core, Blazor, MAUI, Windows Forms, and WPF. A release candidate is expected in September or October, with GA following closely.

What’s new in Preview 7

Three headline changes stand out:

  • WebSocketStream: a new library abstraction that treats WebSocket connections as streams, enabling idiomatic integration with serializers and pipelines.
  • Passkey authentication: simplified passkey support in ASP.NET Core Identity, plus template-level enablement for new Blazor apps that use individual authentication.
  • MAUI XAML source generator: a compile-time code generator that replaces runtime XAML parsing, yielding faster startup and improved tooling.

Beyond these, the release includes post-quantum cryptography (PQC) expansions, C# 14 language features, Windows Forms dark-mode fixes, and WPF Fluent theme polish.

A stream for every socket: WebSocketStream

The most notable library addition is WebSocketStream, which wraps a WebSocket connection in a Stream. This mirrors a pattern familiar to browser-side developers—the WebSocketStream API in Chrome—and brings it into the .NET ecosystem. Instead of managing raw buffers and manual framing, developers can now use familiar Stream-based idioms, combine WebSocket data with System.Text.Json serializers, and benefit from built-in backpressure handling through stream and pipeline semantics.

A typical read-and-deserialize operation becomes a two-line affair: obtain the WebSocketStream, then pass it to JsonSerializer.DeserializeAsync. This composability simplifies real-time messaging in services and reduces the bug surface that comes with hand-rolled frame assembly.

Engineers should validate edge cases—fragmented messages, large payloads, binary versus text frames—and ensure interoperability with non-.NET clients before moving to production. Adding telemetry that captures WebSocket lifecycle events and message-level metrics is also recommended.

Passkeys go mainstream in ASP.NET Core Identity

Preview 7 advances Microsoft’s push toward phishing-resistant authentication by weaving passkey support directly into ASP.NET Core Identity and the Blazor project template with individual authentication. Creating a new Blazor app and opting into individual authentication now scaffolds passkey enrollment and login flows alongside traditional password-backed accounts.

Passkeys, built on FIDO2/WebAuthn, use platform authenticators (Windows Hello, Touch ID, mobile passkeys) to provide device-bound credentials that resist phishing. Integrating them into the default templates lowers the barrier for developers and brings a modern authentication experience to new applications out of the box.

The current implementation is deliberately conservative. Templates still generate a password-backed account by default, and passkeys are added as a secondary factor. This transitional model is pragmatic—it supports migration and account recovery strategies that are familiar to most organizations—but it falls short of the fully passwordless ideal. Developers can remove passwords later, but that requires careful planning around user recovery and device trust.

For greenfield projects, the template is an excellent starting point. Teams should test enrollment, login, and recovery flows early, and treat password removal as a separate, risk-assessed step that accounts for regulatory and attestation requirements.

MAUI quality push: the XAML source generator

.NET MAUI gets one of its most impactful changes yet: a strongly-typed XAML source generator. Previously, XAML files were parsed at runtime, which contributed to startup delays and made many errors visible only when the app ran. The new generator emits compiled representations at build time, turning what was once runtime work into a compile-time step.

Benefits are immediate:

  • Faster app startup.
  • Better IntelliSense and earlier error detection in the IDE.
  • A class of runtime XAML errors becomes build-time errors.

Preview 7 also refines MAUI with MediaPicker EXIF handling, SafeArea layout improvements, public APIs for TabbedPageManager, and control-level open/close methods for pickers. A long list of bug fixes accompanies these additions, addressing cross-platform inconsistencies that have dogged the framework.

MAUI’s adoption has been tempered by tooling glitches and uneven quality. The source generator is a direct lever on reliability, but enterprise confidence will still depend on Microsoft’s own internal usage of MAUI and the maturing third-party ecosystem. These improvements are a step in the right direction, but sustained quality remains the critical metric.

Cryptographic and platform updates

Security enhancements in Preview 7 include expanded post-quantum cryptography support. The crypto stack now exposes more PQC primitives through managed APIs, with Windows Cryptography API: Next Generation (CNG) integration, enhanced ML-DSA, and Composite ML-DSA. AES KeyWrap with Padding has also been added. These are forward-looking investments that prepare .NET for quantum-resistant scenarios, though production adoption will require cryptographic review and governance sign-off.

C# 14 ships alongside .NET 10, bringing field-backed properties, unbound generic types in nameof, implicit span conversions, and extension blocks for static methods and properties. These are gated behind preview language versions during the preview period but will default when .NET 10 reaches GA.

Desktop UI frameworks—Windows Forms and WPF—receive focused quality fixes. Dark-mode rendering for ComboBox and RichTextBox in Windows Forms, and Fluent theme refinements in WPF, address long-standing visual inconsistencies for organizations that maintain legacy desktop applications.

Critical analysis: strengths and open questions

Strengths

  • Developer ergonomics: WebSocketStream and PipeReader-integrated JSON serialization reduce boilerplate and make real-time patterns more accessible.
  • Security-forward posture: First-class passkey scaffolding in templates signals a meaningful shift toward modern authentication defaults.
  • Tooling reliability: The MAUI XAML source generator improves the feedback loop and reduces time lost to runtime-only XAML errors.

Risks and limitations

  • Template conservatism: Passkeys are layered on top of passwords rather than replacing them, which may confuse threat models and delay passwordless adoption.
  • MAUI maturity: Cross-platform quality and third-party control availability remain risks for large-scale enterprise uptake.
  • Interoperability nuances: New abstractions like WebSocketStream demand rigorous cross-platform testing, especially with non-.NET clients and edge-case framing scenarios.

Business and operational considerations

  • LTS planning: Organizations on .NET 6, 8, or 9 should align their upgrade roadmaps with the November GA and three-year support window.
  • Security lifecycle: PQC additions are long-term bets; adopt only after cryptographic validation and policy approval.
  • Testing investment: The preview is an opportunity to validate new APIs in sandboxed CI environments before RC builds land.

How teams should approach .NET 10

  1. Inventory priorities: Focus early testing on apps with native platform dependencies, desktop UIs, or custom authentication.
  2. Stage previews in isolation: Run Preview 7 in dev-only lanes to exercise WebSocketStream, passkey flows, and the MAUI source generator.
  3. Exercise authentication end-to-end: For Identity and Blazor, test passkey enroll/login, account recovery, and device-change scenarios.
  4. Validate interoperability: For WebSocket workloads, create cross-platform tests against non-.NET peers; for MAUI, validate UI on every target form factor.
  5. Adopt incrementally: Move libraries and services first; delay monolith migrations until RC or GA and until all third-party dependencies support .NET 10.
  6. Monitor patches: Subscribe to servicing notices and bake monthly patch cycles into your maintenance plan post-GA.

The road to November

With Preview 7 signaling near-feature-complete status, the timeline tightens:

  • September 2025: Release Candidate 1 (feature freeze).
  • October 2025: Release Candidate 2 (final bug fixes and performance tuning).
  • Mid-November 2025: GA and official LTS declaration at .NET Conf.

The changes in Preview 7 aren’t a platform pivot; they’re practical, incremental improvements that will matter most in daily engineering. WebSocketStream makes real-time messaging cleaner, passkeys inch authentication toward a phishing-resistant future, and the MAUI source generator tackles the framework’s most persistent pain point. For teams, the next few months are a window to experiment, validate, and prepare for a stable, long-lived foundation.