1. Describe the ASP.NET Core.
ASP.NET Core is an open-source, cross-platform and high performance platform that allows you to build modern, Internet-connected and cloud enabled applications. With ASP.NET Core you can
- build web applications, IoT (Internet of things) apps, services and mobile Backends.
- run on .Net Core.
- You can do your development on Linux, Windows and MacOS.
- deploy your code to cloud or on-premises.
2. What are the benefits of using ASP.NET Core over ASP.NET?
ASP.NET Core comes with the following benefits over ASP.NET.
- Cross platform, provide ability to develop and run on Windows, Linux and MacOS.
- Open-source
- Unified Platform to develop Web UI and services.
- Built-in dependency injection.
- Ability to deploy on more than one server like IIS, Kestrel, Nginx, Docker, Apache etc
- cloud enabled framework, provide support for environment based configuration systems.
- Lightweight, High performance and modern HTTP request pipelines.
- well suited architecture for testability
- Integration of many client-side frameworks like Angular any version
- Blazor allow you to use C# code in browser with JavaScript code.
3. What is the role of Startup class?
Startup class is responsible for configuration related things as below.
- It configures the services which are required by the app.
- It defines the app’s request handling pipeline as a series of middleware components.
// Startup class examplepublic class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } public void ConfigureServices(IServiceCollection services) { services.AddRazorPages(); } public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Error"); app.UseHsts(); } app.UseHttpsRedirection(); // other middleware components }}Startup class is specified inside the ‘CreateHostBuilder’ method when the host is created.
Multiple Startup classes can also be defined for different environments, At run time appropriate startup classes are used.
4. What is the role of ConfigureServices and Configure method?
ConfigureServices method is optional and defined inside startup class as mentioned in above code. It gets called by the host before the ‘Configure’ method to configure the app’s services.
Configure method is used to add middleware components to the IApplicationBuilder instance that’s available in Configure method. Configure method also specifies how the app responds to HTTP request and response. ApplicationBuilder instance’s ‘Use…’ extension method is used to add one or more middleware components to request pipeline.
You can configure the services and middleware components without the Startup class and it’s methods, by defining this configuration inside the Program class in CreateHostBuilder method.
5. Describe the Dependency Injection.
Dependency Injection is a Design Pattern that’s used as a technique to achieve the Inversion of Control (IoC) between the classes and their dependencies.
ASP.NET Core comes with a built-in Dependency Injection framework that makes configured services available throughout the application. You can configure the services inside the ConfigureServices method as below.
services.AddScoped();A Service can be resolved using constructor injection and DI framework is responsible for the instance of this service at run time. For more visit ASP.NET Core Dependency Injection
6. Explain the request processing pipeline in ASP.NET Core.
In order to understand the Request Processing Pipeline in ASP.NET Core, concept, let us modify the Configure() method of the Startup class as shown below. Here we are registering three middleware components into the request processing pipeline. As you can see the first two components are registered using the Use() extension method so that they have the chance to call the next middleware component in the request processing pipeline. The last one is registered using the Run() extension method as it is going to be our terminating components i.e. it will not call the next component.
7. Explain the difference between app.Run and app.Use in ASP.NET Core.
mentioned above
8. What problems does Dependency Injection solve?
Let’s understand Dependency Injection with this C# example. A class can use a direct dependency instance as below.
Public class A {MyDependency dep = new MyDependency(); public void Test(){dep.SomeMethod();}}But these direct dependencies can be problematic for the following reasons.
- If you want to replace ‘MyDependency’ with a different implementation then the class must be modified.
- It’s difficult to Unit Test.
- If MyDependency class has dependencies then it must be configured by class. If Multiple classes have dependency on ‘MyDependency’, the code becomes scattered.
DI framework solves these problems as below.
- Use Interfaces or base class to abstract the dependency implementation.
- Dependencies are registered in the Service Container provided by ASP.NET Core inside Startup class ‘ConfigureServices’ method.
- Dependencies are injected using constructor injection and the instance is created by DI and destroyed when no longer needed.
9. Describe the Service Lifetimes.
When Services are registered, there is a lifetime for every service. ASP.NET Core provides the following lifetimes.
- Transient – Services with transient lifetime are created each time they are requested from service container. So it’s best suited for stateless, light weight services.
- Scoped – Services with scoped lifetime are created once per connection or client request. When using scoped service in middleware then inject the service via invoke or invokeAsync method. You should not inject the service via constructor injection as it treats the service behavior like Singleton.
- Singleton – Service with singleton lifetime is created once when first time the service is requested. For subsequent requests same instance is served by service container.
10. Explain the Middleware in ASP.NET Core.
The Request handling pipeline is a sequence of middleware components where each component performs the operation on request and either call the next middleware component or terminate the request. When a middleware component terminates the request, it’s called Terminal Middleware as It prevents next middleware from processing the request. You can add a middleware component to the pipeline by calling .Use… extension method as below.
app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseRouting();So Middleware component is program that’s build into an app’s pipeline to handle the request and response. Each middleware component can decide whether to pass the request to next component and to perform any operation before or after next component in pipeline.
11. What is Request delegate?
Request delegates handle each HTTP request and are used to build request pipeline. It can configured using Run, Map and Use extension methods. An request delegate can be a in-line as an anonymous method (called in-line middleware) or a reusable class. These classes or in-line methods are called middleware components.
12. What is Host in ASP.NET Core?
Host encapsulates all the resources for the app. On startup, ASP.NET Core application creates the host. The Resources which are encapsulated by the host include:
- HTTP Server implementation
- Dependency Injection
- Configuration
- Logging
- Middleware components
13. Describe the Generic Host and Web Host.
The host setup the server, request pipeline and responsible for app startup and lifetime management. There are two hosts:
- .NET Generic Host
- ASP.NET Core Web Host
.NET Generic Host is recommended and ASP.NET Core template builds a .NET Generic Host on app startup.
ASP.NET Core Web host is only used for backwards compatibility.
// Host creationpublic class Program{ public static void Main(string[] args) { CreateWebHostBuilder(args).Build().Run(); } public static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args) .UseStartup();}14. Describe the Servers in ASP.NET Core.
Server is required to run any application. ASP.NET Core provides an in-process HTTP server implementation to run the app. This server implementation listen for HTTP requests and surface them to the application as a set of request features composed into an HttpContext.
ASP.NET Core use the Kestrel web server by default. ASP.NET Core comes with:
- Default Kestrel web server that’s cross platform HTTP server implementation.
- IIS HTTP Server that’s in-process server for IIS.
- HTTP.sys server that’s a Windows-only HTTP server and it’s based on the HTTP.sys kernel driver and HTTP Server API.
15. How Configuration works in ASP.NET Core?
In ASP.NET Core, Configuration is implemented using various configuration providers. Configuration data is present in the form of key value pairs that can be read by configuration providers as key value from different configuration sources as below.
- appsettings.json – settings file
- Azure Key Vault
- Environment variables
- In-memory .Net objects
- Command Line Arguments
- Custom Providers
By default apps are configured to read the configuration data from appsettings.json, environment variables, command line arguments etc. While reading the data, values from environment variables override appsettings.json data values. ‘CreateDefaultBuilder’ method provide default configuration.
16. How to read values from Appsettings.json file?
You can read values from appsettings.json using below code.
class Test{// requires using Microsoft.Extensions.Configuration; private readonly IConfiguration Configuration; public TestModel(IConfiguration configuration) { Configuration = configuration; }// public void ReadValues(){var val = Configuration["key"]; // reading direct key valuesvar name = Configuration["Employee:Name"]; // read complex values}}Default configuration provider first load the values from appsettings.json and then from appsettings.Environment.json file.
Environment specific values override the values from appsettings.json file. In development environment appsettings.Development.json file values override the appsettings.json file values, same apply to production environment.
You can also read the appsettings.json values using options pattern described Read values from appsettings.json file.
17. What is the Options Pattern in ASP.NET Core?
Options Pattern allow you to access related configuration settings in Strongly typed way using some classes. When you are accessing the configuration settings with the isolated classes, The app should adhere these two principles.
- Interface Segregation Principle (ISP) or Encapsulation: The class the depend on the configurations, should depend only on the configuration settings that they use.
- Separation of Concerns: Settings for different classes should not be related or dependent on one another.
18. How to use multiple environments in ASP.NET Core?
ASP.NET Core use environment variables to configure application behavior based on runtime environment. launchSettings.json file sets ASPNETCORE_ENVIRONMENT to Development on local Machine. For more visit How to use multiple environments in ASP.NET Core
19. How Logging works in .NET Core and ASP.NET Core?
In ASP.NET Core, logging providers store the logs. You can configure multiple logging providers for your application. The default ASP.NET Core configures the following logging providers: Console, Debug, EventSource, and EventLog
20. How Routing works in ASP.NET Core?
Routing is used to handle incoming HTTP requests for the app. Routing find matching executable endpoint for incoming requests. These endpoints are registered when app starts. Matching process use values from incoming request url to process the requests. You can configure the routing in middleware pipeline of configure method in startup class.
app.UseRouting(); // It adds route matching to middlware pipeline // It adds endpoints execution to middleware pipeline app.UseEndpoints(endpoints => { endpoints.MapGet("/", async context => { await context.Response.WriteAsync("Hello World!"); }); });For more you can refer ASP.NET Core Routing
21. How to handle errors in ASP.NET Core?
ASP.NET Core provides a better way to handle the errors in Startup class as below.
if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Error"); app.UseHsts(); }For development environment, Developer exception page display detailed information about the exception. You should place this middleware before other middlewares for which you want to catch exceptions. For other environments UseExceptionHandler middleware loads the proper Error page.
You can configure error code specific pages in Startup class Configure method as below.
app.Use(async (context, next) => { await next(); if (context.Response.StatusCode == 404) { context.Request.Path = "/not-found"; await next(); } if (context.Response.StatusCode == 403 || context.Response.StatusCode == 503 || context.Response.StatusCode == 500) { context.Request.Path = "/Home/Error"; await next(); } });For more visit Error handling
22. How ASP.NET Core serve static files?
In ASP.NET Core, Static files such as CSS, images, JavaScript files, HTML are the served directly to the clients. ASP.NET Core template provides a root folder called wwwroot which contains all these static files. UseStaticFiles() method inside Startup.Configure enables the static files to be served to client.
You can serve files outside of this webroot folder by configuring Static File Middleware as following.
app.UseStaticFiles(new StaticFileOptions { FileProvider = new PhysicalFileProvider( Path.Combine(env.ContentRootPath, "MyStaticFiles")), // MyStaticFiles is new folder RequestPath = "/StaticFiles" // this is requested path by client });// now you can use your file as below<img src="/StaticFiles/images/profile.jpg" class="img" alt="A red rose" />
// profile.jpg is image inside MyStaticFiles/images folder23. Explain Session and State management in ASP.NET Core
As we know HTTP is a stateless protocol. HTTP requests are independent and does not retain user values. There are different ways to maintain user state between multiple HTTP requests.
- Cookies
- Session State
- TempData
- Query strings
- Hidden fields
- HttpContext.Items
- Cache
24. Can ASP.NET Application be run in Docker containers?
Yes, you can run an ASP.NET application or .NET Core application in Docker containers.
- For Docker interview questions visit Docker Questions
- For more about .NET and Docker visit .NET and Docker and Docker images for ASP.NET Core
24. Explain Model Binding in ASP.NET Core.
Model binding allows controller actions to work directly with model types (passed in as method arguments), rather than HTTP requests. Mapping between incoming request data and application models is handled by model binders
25. Explain Custom Model Binding.
You can apply the ModelBinder attribute to individual model properties (such as on a viewmodel) or to action method parameters to specify a certain model binder or model name for just that type or action
26. Describe Model Validation.
we will understand the concept of model validation in ASP.NET MVC core 3.1. It is valid for any version of MVC core. These validations are available in System.ComponentModel.DataAnnotations namespace. Validation attributes let us specify validation rules for model properties. Model state represents errors that come from two sub systems’ model binding and model validation.
There are in-built attributes in ASP.NET MVC core,
| Attribute | Description |
| CreditCard | This validates that the property has a credit card format. |
| Compare | This attribute validates that two property in model class match like password and compare password. |
| EmailAddress | This validates the property has email address format. |
| Phone | This validates that the property has a telephone number format. |
| Range | This validates that the property value within a specified range. |
| RegularExpression | This validates that the property value matches a specified regular expression. |
| Required | This validates that the field is not null |
| StringLength | This validates that a string property value doesn’t exceed a specified length limit. |
| Url | This validates that the property has a URL format. |
| Remote | This validates input on the client by calling an action method on the server |
27. How to write custom ASP.NET Core middleware?
we can use this link to create custome middleware : https://www.c-sharpcorner.com/article/asp-net-core-custom-middleware/
28. How to access HttpContext in ASP.NET Core?
HttpContext encapsulates all information about an individual HTTP request and response. An HttpContext instance is initialized when an HTTP request is received. The HttpContext instance is accessible by middleware and app frameworks such as Web API controllers, Razor Pages, SignalR, gRPC, and more
29. Explain the Change Token.
we can create change token by using the link : https://www.c-sharpcorner.com/article/using-change-tokens-in-net-7/#:~:text=Introduction,to%20use%20change%20tokens%20in%20.
30. How to used ASP.NET Core APIs in class library?
we created a C# class library using the standard template and targeting net5.0. I then unloaded the project and edited the project file to read as follows:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
<OutputType>Library</OutputType>
<NoDefaultLaunchSettingsFile>true</NoDefaultLaunchSettingsFile>
</PropertyGroup>
</Project>
when I reloaded the project Visual Studio was happy to load my class library project and it looked like this (just like an ASP.NET Web API project would look):
I was then able to test that ASP.NET APIs can be used by moving the following Startup.cs file into the class library:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace AspNetClassLibTest
{
public class StartupLib
{
public void ConfigureServices(IServiceCollection services) { }
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if(env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseEndpoints(endpoints => {
endpoints.MapGet("/", async context => {
await context.Response.WriteAsync("Hello World from lib!");
});
});
}
}
}
I referenced the class library in my ASP.NET Web API project and it looked as follows:
The Program.cs file references the StartupLib class defined in the class library:
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Hosting;
namespace AspNetClassLibTest
{
public class Program
{
public static void Main(string[] args) {
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder => {
webBuilder.UseStartup<StartupLib>(); // <----- reference class from class library.
});
}
}
Running the Web API project produces the expected output:
31. What is the Open Web Interface for .NET (OWIN)?
OWIN allows web apps to be decoupled from web servers. It defines a standard way for middleware to be used in a pipeline to handle requests and associated responses. ASP.NET Core applications and middleware can interoperate with OWIN-based applications, servers, and middleware.
OWIN provides a decoupling layer that allows two frameworks with disparate object models to be used together. The Microsoft.AspNetCore.Owin package provides two adapter implementations:
- ASP.NET Core to OWIN
- OWIN to ASP.NET Core
This allows ASP.NET Core to be hosted on top of an OWIN compatible server/host or for other OWIN compatible components to be run on top of ASP.NET Core.
32. Describe the URL Rewriting Middleware in ASP.NET Core.
URL rewriting creates an abstraction between resource locations and their addresses so that the locations and addresses aren’t tightly linked. URL rewriting is valuable in several scenarios to: Move or replace server resources temporarily or permanently and maintain stable locators for those resources
33. Explain the Caching or Response caching in ASP.NET Core.
Caching significantly improves the performance of an application by reducing the number of calls to actual data source. It also improves the scalability. Response caching is best suited for data that changes infrequently. Caching makes the copy of data and store it instead of generating data from original source.
Response caching headers control the response caching. ResponseCache attribute sets these caching headers with additional properties. For more visit Caching in ASP.NET Core.
34. What is In-memory cache?
In-memory cache is the simplest way of caching by ASP.NET Core that stores the data in memory on web server.
Apps running on multiple server should ensure that sessions are sticky if they are using in-memory cache. Sticky Sessions responsible to redirect subsequent client requests to same server. In-memory cache can store any object but distributed cache only stores byte[].IMemoryCache interface instance in the constructor enables the In-memory caching service via ASP.NET Core dependency Injection.
35. What is Distributed caching?
Applications running on multiple servers (Web Farm) should ensure that sessions are sticky. For Non-sticky sessions, cache consistency problems can occur. Distributed caching is implemented to avoid cache consistency issues. It offloads the memory to an external process. Distributed caching has certain advantages as below.
- Data is consistent across client requests to multiple server
- Data keeps alive during server restarts and deployments.
- Data does not use local memory
IDistributedCache interface instance from any constructor enable distributed caching service via Dependency Injection.
36. What is XSRF or CSRF? How to prevent Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core?
Cross-Site Request Forgery (XSRF/CSRF) is an attack where attacker that acts as a trusted source send some data to a website and perform some action. An attacker is considered a trusted source because it uses the authenticated cookie information stored in browser.
For example a user visits some site ‘www.abc.com’ then browser performs authentication successfully and stores the user information in cookie and perform some actions, In between user visits some other malicious site ‘www.bad-user.com’ and this site contains some code to make a request to vulnerable site (www.abc.com). It’s called cross site part of CSRF.
How to prevent CSRF?
- In ASP.NET Core 2.0 or later FormTaghelper automatically inject the antiforgery tokens into HTML form element.
- You can add manually antiforgery token in HTML forms by using
@Html.AntiForgeryToken()and then you can validate it in controller byValidateAntiForgeryToken()method. - For more you can visit Prevent Cross-Site Request Forgery (XSRF/CSRF)
37. How to prevent Cross-Site Scripting (XSS) in ASP.NET Core?
validate all the input data, make sure that only the allowlisted data is allowed, and ensure that all variable output in a page is encoded before it is returned to the user
38. How to enable Cross-Origin Requests (CORS) in ASP.NET Core?
39. What is the Area?
Area is used to divide large ASP.NET MVC application into multiple functional groups. In general, for a large application Models, Views and controllers are kept in separate folders to separate the functionality. But Area is a MVC structure that separate an application into multiple functional groupings. For example, for an e-commerce site Billing, Orders, search functionalities can be implemented using different areas.
40. Explain the Filters.
Filters provide the capability to run the code before or after the specific stage in request processing pipeline, it could be either MVC app or Web API service. Filters performs the tasks like Authorization, Caching implementation, Exception handling etc. ASP.NET Core also provide the option to create custom filters. There are 5 types of filters supported in ASP.NET Core Web apps or services.
- Authorization filters run before all or first and determine the user is authorized or not.
- Resource filters are executed after authorization.
OnResourceExecutingfilter runs the code before rest of filter pipeline andOnResourceExecutedruns the code after rest of filter pipeline. - Action filters run the code immediately before and after the action method execution. Action filters can change the arguments passed to method and can change returned result.
- Exception filters used to handle the exceptions globally before wrting the response body
- Result filters allow to run the code just before or after successful execution of action results.