ASP.NET Core Practice Test

β–Ά

The asp net core framework is Microsoft's open-source, cross-platform successor to classic ASP.NET, designed from the ground up to meet the demands of modern cloud-native web development. Released in 2016 and now a cornerstone of the .NET ecosystem, it powers everything from REST APIs and microservices to full-stack web applications with Razor Pages and Blazor. Developers choosing the asp net core framework gain a unified programming model that runs identically on Windows, Linux, and macOS, making it uniquely versatile among enterprise-grade frameworks.

The asp net core framework is Microsoft's open-source, cross-platform successor to classic ASP.NET, designed from the ground up to meet the demands of modern cloud-native web development. Released in 2016 and now a cornerstone of the .NET ecosystem, it powers everything from REST APIs and microservices to full-stack web applications with Razor Pages and Blazor. Developers choosing the asp net core framework gain a unified programming model that runs identically on Windows, Linux, and macOS, making it uniquely versatile among enterprise-grade frameworks.

At its architectural heart, ASP.NET Core is built around a lightweight, modular request pipeline. Unlike the monolithic HttpModules and HttpHandlers of classic ASP.NET, every cross-cutting concern in ASP.NET Core β€” authentication, logging, compression, CORS, exception handling β€” is implemented as a middleware component that you opt into explicitly. This composability keeps the baseline overhead low: a minimal ASP.NET Core API with no extra middleware can handle hundreds of thousands of requests per second on commodity hardware, consistently ranking among the fastest web frameworks in the TechEmpower benchmarks.

Dependency injection is baked into the framework at the container level, not bolted on as an afterthought. The built-in IoC container supports constructor injection, scoped lifetimes, and factory registrations out of the box, so you can wire up your services, repositories, and configurations without reaching for a third-party container on day one. When your application grows to need more advanced features β€” property injection, interception, or child containers β€” you can swap in Autofac, Ninject, or Simple Injector through the standard IServiceProviderFactory interface without changing your application code.

Configuration in ASP.NET Core is equally flexible. The IConfiguration abstraction reads settings from JSON files, environment variables, command-line arguments, Azure Key Vault, and custom providers through a unified key-value interface. The options pattern layers strongly-typed binding on top of this, so instead of reading raw strings you work with validated, intellisense-friendly POCO classes at runtime. Combined with named and typed options, this makes managing settings across Development, Staging, and Production environments clean and auditable.

Performance has been a first-class design goal throughout the framework's evolution. ASP.NET Core 8 introduced native AOT (Ahead-of-Time) compilation for APIs, slashing cold-start times and memory footprint β€” a major win for containers and serverless workloads. The Kestrel web server, which ships with the framework, supports HTTP/1.1, HTTP/2, and HTTP/3 (QUIC) without requiring IIS or any other external host, and its use of System.IO.Pipelines dramatically reduces allocations compared to the classic Stream-based model.

The framework's hosting model was redesigned in .NET 6 with the introduction of the minimal API surface and the unified WebApplication builder. This removed the previous split between Startup.cs and Program.cs, letting developers express a complete API in as few as five lines while still having the option to scale up to a fully structured application with controllers, filters, and complex middleware. Whether you prefer the convention-rich MVC pattern or the explicit, function-style minimal APIs, both choices compile down to the same Kestrel-based host.

For teams studying or certifying in .NET technologies, understanding the asp net core framework deeply β€” its middleware pipeline, hosting lifecycle, configuration system, and built-in services β€” is the foundation for every advanced topic that follows. The sections below cover each major pillar of the framework in depth, with concrete examples, architectural diagrams, and study checkpoints to help you build durable, testable knowledge.

ASP.NET Core Framework by the Numbers

🌐
Top 3
TechEmpower Benchmark Rank
⭐
35K+
GitHub Stars
πŸ’»
3 OS
Platforms Supported
πŸš€
~50ms
Cold-Start with AOT
πŸ’°
$112K
Avg .NET Developer Salary (US)
Try Free ASP.NET Core Framework Practice Questions

Core Pillars of the ASP.NET Core Framework

πŸ”— Middleware Pipeline

A linear chain of components that process HTTP requests and responses. Each middleware can short-circuit the pipeline or pass control to the next component via the next() delegate, enabling composable, testable cross-cutting behavior like authentication and logging.

πŸ’‰ Built-In Dependency Injection

A first-class IoC container that supports transient, scoped, and singleton lifetimes. Services are registered in Program.cs and injected via constructor parameters, promoting loose coupling and simplifying unit testing across controllers, services, and middleware.

βš™οΈ Unified Configuration System

IConfiguration aggregates settings from JSON files, environment variables, secrets, and cloud vaults into a single key-value abstraction. The options pattern adds strongly-typed binding, validation, and change-notification so apps react to config updates at runtime.

πŸ–₯️ Kestrel & Hosting Model

Kestrel is the built-in cross-platform HTTP server that supports HTTP/1.1, HTTP/2, and HTTP/3. The WebApplication host introduced in .NET 6 unifies server setup, middleware registration, and routing in a single, minimal Program.cs entry point.

πŸ—ΊοΈ Routing & Endpoint System

Attribute routing and convention-based routing map incoming URLs to controller actions or minimal API handlers. The endpoint routing system introduced in ASP.NET Core 3.0 separates route matching from execution, enabling middleware to inspect route data early in the pipeline.

Dependency injection in the asp net core framework is not merely a convenience feature β€” it is the architectural backbone that connects every layer of the application. When the framework resolves a controller or a minimal API handler, it recursively satisfies all constructor dependencies from the registered service container. This means that a controller requiring an IOrderRepository, an IEmailService, and an ILogger receives all three fully constructed instances automatically, with lifetimes managed according to the registration you specified at startup. Understanding the three core lifetimes β€” transient, scoped, and singleton β€” is essential to writing correct, leak-free applications.

Transient services are created fresh on every single request for them from the container. They are the safest choice for lightweight, stateless services like formatters, validators, or simple calculators that carry no state across calls. The downside is that each call allocates a new object, so for frequently used services in hot paths, the garbage collection pressure can matter. In practice, transient is the right default when you are uncertain; scope issues manifest as subtle data corruption bugs that are far harder to debug than a small allocation cost.

Scoped services live for the duration of a single HTTP request. This is the correct lifetime for Entity Framework Core's DbContext, unit-of-work objects, and anything that accumulates state during request processing and must be discarded afterward. The framework creates one scope per request automatically, so all code within that request β€” from controller action through service layer to repository β€” shares the same scoped instance.

Injecting a scoped service into a singleton is a classic mistake called a captive dependency; ASP.NET Core's built-in validation (enabled with ValidateOnBuild and ValidateScopes in development) catches this at startup rather than silently causing data leaks in production.

Singleton services are created once and shared for the entire application lifetime. Use them for expensive-to-initialize, thread-safe objects like HTTP clients managed through IHttpClientFactory, in-memory caches, configuration snapshots, or background task queues. Because a singleton is shared across all requests concurrently, any mutable state inside it must be protected with appropriate synchronization β€” a ConcurrentDictionary, an IMemoryCache, or lock-guarded fields. Forgetting this is a common source of intermittent, hard-to-reproduce race conditions in production traffic.

The framework also supports keyed services (introduced in .NET 8), which let you register multiple implementations of the same interface under different string or enum keys and resolve them by key at runtime. This elegantly replaces the factory-function pattern that was previously needed for strategy or plugin scenarios. A payment gateway that needs to dispatch to Stripe, PayPal, or Square based on user preference can register all three under the IPaymentGateway interface with different keys and let the container do the dispatch, keeping the calling code clean and testable.

Beyond the built-in container, ASP.NET Core integrates with third-party containers through the IServiceProviderFactory abstraction. Autofac is the most common choice for applications that need property injection, interception via Castle DynamicProxy, or child lifetime scopes for multi-tenancy. The integration is a single line in Program.cs β€” UseServiceProviderFactory(new AutofacServiceProviderFactory()) β€” after which you continue using the standard IServiceCollection API for most registrations and drop into Autofac's ContainerBuilder only for advanced scenarios.

For testing, the dependency injection model pays significant dividends. Because all dependencies flow through constructor parameters, substituting a real DbContext with an in-memory one, or a real HTTP client with a mock, requires only changing the registration in the test host. ASP.NET Core's WebApplicationFactory lets integration tests spin up the full middleware pipeline with swapped services, so you can write tests that exercise routing, middleware, and serialization without touching a real database or external API. This combination of unit-testable services and integration-testable endpoints is what makes well-structured ASP.NET Core applications sustainable at scale.

ASP.NET Core Authentication & Authorization
Test your knowledge of JWT, cookies, policies, and claims-based auth in ASP.NET Core.
ASP.NET Core Authentication & Authorization 2
Advanced scenarios including OAuth2, OpenID Connect, and role-based access control.

ASP.NET Core Framework: Routing, Configuration & Hosting

πŸ“‹ Routing & Endpoints

ASP.NET Core's endpoint routing system separates route matching from action execution, allowing middleware components to inspect routing decisions before the endpoint runs. Attribute routing with [Route], [HttpGet], and [HttpPost] decorators gives precise URL control, while convention-based routing in MVC provides sensible defaults for CRUD controllers. Minimal APIs introduced in .NET 6 use MapGet, MapPost, and MapGroup to declare routes inline, cutting boilerplate significantly for microservices and lightweight APIs.

Route constraints let you enforce data types and formats directly in the URL template β€” for example, {id:int:min(1)} rejects non-integer and non-positive IDs at the routing layer before your handler ever executes. Route parameters can also be made optional with a trailing ? or given defaults. For complex REST APIs, versioning through URL segments (/api/v1/), query strings (?api-version=1.0), or headers is supported by the Microsoft.AspNetCore.Mvc.Versioning package, which integrates cleanly with Swagger/OpenAPI documentation generation.

πŸ“‹ Configuration & Environments

The IConfiguration system in ASP.NET Core reads from a layered set of providers in a defined priority order: appsettings.json at the base, then appsettings.{Environment}.json, then environment variables, then command-line arguments β€” each layer overriding the previous. The ASPNETCORE_ENVIRONMENT variable controls which environment-specific file loads, making the transition from local development to CI staging to production a matter of setting a single variable without code changes. Azure App Configuration and Azure Key Vault integrate as first-class providers for secrets and feature flags.

The options pattern maps configuration sections to strongly-typed C# classes using services.Configure<MyOptions>(configuration.GetSection("MySection")). Validation attributes on the options class are checked at startup when you add services.AddOptions<MyOptions>().ValidateDataAnnotations().ValidateOnStart(), surfacing misconfigured deployments immediately rather than at request time. IOptionsSnapshot provides per-request reloaded values for dynamic scenarios, while IOptionsMonitor fires change callbacks, enabling graceful feature flag toggles or connection string refreshes without an application restart.

πŸ“‹ Kestrel & Hosting

Kestrel is the high-performance, cross-platform HTTP server at the core of every ASP.NET Core application. Configured through WebApplication.CreateBuilder, it supports TLS termination, certificate rotation, connection limits, and HTTP/3 via QUIC β€” all without IIS. In production, Kestrel typically sits behind a reverse proxy (nginx, YARP, or Azure Application Gateway) that handles SSL offloading, load balancing, and static file caching, while Kestrel focuses on dynamic .NET request processing at maximum throughput.

The generic host (IHost) introduced in .NET Core 3.0 unified web and non-web hosting: background services (IHostedService), gRPC servers, message consumers, and web APIs all run in the same host process, sharing the DI container, configuration, and logging infrastructure. The WebApplication builder in .NET 6+ simplifies this further with a single fluent API for both host and app configuration. Systemd and Windows Service hosting are supported out of the box, making Linux deployments without Docker straightforward via UseSystemd() in the host builder.

ASP.NET Core Framework: Strengths and Trade-offs

Pros

  • Cross-platform: runs natively on Windows, Linux, and macOS without modification
  • Industry-leading throughput β€” consistently ranks in TechEmpower top 3 for plaintext and JSON benchmarks
  • Built-in dependency injection, configuration, and logging reduce third-party dependencies
  • Native AOT compilation in .NET 8 cuts container startup to under 50ms and halves memory usage
  • Strong ecosystem with Entity Framework Core, SignalR, Blazor, and gRPC all first-party
  • Excellent testability via WebApplicationFactory and constructor-injected dependencies

Cons

  • Steeper initial learning curve than frameworks like Express.js or Flask for developers new to .NET
  • Rapid release cadence (annual LTS and STS versions) requires teams to plan regular upgrades
  • Middleware ordering bugs are silent β€” wrong registration order causes hard-to-trace auth and CORS failures
  • Windows-specific features (Windows Authentication, COM interop) limit full cross-platform portability
  • Minimal API and MVC controller paradigms coexist, sometimes creating inconsistency in larger codebases
  • EF Core migrations and schema management add operational overhead compared to simpler ORMs
ASP.NET Core Authentication & Authorization 3
Deep-dive questions on custom authorization handlers, resource-based policies, and middleware.
ASP.NET Core Configuration & Environments
Practice IConfiguration, options pattern, environment-specific settings, and secrets management.

ASP.NET Core Developer Readiness Checklist

Understand the middleware pipeline execution order and how to register custom middleware with app.Use, app.Run, and app.Map.
Configure the three service lifetimes (transient, scoped, singleton) correctly and identify captive dependency anti-patterns.
Set up environment-specific appsettings files and use the options pattern with startup validation for strongly-typed configuration.
Implement JWT bearer authentication and define policy-based authorization with requirements and handlers.
Use IHttpClientFactory to manage HttpClient instances and avoid socket exhaustion in long-running services.
Write integration tests using WebApplicationFactory with service substitution for databases and external APIs.
Configure Kestrel limits (connection limits, keep-alive timeouts, max request body size) appropriate for your workload.
Apply response caching, output caching, and IMemoryCache/IDistributedCache correctly for hot-path data.
Use health checks (AddHealthChecks) with readiness and liveness probes for Kubernetes and container orchestration.
Profile request throughput with dotnet-trace, dotnet-counters, and MiniProfiler before optimizing critical paths.
Middleware Order Is Non-Negotiable

In ASP.NET Core, the order in which you call app.UseAuthentication(), app.UseAuthorization(), app.UseRouting(), and app.UseCors() is enforced by the pipeline itself β€” calling UseAuthorization before UseAuthentication silently bypasses all authorization checks. Always follow the Microsoft-recommended ordering: Exception Handler β†’ HSTS β†’ Static Files β†’ Routing β†’ CORS β†’ Authentication β†’ Authorization β†’ Endpoints. A single out-of-order middleware is one of the most common sources of production security regressions.

Performance optimization in ASP.NET Core starts with measurement, not guesswork. The framework ships with built-in diagnostics through the dotnet-counters and dotnet-trace CLI tools, which provide real-time metrics on thread pool utilization, GC pressure, allocation rates, and request throughput without instrumenting your code. Before any optimization work begins, establish a baseline using a realistic load profile with a tool like bombardier, k6, or Apache JMeter. Optimizations applied to synthetic benchmarks routinely fail to move production metrics because they target the wrong bottleneck.

Memory allocation is the most impactful performance lever in high-throughput ASP.NET Core APIs. Each HTTP request that allocates large strings, intermediate arrays, or unnecessary object graphs creates Gen0 garbage collection pressure that competes with request processing. The Span<T> and Memory<T> types let you slice over existing buffers without allocation, and System.Text.Json β€” the default JSON serializer since ASP.NET Core 3 β€” is designed around this model, supporting direct UTF-8 serialization to a pipe writer with zero intermediate string allocations. For response bodies larger than a few kilobytes, streaming serialization with WriteAsync avoids buffering the entire payload in memory.

Output caching, introduced as a first-class middleware in .NET 7, is dramatically more capable than the older response caching middleware. It stores rendered response bodies on the server with fine-grained cache profiles that vary by route, query string, header, or custom policy. Tag-based cache invalidation lets you expire all responses tagged with a specific entity ID β€” for example, purging every cached product page when a price update occurs β€” without iterating a key namespace. For distributed deployments, the IOutputCacheStore can back the cache with Redis, keeping cache entries consistent across multiple application instances behind a load balancer.

Security in ASP.NET Core is multi-layered. The framework enforces HTTPS redirection and HSTS out of the box when you call app.UseHttpsRedirection() and app.UseHsts(). Cross-site scripting is mitigated by Razor's automatic HTML encoding of all output expressions β€” you must explicitly use Html.Raw() to bypass encoding, which forces an intentional decision at each potentially dangerous injection point. CSRF protection is built into Razor Pages and MVC tag helpers through anti-forgery tokens, though minimal APIs require explicit opt-in. Content Security Policy headers must be added manually via a custom middleware or the NWebsec library.

Rate limiting, added as a built-in middleware in .NET 7, protects endpoints against brute-force attacks and abusive clients without external infrastructure. Four algorithms ship in the box: fixed window, sliding window, token bucket, and concurrency limiter. You define rate limit policies by name and apply them to endpoint groups or individual routes with RequireRateLimiting("policyName"). When a request is throttled, the middleware returns a 429 Too Many Requests response with a Retry-After header, and you can customize the rejection response through OnRejected for a polished API consumer experience.

For secrets management, never store connection strings or API keys in appsettings.json committed to source control. In development, use dotnet user-secrets to store sensitive values outside the project directory in your OS profile. In production, inject secrets via environment variables, Azure Key Vault, AWS Secrets Manager, or HashiCorp Vault β€” all of which have first-party or well-maintained community ASP.NET Core configuration providers. Rotate secrets without application restarts using IOptionsMonitor-based providers that poll for updates on a configurable interval, ensuring zero-downtime key rotation.

Structured logging through Microsoft.Extensions.Logging and a provider like Serilog or OpenTelemetry is essential for diagnosing issues in distributed deployments. Use LoggerMessage.Define to create high-performance, allocation-free log helpers for hot-path code. Add correlation IDs to all requests via a custom middleware that writes a TraceIdentifier to both the response header and the logging scope, so you can filter all log entries for a single request across multiple microservices by a single ID in your log aggregator, whether that is Azure Monitor, Seq, Datadog, or the ELK stack.

Testing ASP.NET Core applications effectively requires a layered strategy that covers unit tests, integration tests, and end-to-end tests in appropriate proportions. Unit tests target individual services, validators, and business logic classes in isolation, using constructor injection to substitute fakes or mocks for every external dependency. Because ASP.NET Core services are designed around interfaces and constructor parameters, writing a unit test typically requires only instantiating the class under test with test doubles β€” no special framework support needed beyond a mocking library like Moq or NSubstitute.

Integration tests for the HTTP pipeline use the Microsoft.AspNetCore.Mvc.Testing package, which provides WebApplicationFactory<TProgram> β€” a test fixture that boots your real application in-process with real middleware, routing, and serialization, but with services swapped out via WithWebHostBuilder. This means your integration tests exercise the full stack from HTTP request to response without network overhead, catching middleware ordering bugs, route conflicts, and serialization mismatches that unit tests never see. A well-written integration test suite that swaps the database for an in-memory provider or a test container gives you high confidence that the application wires up correctly without requiring a running environment.

End-to-end tests that exercise a real database (using Testcontainers to spin up a PostgreSQL or SQL Server container) catch EF Core migration issues, query performance regressions, and transaction isolation bugs that in-memory providers hide. The Microsoft.EntityFrameworkCore.InMemory provider does not enforce foreign key constraints, does not support raw SQL, and does not replicate database-specific behavior β€” it is only appropriate for testing pure domain logic that happens to go through a DbContext. For anything involving real queries, use a real database in your CI pipeline, containerized and reset between test runs with respawn or EF Core's EnsureDeleted / EnsureCreated pattern.

Deployment of ASP.NET Core applications has evolved significantly with container-first publishing. The dotnet publish command with PublishSingleFile=true and SelfContained=true produces a single executable that carries the .NET runtime, eliminating the runtime installation requirement on target machines. Native AOT publishing (PublishAot=true, available for APIs in .NET 8) compiles the entire application to native machine code, cutting startup time to tens of milliseconds and halving resident memory β€” critical for serverless and sidecar workloads where you pay per cold start.

Docker images for ASP.NET Core follow a multi-stage build pattern: the SDK image compiles and publishes the application, and the output is copied into the slim runtime image (mcr.microsoft.com/dotnet/aspnet), which contains only the runtime and no build tooling. This reduces the final image from several gigabytes to under 200 MB. For .NET 8 native AOT images, the base image drops further to the chiseled Ubuntu image at around 80 MB, with a significantly reduced attack surface because it omits the shell, package manager, and most OS utilities.

Kubernetes deployments benefit from ASP.NET Core's built-in health check middleware. AddHealthChecks() with custom checks for database connectivity, external API reachability, and disk space maps directly to Kubernetes liveness and readiness probes. A failing readiness probe removes the pod from the load balancer rotation without killing it, allowing in-flight requests to complete gracefully. Combine this with graceful shutdown support β€” the framework calls IHostedService.StopAsync with a configurable timeout when SIGTERM is received β€” so your application drains connections cleanly before the pod terminates, preventing 502 errors during rolling deployments.

For teams investing in ASP.NET Core skills, the path from framework fundamentals to production-ready development is well-documented and supported by a rich ecosystem of tooling, community packages, and official Microsoft learning paths. Whether you are building a high-throughput REST API, a real-time SignalR hub, a Blazor WebAssembly single-page application, or a gRPC microservice, the asp net core framework provides a consistent, testable, and performant foundation that scales from a five-file minimal API to a multi-team enterprise platform.

Practice ASP.NET Core Configuration & Environments Questions

Building real-world applications with ASP.NET Core requires going beyond the framework's defaults and developing an intuition for when to reach for each feature. A practical tip that saves many hours of debugging: always test your middleware pipeline in the exact deployment environment, not just locally with the development exception page. The development exception page enabled by app.UseDeveloperExceptionPage() is automatically disabled in production β€” if you have not configured app.UseExceptionHandler("/error") or a global exception-handling middleware, unhandled exceptions will return a blank 500 response with no error details, making production incidents extremely difficult to diagnose without structured logging in place.

Model validation in MVC and Razor Pages is powered by Data Annotations and the IModelValidator pipeline, but many developers miss the FluentValidation integration that enables complex, cross-property rules as testable validator classes rather than attribute clutter. Register validators with services.AddFluentValidationAutoValidation() and ASP.NET Core calls them automatically before your action executes, populating ModelState with structured error messages. This approach scales well to large forms and API contracts because validators live in their own files, can be unit-tested without an HTTP request, and can inject services for database-backed uniqueness checks.

Background processing with IHostedService and BackgroundService is the preferred way to run recurring tasks, message consumers, and scheduled jobs within the ASP.NET Core host. A BackgroundService subclass overrides ExecuteAsync and runs until cancellation is requested via the CancellationToken. For production workloads, use Hangfire or Quartz.NET for durable, retryable jobs that survive application restarts; plain BackgroundService tasks are not persisted and will drop in-flight work on a restart or crash. Wire your background services to the same DI container as the rest of the application, creating new scopes with IServiceScopeFactory when you need scoped services inside a singleton-lifetime hosted service.

SignalR, which ships as part of the ASP.NET Core framework, enables real-time bidirectional communication between server and client over WebSockets, Server-Sent Events, or long polling as a fallback. Hub methods are strongly typed, support all the DI lifetime rules as controller actions do, and can push messages to individual clients, groups, or all connected clients. For large-scale deployments, Azure SignalR Service acts as a managed backplane that eliminates the sticky session requirement and handles WebSocket connections for millions of concurrent clients without load balancer affinity configuration.

Blazor extends ASP.NET Core into the browser with two primary rendering models. Blazor Server runs .NET on the server and pushes UI diffs over a SignalR connection, giving you full .NET API access with minimal client-side download but requiring a persistent server connection.

Blazor WebAssembly compiles your C# code to WebAssembly and runs it entirely in the browser, enabling true offline-capable SPAs built with .NET without JavaScript. In .NET 8, the new Blazor United model adds per-component render mode selection, letting you mix static server rendering, streaming, interactive server, and WebAssembly components on the same page based on their interactivity needs.

gRPC in ASP.NET Core uses the Grpc.AspNetCore package to host Protocol Buffer-defined services over HTTP/2 with bidirectional streaming, strong typing, and efficient binary serialization. gRPC services are defined in .proto files, and the tooling generates both server-side service base classes and client stubs, eliminating manual serialization code. For inter-service communication in microservice architectures, gRPC significantly outperforms JSON REST for internal traffic due to its binary encoding and multiplexed streams. The gRPC-Web package adds a transcoding layer for browser clients that cannot use raw HTTP/2 gRPC.

Health monitoring in production ASP.NET Core applications benefits from OpenTelemetry integration, which exports distributed traces, metrics, and logs to any compatible backend β€” Jaeger, Zipkin, Prometheus, Azure Monitor, or Datadog β€” through a vendor-neutral API. Adding services.AddOpenTelemetry() with trace and metric exporters gives you request latency histograms, dependency call durations, and error rates with full distributed trace correlation across microservices, all without vendor lock-in. The activity-based tracing model in .NET propagates trace context through async continuations automatically, so every await in your service chain carries the parent span ID without manual threading of correlation objects.

ASP.NET Core Configuration & Environments 2
Test advanced configuration providers, options validation, secrets, and environment-based branching.
ASP.NET Core Configuration & Environments 3
Expert-level questions on IOptionsMonitor, Key Vault integration, and multi-environment CI pipelines.

Asp Net Core Questions and Answers

What is ASP.NET Core and how does it differ from classic ASP.NET?

ASP.NET Core is a complete rewrite of Microsoft's web framework, designed to be cross-platform, open-source, and cloud-native. Unlike classic ASP.NET, which was tightly coupled to IIS and Windows, ASP.NET Core runs on Linux and macOS, uses a modular middleware pipeline instead of HttpModules, and ships a built-in dependency injection container. Performance is dramatically improved β€” Kestrel ranks among the top three fastest web frameworks globally in TechEmpower benchmarks.

What are the three service lifetimes in ASP.NET Core dependency injection?

The three lifetimes are transient (a new instance every time the service is requested), scoped (one instance per HTTP request, shared within that request), and singleton (one instance for the entire application lifetime). Scoped is correct for DbContext and unit-of-work objects. Injecting a scoped service into a singleton creates a captive dependency, which causes data leaks and threading bugs. Enable ValidateScopes in development to catch this at startup.

How does middleware ordering work in ASP.NET Core?

Middleware components form a linear pipeline that processes requests inbound and responses outbound. The order you call app.Use* methods in Program.cs determines execution order. Microsoft's recommended sequence is: exception handler, HSTS, static files, routing, CORS, authentication, authorization, then endpoints. Placing UseAuthorization before UseAuthentication silently bypasses all auth checks, so ordering is a security-critical concern, not just an organizational one.

What is the options pattern in ASP.NET Core configuration?

The options pattern maps a configuration section to a strongly-typed C# class using services.Configure<TOptions>(configuration.GetSection("key")). Classes are then injected via IOptions<T>, IOptionsSnapshot<T>, or IOptionsMonitor<T>. Data annotation validation with ValidateDataAnnotations() and ValidateOnStart() catches missing or invalid config values at application startup rather than at first use, making misconfigured deployments fail fast with a clear error message.

How do you write integration tests for an ASP.NET Core application?

Use WebApplicationFactory<TProgram> from Microsoft.AspNetCore.Mvc.Testing to boot your application in-process for testing. Override ConfigureWebHost to swap real services (databases, external APIs) with test doubles. The factory creates an HttpClient that sends requests through the real middleware pipeline without network overhead, so tests catch routing bugs, middleware ordering issues, and serialization mismatches that unit tests miss. Combine with Testcontainers for real database integration tests.

What is Kestrel and when should you use a reverse proxy in front of it?

Kestrel is ASP.NET Core's built-in cross-platform HTTP server, supporting HTTP/1.1, HTTP/2, and HTTP/3 without IIS. In production, Microsoft recommends placing a reverse proxy (nginx, YARP, or Azure Application Gateway) in front of Kestrel to handle SSL termination, load balancing, rate limiting, and static file caching. Kestrel then processes only dynamic .NET requests at maximum throughput, while the proxy manages the public-facing traffic concerns and provides an additional security boundary.

How does ASP.NET Core handle authentication and authorization?

Authentication is the process of identifying who the caller is; authorization determines what they can do. ASP.NET Core uses authentication schemes (JWT bearer, cookies, OAuth2, OpenID Connect) registered via AddAuthentication() and applied with app.UseAuthentication(). Authorization uses policies defined with AddAuthorization() β€” policies compose claims checks, role checks, and custom IAuthorizationRequirement handlers. The [Authorize] attribute or RequireAuthorization() on endpoint groups enforces policies declaratively, with fine-grained resource-based authorization available for per-entity checks.

What is the difference between minimal APIs and MVC controllers in ASP.NET Core?

Minimal APIs, introduced in .NET 6, declare HTTP handlers inline in Program.cs using MapGet, MapPost, and MapGroup, with very little ceremony. They are ideal for microservices, lightweight APIs, and cases where you want to expose a small surface with full control over routing. MVC controllers use convention-based structure with action filters, model binding, and validation pipelines built in, making them better suited for complex applications with many endpoints, shared filters, and team conventions that benefit from a uniform structure.

How does native AOT compilation affect ASP.NET Core applications?

Native AOT (Ahead-of-Time) compilation, available for ASP.NET Core APIs in .NET 8, compiles the entire application to native machine code at publish time. The result is a self-contained executable with no JIT compiler, no runtime startup overhead, sub-50ms cold starts, and roughly half the memory footprint of a standard .NET app. The trade-off is that reflection-heavy patterns β€” dynamic proxy generation, runtime code emit, some JSON serializers β€” are not compatible, requiring source generators and trimming-safe code throughout the application.

What tools are available for monitoring and profiling ASP.NET Core applications in production?

ASP.NET Core integrates with dotnet-counters for real-time metrics (request rate, GC heap size, thread pool queue length) and dotnet-trace for CPU and allocation profiling without restarting the process. The built-in health check middleware maps to Kubernetes liveness and readiness probes. For distributed tracing and observability, OpenTelemetry exports traces, metrics, and logs to Jaeger, Prometheus, Azure Monitor, or Datadog through a vendor-neutral API. MiniProfiler adds per-request SQL and HTTP timing directly to browser developer tools during development.
β–Ά Start Quiz