1. What is ASP.NET Core?
ASP.NET Core is Microsoft's modern, cross-platform framework for building web applications, REST APIs, real-time applications, and cloud-native services.
It runs on Windows, Linux, and macOS and is designed with performance, modularity, and scalability in mind. ASP.NET Core is open-source and actively developed, making it the preferred choice for new .NET applications.
Today, ASP.NET Core powers everything from small APIs to large-scale enterprise systems running in cloud environments.
2. What is the difference between ASP.NET Core and ASP.NET Framework?
ASP.NET Core is cross-platform, open-source, lightweight, and optimized for cloud-native development, while ASP.NET Framework is Windows-only and primarily used for maintaining legacy applications.
ASP.NET Core provides better performance, built-in dependency injection, a unified programming model, and modern deployment options.
Most new projects should use ASP.NET Core unless there are specific legacy dependencies that require ASP.NET Framework.
3. What is middleware in ASP.NET Core?
Middleware is a software component that participates in the HTTP request processing pipeline.
Each middleware can inspect, modify, short-circuit, or pass requests and responses to the next middleware in the chain. Examples include authentication, authorization, logging, exception handling, and routing middleware.
Middleware provides a flexible and composable architecture for handling cross-cutting concerns.
4. How does the ASP.NET Core request pipeline work?
When a request arrives, it passes through a sequence of middleware components configured in Program.cs.
Each middleware can perform work before and after invoking the next middleware. Eventually, the request reaches an endpoint such as a controller action or minimal API handler.
Understanding the request pipeline is critical because middleware order directly impacts application behavior.
5. Why is middleware order important?
Middleware executes in the exact order it is registered.
For example, authentication must execute before authorization because authorization requires information about the authenticated user. Similarly, exception handling middleware should generally be placed near the beginning of the pipeline.
Incorrect middleware ordering is one of the most common causes of production issues in ASP.NET Core applications.
6. What is Dependency Injection in ASP.NET Core?
Dependency Injection is a design pattern that supplies dependencies to classes rather than allowing classes to create dependencies themselves.
ASP.NET Core includes a built-in dependency injection container that manages service registration and lifetime management.
Dependency Injection improves testability, maintainability, flexibility, and promotes loosely coupled architecture.
7. What are service lifetimes in ASP.NET Core?
ASP.NET Core supports three primary service lifetimes: Transient, Scoped, and Singleton.
Transient services create a new instance each time they are requested. Scoped services create one instance per HTTP request. Singleton services create a single shared instance for the entire application lifetime.
Choosing the correct lifetime is important for performance, correctness, and resource management.
8. What is the difference between AddTransient, AddScoped, and AddSingleton?
AddTransient creates a new object every time the service is resolved. AddScoped creates one instance per request, and AddSingleton creates one instance shared across all requests.
DbContext is typically registered as Scoped because it represents a unit of work per request. Stateless helper services are often Transient, while shared infrastructure services may be Singleton.
Senior developers understand that incorrect lifetime selection can lead to memory issues, stale state, or concurrency problems.
9. What is routing in ASP.NET Core?
Routing is the mechanism that maps incoming HTTP requests to application endpoints.
Routes can direct requests to controllers, action methods, Razor Pages, SignalR hubs, or Minimal API handlers.
Routing enables clean URL design and provides flexibility in organizing application endpoints.
10. What is attribute routing?
Attribute routing defines routes directly on controllers and action methods using attributes such as Route, HttpGet, HttpPost, and others.
This approach makes routes easier to understand because routing information is located next to the code that handles requests.
Attribute routing is commonly preferred for APIs because it provides precise control over URL structure.
11. What is model binding?
Model binding automatically maps incoming request data into .NET objects.
ASP.NET Core can bind data from route parameters, query strings, form values, headers, and JSON request bodies.
This feature reduces boilerplate code and simplifies API development by automatically converting request data into strongly typed models.
12. What is model validation?
Model validation ensures incoming request data meets application requirements before business logic executes.
Validation rules are commonly defined using data annotation attributes such as Required, StringLength, Range, and EmailAddress.
Proper validation improves application reliability and helps prevent invalid data from entering the system.
13. What is the difference between IActionResult and ActionResult<T>?
IActionResult provides flexibility to return any HTTP response type, while ActionResult<T> combines a strongly typed response model with HTTP status results.
ActionResult<T> improves API documentation, readability, and integration with tools such as Swagger.
Modern ASP.NET Core APIs commonly prefer ActionResult<T> because it provides stronger typing and better developer experience.
14. What is content negotiation?
Content negotiation determines the format used for API responses based on client preferences.
Clients can request JSON, XML, or other formats through HTTP headers such as Accept.
ASP.NET Core automatically selects an appropriate formatter and serializes response objects accordingly.
15. What is authentication?
Authentication verifies the identity of a user, application, or service attempting to access a system.
Common authentication methods include JWT tokens, cookies, OAuth, OpenID Connect, and external identity providers.
Authentication answers the question: "Who are you?"
16. What is authorization?
Authorization determines what an authenticated user is allowed to access or perform within an application.
While authentication answers the question "Who are you?", authorization answers the question "What can you do?". ASP.NET Core supports role-based and policy-based authorization models.
Proper authorization is critical for protecting sensitive resources and enforcing business rules.
17. What is the difference between authentication and authorization?
Authentication verifies identity, while authorization determines permissions.
For example, a user may successfully authenticate using a JWT token but still be denied access to an administrative endpoint because they lack the required role or policy.
Understanding the distinction is fundamental when designing secure APIs.
18. What is JWT authentication?
JWT (JSON Web Token) authentication is a stateless authentication mechanism commonly used in APIs and distributed systems.
After a successful login, the server generates a signed token containing user claims. The client sends this token with subsequent requests, and ASP.NET Core validates it before granting access.
JWT authentication scales well because the server does not need to maintain session state.
19. What are claims in ASP.NET Core?
Claims are pieces of information about a user stored within an identity.
Examples include user ID, email address, roles, permissions, department, and other metadata.
Claims-based authorization provides a flexible way to control access without relying solely on roles.
20. What is policy-based authorization?
Policy-based authorization allows developers to define reusable authorization rules.
Policies can evaluate claims, roles, custom requirements, or complex business conditions before granting access to resources.
This approach provides greater flexibility than traditional role-based authorization.
21. What is CORS?
CORS stands for Cross-Origin Resource Sharing.
It is a browser security mechanism that controls whether a web application hosted on one domain can access resources from another domain.
Proper CORS configuration is essential when frontend applications communicate with APIs hosted on different origins.
22. Why is CORS important for APIs?
Without proper CORS configuration, browsers block cross-origin requests even when the API itself is functioning correctly.
Developers often encounter CORS issues when frontend and backend applications are deployed on separate domains.
Configuring CORS correctly improves security while allowing legitimate cross-origin communication.
23. What is appsettings.json?
appsettings.json is the default configuration file used in ASP.NET Core applications.
It commonly stores connection strings, logging settings, API endpoints, feature flags, and application-specific configuration values.
Using configuration files keeps settings separate from application code and simplifies deployment.
24. How does configuration work in ASP.NET Core?
ASP.NET Core supports multiple configuration sources including JSON files, environment variables, user secrets, Azure Key Vault, and command-line arguments.
Configuration values are combined into a unified configuration system accessible throughout the application.
This flexibility makes it easier to manage settings across different environments.
25. What is the Options Pattern?
The Options Pattern provides a strongly typed way to access configuration values.
Instead of reading configuration directly throughout the codebase, settings are mapped into classes and injected through dependency injection.
This approach improves maintainability, readability, and testability.
26. What is logging in ASP.NET Core?
Logging records application events, warnings, errors, and operational information.
ASP.NET Core provides a built-in logging abstraction that supports multiple providers including Console, Serilog, Seq, Application Insights, and Elasticsearch.
Effective logging is essential for troubleshooting and monitoring production systems.
🎁 Free .NET Interview PDF
Download 150 Real .NET Interview Questions
Includes C#, ASP.NET Core, Entity Framework, Async/Await, LINQ, System Design, Caching, Microservices and more.
No spam. Unsubscribe anytime.
27. What is structured logging?
Structured logging stores logs as searchable properties rather than plain text messages.
Instead of generating difficult-to-search log strings, structured logs capture data as key-value pairs.
This makes troubleshooting significantly easier when analyzing large volumes of production logs.
28. What are Health Checks?
Health Checks provide endpoints that report the operational status of an application and its dependencies.
Checks may verify databases, caches, message brokers, external APIs, and other infrastructure components.
Health endpoints are commonly used by monitoring tools and container orchestration platforms.
29. What is Swagger in ASP.NET Core?
Swagger is a tool that automatically generates interactive API documentation.
It allows developers and consumers to view endpoints, request schemas, response models, and test APIs directly from a web interface.
Swagger significantly improves developer experience and API discoverability.
30. What is OpenAPI?
OpenAPI is a specification for describing REST APIs.
Swagger is one of the most popular tools for generating and consuming OpenAPI documents.
OpenAPI definitions enable documentation generation, client code generation, validation, and testing automation.
31. What is Minimal API?
Minimal APIs provide a lightweight approach to building HTTP APIs with minimal boilerplate code.
Instead of using controllers, endpoints can be defined directly in Program.cs.
Minimal APIs are particularly useful for microservices, small APIs, and simple backend services.
32. When should you choose Minimal APIs?
Minimal APIs are a good choice when application complexity is relatively low and rapid development is important.
They reduce ceremony and improve productivity for small services.
However, large enterprise systems may benefit more from the structure and organization provided by controllers.
33. When should you choose MVC Controllers?
Controllers are often preferable for large applications with many endpoints, validation rules, filters, and business workflows.
They provide better separation of concerns and make large codebases easier to maintain.
Enterprise applications frequently use controllers because of their organizational benefits.
34. What are filters in ASP.NET Core?
Filters allow developers to execute logic before or after controller actions.
Examples include authorization filters, exception filters, action filters, and result filters.
Filters help centralize cross-cutting concerns and reduce duplicated code.
35. What is API versioning?
API versioning allows developers to evolve APIs without breaking existing consumers.
Common approaches include URL versioning, query string versioning, and header-based versioning.
Versioning is an important strategy for maintaining backward compatibility in production systems.
36. What is response caching?
Response caching stores the result of an HTTP response so subsequent requests can be served more quickly without executing the same application logic again.
Caching reduces CPU usage, database load, and response times for frequently requested resources.
It is especially useful for data that changes infrequently and is requested by many users.
37. What is distributed caching?
Distributed caching stores cached data in an external shared cache rather than application memory.
Unlike in-memory caching, distributed caches can be shared across multiple application instances, making them suitable for load-balanced environments.
Redis is one of the most popular distributed caching solutions used with ASP.NET Core.
38. When should you use Redis?
Redis is commonly used for distributed caching, session storage, rate limiting, pub/sub messaging, and temporary data storage.
Because Redis operates entirely in memory, it provides extremely fast read and write performance.
It is often introduced when application performance becomes limited by repeated database access.
39. What is a Background Service?
A Background Service is a long-running process that executes independently of incoming HTTP requests.
Examples include sending emails, processing messages, synchronizing data, generating reports, and scheduled maintenance tasks.
ASP.NET Core provides the BackgroundService base class for implementing these workloads.
40. What is IHostedService?
IHostedService is an interface used to run background processes within an ASP.NET Core application.
It provides StartAsync and StopAsync methods that integrate with the application's lifecycle.
Hosted services are commonly used for scheduled jobs and background processing.
41. What is SignalR?
SignalR is a real-time communication framework for ASP.NET Core.
It allows servers to push updates to connected clients instantly without requiring constant polling.
SignalR is commonly used for chat applications, live dashboards, notifications, collaborative tools, and online gaming features.
42. What is rate limiting?
Rate limiting restricts the number of requests a client can make within a specified time period.
This helps protect APIs from abuse, denial-of-service attacks, and excessive resource consumption.
Modern ASP.NET Core includes built-in support for implementing rate limiting policies.
43. How would you improve ASP.NET Core API performance?
Performance improvements typically involve using asynchronous programming, caching, database query optimization, response compression, and efficient object mapping.
Developers should also avoid unnecessary allocations, reduce network round trips, and monitor application bottlenecks.
Performance optimization should always be driven by measurements rather than assumptions.
44. What are common ASP.NET Core security best practices?
Security best practices include enforcing HTTPS, validating input, using strong authentication mechanisms, implementing authorization policies, and protecting sensitive configuration data.
Developers should also keep dependencies updated and regularly review application vulnerabilities.
Security should be considered throughout the entire software development lifecycle.
45. What is a microservice?
A microservice is a small, independently deployable service responsible for a specific business capability.
Each microservice typically owns its own database and communicates with other services through APIs or messaging systems.
Microservices improve scalability and team autonomy but introduce additional operational complexity.
46. How does ASP.NET Core support microservices?
ASP.NET Core provides excellent support for building lightweight, containerized services.
Features such as dependency injection, configuration management, logging, health checks, and Minimal APIs make it well-suited for microservice architectures.
ASP.NET Core also integrates naturally with cloud platforms and container orchestration systems.
47. What is Docker and why is it used with ASP.NET Core?
Docker packages applications and their dependencies into portable containers.
Containers ensure consistent execution across development, testing, and production environments.
ASP.NET Core applications are commonly deployed using Docker because of their cross-platform capabilities and cloud-native design.
48. What is Kubernetes?
Kubernetes is a container orchestration platform used to deploy, manage, scale, and monitor containerized applications.
It automates many operational concerns such as load balancing, service discovery, health monitoring, and rolling deployments.
Large ASP.NET Core systems often rely on Kubernetes to manage production workloads.
49. What is observability?
Observability is the ability to understand the internal state of a system through logs, metrics, and traces.
A highly observable application enables teams to diagnose failures, monitor performance, and understand system behavior more effectively.
Modern cloud-native applications place significant emphasis on observability practices.
50. What would a senior developer say about ASP.NET Core architecture?
Senior developers understand that architecture is about balancing trade-offs rather than blindly following patterns.
A simple monolith may be the best solution for one project, while a distributed microservice architecture may be necessary for another.
The most successful ASP.NET Core systems are not always the most complex ones. They are the systems that align technical decisions with business requirements, team capabilities, scalability needs, and long-term maintainability goals.