Search your questions here
Search results for: in category: ASP.NET CORE
ASP.NET Core is a modern, open-source, and cross-platform framework for building web applications, APIs, and microservices. Developed by Microsoft.
It is used for building modern, cloud-enabled, Internet-connected apps. Using this, Build web apps and services, Internet of Things (IoT) apps, and mobile backends.
it is a significant redesign of the older ASP.NET framework and offers a more modular, lightweight, and efficient architecture.
A robust tool for building web UI and web APIs.
It is Architected for testability.
It is suitable for develop and run on Windows, macOS, and Linux
Integration of modern, client-side frameworks and development workflows
It has built-in dependency injection.
It can be hosted on the following:
Kestrel
IIS
HTTP.sys
Nginx
Docker
Side-by-side versioning.
ASP.NET Core MVC provides features to build web APIs and web apps:
The Model-View-Controller (MVC) pattern helps make your web APIs and web apps testable.
Razor Pages is a page-based programming model that makes building web UI easier and more productive.
Razor markup provides a productive syntax for Razor Pages and MVC views.
Tag Helpers enable server-side code to participate in creating and rendering
CoreCLR is the runtime for .NET Core.
It's responsible for executing managed code
It provides following services:-
JIT Compilation: Just-In-Time compilation of Intermediate Language (IL) to native code.
Garbage Collection: Automatic memory management.
Type Safety: Managing types at runtime.
It has an excellent exception Handling mechanism: It is supporting structured exception handling.
it is cross-platform (Windows, Linux, macOS)
It has high performance and lightweight.
It is Open-source and part of the .NET Foundation.
The differences between the full .NET Framework and the .NET Core Framework can besummarized in the following points:
The .NET Core Framework is more compact and modular .
The .NET Core Framework and related tools are open source.
The .Net Core Framework is more performant due to its modular architecture and frequent updates.
NET Core allows developers to choose and include only the required libraries to build their applications.
The .NET Core Framework cannot be used to write
any thing other than ASP.NET and console applications.It is only for Windows.
The .NET Core Framework can be deployed side by side
with the application, whereas the full .NET Framework
can only be installed on the target machine and shared
by all applications.
The first line is
var builder = WebApplication.CreateBuilder(args);
CreateBuilder(args): This method initializes the application's builder. It accepts args, which are the command-line arguments passed to the application, allowing configuration via these arguments (e.g., setting environment variables or listening ports).
It sets up essential services like dependency injection (DI), configuration sources, and logging.
The builder reads configuration from various sources, such as appsettings.json, environment variables, and command-line arguments.
This line is the starting point for creating an ASP.NET Core application, setting up the infrastructure needed to run the web server, and configure services and middleware.
Development (Which is already set in launchsettings.json)
Microsoft.AspNet.Core.Mvc.Controller
Microsoft.AspNet.Core.Mvc.ControllerBase (an abstract class)
Razor Pages is a page-based model for building server rendered web UI. Razor pages UI are dynamically rendered on the server to generate the page's HTML and CSS in response to a browser request. The page arrives at the client ready to display the content.
Minimal APIs are architected to create HTTP APIs with minimal dependencies. They're ideal for microservices and apps that want to include only the minimum files, features, and dependencies in ASP.NET Core.
Partial class support for Razor components
Blazor Component Tag Helper and pass parameters to top-level components
Support for shared queues in HTTP.sys
Breaking changes for SameSitecookies
Prevent default actions for events in Blazor apps
Stop event propagation in Blazor apps
Detailed errors during Blazor app development
Properties,launchsettings.json,wwwroot folder contains js,image,css files
Controllers,Models,Views folders
appsettings.json
program.cs
startup.cs
The launchSettings.json file in .NET is used to configure the launch settings for .NET applications. It contains settings that specify how the application should be launched in different environments, such as development and production, and can define multiple profiles for running the application.
In environmentVariables section you can set the environment production or Development
It contains application url also.
In .NET, appsettings.json is a configuration file that stores application settings in a structured JSON format. It’s commonly used to manage application settings like connection strings, logging configurations, and other application-specific settings. This file is particularly useful for storing configuration data outside the code, making it easy to modify without recompiling the application.
In a .NET Core application, Program.cs is the entry point of the application. It contains the Main method, where the application starts and the host is configured.
It contains 2 static methods
main method -
The Main method provides the entry point that all .NET applications must provide so they can be executed by the runtime. The Main method in the Program class calls the BuildWebHost method, which is responsible for configuring ASP.NET Core.
Main method is the point of the application, which calls CreateHostBuilder(args).Build().Run(); to start the app.This method is to configure the hosting environment and select the class that completes the configuration for the asp.net core application.
CreateHostBuilder method: Sets up a default host and configures it to use the Startup class.
When the application starts, ASP.NET Core creates a new instance of the Startup class and calls its ConfigureServices method so that the application can create its services.The service means any object that provides functionality to other parts of the application.
Once the services have been created, ASP.NET calls the Configure method. The purpose of the Configure method is to set up the request pipeline, which is the set of components—known as middleware—that are used to handle incoming HTTP requests and produce responses for them.
The Startup.cs file in an ASP.NET Core project configures services and defines the middleware pipeline. It's one of the main configuration files where you define how your application should behave and which services it should use. Here’s a quick guide to what typically goes into a Startup.cs file.
It contains 2 methods - ConfigureServices,Configure
Configure services method
Here, you add services that your application will need, such as MVC, Entity Framework, or custom services.
Services added here are available for Dependency Injection throughout the application.
Configure method
This method configures middleware in the HTTP request pipeline.
[DataType(DataType.Date)]
System.ComponentModel.DataAnnotations.
ViewData
ViewBag
TempData
Session
ViewData is a dictionary object to pass the data from Controller to View where data is passed in the form of key-value pair.
Typecasting is required to read the data in View if the data is complex and we need to ensure null check to avoid null exceptions. The scope of ViewData is similar to ViewBag and it is restricted to the current request and the value of ViewData will become null while redirecting.
ViewBag is a dynamic object to pass the data from Controller to View. And, this will pass the data as a property of object ViewBag. And we have no need to typecast to read the data or for null checking.
The scope of ViewBag is permitted to the current request and the value of ViewBag will become null while redirecting.
TempData is a dictionary object to pass the data from one action to other action in the same Controller or different Controllers. Usually, TempData object will be stored in a session object.
Tempdata is also required to typecast and for null checking before reading data from it. TempData scope is limited to the next request and if we want Tempdata to be available even further, we should use Keep and peek.
The attributes are to define data validation, formatting, and metadata. These attributes come from namespaces such as System.ComponentModel.DataAnnotations and Microsoft.AspNetCore.Mvc.
Some attributes are
Required,StringLength,DataType,Range,Email etc
The Model-View-Controller (MVC) architectural pattern separates an app into three main components: Model, View,and Controller.The MVC pattern helps you create apps that are more testable and easier to update than traditional monolithic apps.
Models: Classes that represent the data of theapp
Views: Views are the components that display the app's user interface(UI). Generally, this UI displays the model data.
Controllers: Classes that handle browser requests.They retrieve model data and call view templates that return a response. In an MVC app, the view only displays information; the controller handles and responds to user input and interaction.
An endpoint is a unit of code that handles requests and is defined in the application.
Endpoints are configured when the app starts. Every public method in a controller is callable as an HTTP endpoint.An HTTP endpoint is a targetable URL in the web application, such as https://localhost:5001/HelloWorld ,and the target URI HelloWorld combines the protocol used: HTTPS , the network location of the web server (including theTCP port): localhost:5001 and the target URI HelloWorld
Routing is the mechanism that maps incoming requests to the appropriate controller actions or endpoints in your application. It allows you to define how URLs should be interpreted and handled, giving you control over the URL structure, route parameters, and constraints. The Routing System has 2 functions
1. Examine an incoming URl;
2. Generating outgoing URLs
The mapping between URLs and the controllers and action methods is defined in the Startup.cs file or by applying the Route attribute to controllers.
Routing uses endpoints ( Endpoint ) to represent logical endpoints in an app.
Routing middleware in ASP.NET Core MVC is a key component that handles incoming HTTP requests and maps them to the appropriate controllers and actions. It plays a crucial role in processing requests and generating responses.
To enable routing, configure middleware in the request pipeline using UseRouting and UseEndpoints methods.
In program.cs (or in startup.cs)
app.UseRouting(); // Enables routing
// Define route mappings
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
UseRouting: Adds the routing middleware to the pipeline. It matches the incoming request to a route.
UseEndpoints: Finalizes the route matching and executes the corresponding action.
Routing middleware should be added in proper order like,
app.UseRouting(); // Matches routes
app.UseAuthentication(); // Authenticates requests
app.UseAuthorization(); // Checks permissions
app.UseEndpoints(...); // Executes endpoint logic
ASP.NET Core supports two primary types of routing:
Conventional Routing: Commonly used in MVC applications where URL patterns map to controller actions.
Attribute Routing: Used to decorate controller actions with route attributes to define custom routing for each action or controller.Here routes are defined by attributes that are applied directly to the controller classes.
Attribute routing allows you to define routes at the controller or action level. To use attribute routing, add the [Route] attribute to the controller or actions.
[Route("Students")]
In conventional routing, you define a routing pattern that applies globally in the UseEndpoints method:
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
Entity Framework Core (EF Core) is a popular Object-Relational Mapping (ORM) framework in .NET, used extensively in ASP.NET Core applications to manage data access. It simplifies data interactions, making it easier to work with databases by mapping database tables to .NET classes.It is an an open-source, lightweight, extensible, and cross-platform version of Microsoft’s popular Entity Framework data access technology.
It Reduces Repetitive Code.
It Increases the data integrity.
It has 2 approaches for accessing data from db. ie Code First and Data First.
In Code first, first you have to create the model class and Dbcontext class and you have to migrate it.
In Database first approach, you have to first create db,tables and other objects and you have to scaffold the database.
The Database-First approach in Entity Framework Core (EF Core) allows you to create entity models and the context classes based on an existing database schema. This is especially useful when you already have a database in place and want to generate C# classes to interact with it using EF Core in an ASP.NET Core application.
The steps for db first approch, first install required packages from Nuget.
First create DB and tables
Microsoft.EntityFrameworkCore.SqlServer
Microsoft.EntityFrameworkCore.Design
Scaffold the Database using scaffold command. All the models will be created with dbcontext file.
Using the "Code First" approach in Entity Framework Core (EF Core) with ASP.NET Core allows you to create a database structure from C# classes. Here’s a guide to get you started with Code First in an ASP.NET Core application.
The steps involved
first add required packages from Nuget
Microsoft.EntityFrameworkCore
Microsoft.EntityFrameworkCore.SqlServer
Microsoft.EntityFrameworkCore.Tools
Define your entity classes in order to create tables in DB
Create the Database Context
Configure the Database Connection in appsettings.json
register the database context in Startup.cs or Program.cs
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
The ValidateAntiForgeryToken attribute is used to prevent forgery of a request and is paired up with an antiforgery token generated in the editview file(Views/Movies/Edit.cshtml).
The editview file generates the antiforgery token with theForm Tag Helper.
<form asp-action=”Edit”>
The Form Tag Helper generates a hidden anti-forgery token that must match the [ValidateAntiForgeryToken] generated anti-forgery token in the Edit method of the Movies controller.
Tag Helpers are classes that can be applied to HTML elements in Razor views.
They are processed on the server, allowing you to dynamically modify HTML elements or add new functionality based on server-side logic ensuring that the HTML sent to the client reflects the state of the application.
Tag helpers allow view content to be generated or transformed using C# logic. In order to use it globally, use the Razor @addTagHelper expression in _ViewImports.csthml file.
The form tag helpers are used to transform HTML form elements so that you
don’t have to write custom tag helpers to solve the most common problems.
The form tag helpers ensure that HTML form elements, which include the
elements inside forms, such as label and input, are generated consistently.
some main Built-in-tag helper attributes for the form elements.
asp-action: Specifies the action method to use for a form.
asp-controller: Specifies the controller name for a form.
asp-route-{value}: Allows setting route data for a form action URL.
asp-area - This attribute is used to specify the name of the area that will be
used to generate the URL for the action attribute.
asp-antiforgery - This attribute controls whether anti-forgery information is added
to the view.
The form tag helper injects a hidden field with a request verification token tailor-made to prevent cross-site request forgery (XSRF) attacks.
An Application Part is an abstraction over the resources of an app. Application Parts allow ASP.NET Core to discover controllers,view components, tag helpers, Razor Pages, razor compilation sources,.
Using Application Parts,you can share an assembly (DLL) containing controllers,views, Razor Pages, razor compilation sources,Tag Helpers,and more with multiple apps.Sharing an assembly is preferred to duplicating code in multiple projects.
The AutoValidateAntiforgeryToken covers all potentially unsafe HTTP verbs, while the ValidateAntiforgeryToken only covers POST requests:
AutoValidateAntiforgeryToken
Covers all potentially unsafe HTTP verbs, including PUT, DELETE, and PATCH. It doesn't cover other verbs that are supposed to be used for read-only actions only.
ValidateAntiForgeryToken
Only covers POST requests. GET requests should be a read-only operation and shouldn't use the ValidateAntiForgeryToken filter.
AutoValidateAntiforgeryToken is recommended for non-API scenarios.
AutoValidateAntiforgeryToken can be added to the global filters collection in your Startup class.
AutoValidateAntiforgeryToken can protect against possible CSRF attacks without having to explicitly code for it each and every time
Through the Configure method and middleware classes—in controllers and views.
Create a new class that inherits from TagHelper.
Override the Process method to define custom behavior.
Register your Tag Helper in the view by adding it to _ViewImports.cshtml.
When you bind data from an HTTP request directly to a model, all matching properties in the model could be updated if they exist in the request. If sensitive or unintended fields are exposed, malicious users might modify these values, leading to unauthorized changes.
Method 1
Use Bind property to the parameters
public IActionResult Edit([Bind(nameof(UserModel.Name))] UserModel model)
{
return View("Index", model);
}
The above method is only allowing to update Name field.
Method 2
Using TryUpdateModel or Updatemodel
Specify the fields you want to update explicitly:
TryUpdateModel(user, "", new string[] { "Name", "Email" });
The above command is only allowing to update Name and Email Field.
Specific Type
IActionResult
ActionResult
|
ContentResult |
Returns a string |
|
FileContentResult |
Returns file content |
|
FilePathResult |
Returns file content |
|
FileStreamResult |
Returns file content. |
|
EmptyResult |
Returns nothing |
|
JavaScriptResult |
Returns script for execution |
|
JsonResult |
Returns JSON formatted data |
|
RedirectToResult |
Redirects to the specified URL |
|
HttpUnauthorizedResult |
Returns 403 HTTP Status code |
|
RedirectToRouteResult |
Redirect to different action/ different controller action |
|
ViewResult |
Received as a response for view engine |
|
PartialViewResult |
Received as a response for view engine |
The Partial Tag Helper is used for rendering a partial view in Razor Pages and MVC apps.It Renders the partial view asynchronously.
Sample code
<partial name="PartialViewName" />
You can pass a strongly-typed model to the partial view :
Sample Code
public class Product
{
public int Number { get; set; }
public string Name { get; set; }
public string Description { get; set; }
}
<partial name="Shared/_ProductPartial.cshtml" for="Product">
We can use them in following ways.
@await Html.PartialAsync
@await Html.RenderPartialAsync
@Html.Partial
@Html.RenderPartial
TheScriptTag Helper generates a link to a primary or fall back script file.Typically the primary script file will be from a Content Delivery Network (CDN).
For example,
<script src="https://ajax.aspnetcdn.com/ajax/jquery/jquery-3.3.1.min.js"
asp-fallback-src="~/lib/jquery/dist/jquery.min.js"
asp-fallback-test="window.jQuery"
crossorigin="anonymous"
integrity="sha384-tsQFqpEReu7ZLhBV2VZlAu7zcOV+rXbYlF2cqB8txI/8aZajjp4Bqd+V6D5IgvKT">
</script>
src - Address of the external script to use.
asp-fallback-test: The script method defined in the primary script to use for the fallback test.
asp-fallback-src: The URL of a Script tag to fallback to in the case the primary one fails.
Middleware in ASP.NET Core is software that's assembled into an application pipeline to handle requests and responses. Each piece of middleware has a specific role and can either handle a request directly or pass it on to the next component in the pipeline.
Built-in Middleware Examples
Routing Middleware
Static Files Middleware:
Authentication Middleware:
Authorization Middleware
Exception Handling Middleware
Logging Middleware
Examples
You have to use middlewares in Configure method of Startup.cs (or program.cs file)
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
There are 2 ways to create Custom Middleware in Asp.net Core.
Using IMiddleware interface
Using the extension method.
In the first method, We have to create a class which implements IMiddleware interface and implement InvokeAsync method.
In the second method, we have to create a class and using Dependency Injection, we have to add RequestDelegate and implment Invoke. After that we have to create another extension class used to add the above middleware to the HTTP request pipeline.
You can create custom middleware by creating a class with an Invoke or InvokeAsync method:
An ASP.NET Core app builds a host on startup.The host is an object that encapsulates all of the app's resources which contains the following :-
An HTTP server implementation
Middleware components
Logging
DI
Configuration
Two hosts are available: the Generic Host and the Web Host.
The Generic Host is a Cross-platform Hosting.
It has a Built-in Dependency Injection (DI) container.
It has a logging support.
The Generic Host is recommended,and the Web Host is available only for backwards compatibility
Development,Staging,and Production
Development means the the first environment developers use to check if all code changes work well with each other. It's known as a “sandbox” for developers to work in.
Staging environment is the environment where your code is 'staged' prior to being run in front of users so you can ensure it works as designed.
Production is the live, real-world platform where end-users access and interact with the software.In this stage main points are reliability, stability, and optimal performance.The software must seamlessly meet user needs.
A route is a URL pattern that is mapped to a handler.The handler is typically a Razor page,an action method in an MVC controller, or a middleware. ASP.NET Core routing gives you control over the URLs used by your app.
The Configure method is used to specify how the app responds to HTTP requests.The request pipeline is configured by adding middleware components to an IApplicationBuilder instance.
Dependency Injection (DI) is a core concept in ASP.NET Core, making it simple to inject dependencies into classes, which promotes loose coupling and testability. ASP.NET Core has a built-in Dependency Injection container that helps manage object lifetimes and resolve dependencies at runtime.
To use dependency injection in .NET Core, we need to do the following:
Create an interface that defines the contract for our dependency.
Create a class that implements the interface.
Register the service with the DI container.
Inject the service into the class that needs it.
Advantages of DI in mvc core
Loose coupling: Dependency injection allows us to decouple our classes from their dependencies. This makes our code more maintainable and easier to test.
Testability: Dependency injection makes our code more testable because we can mock out dependencies in our unit tests.
Extensibility: Dependency injection makes our code more extensible because we can easily swap out dependencies.
Reusability: Dependency injection makes our code more reusable because we can easily share dependencies between different classes.
ASP.NET Core offers three main service lifetimes that control the lifecycle of registered services:
Transient
A new instance of the service is created each time it is requested
Best for lightweight, stateless services that are short-lived and not shared
Scoped :
A new instance of the service is created once per request (or scope).
Ideal for services that are tied to a single request but should maintain the same instance throughout that request, like handling database operations
You can create a custom exception filter by implementing the IExceptionFilter or IAsyncExceptionFilter interface:
public class GlobalExceptionFilter : IExceptionFilter
{
public void OnException(ExceptionContext context)
{
// Log exception here
var exception = context.Exception;
// Customize response here
context.Result = new ObjectResult("An error occurred")
{
StatusCode = 500
};
// Mark exception as handled
context.ExceptionHandled = true;
}
}Then, you can register this filter globally in your application configuration:
services.AddControllers(options =>
{
options.Filters.Add<GlobalExceptionFilter>();
});
Using Built-in Exception Filters
ASP.NET Core provides a built-in ExceptionHandlerMiddleware, which you can configure in the middleware pipeline with UseExceptionHandler. This middleware catches exceptions and routes them to a specified error page or API endpoint.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
}
HTTP StrictTransportSecurity Protocol (HSTS) Middleware(UseHsts) adds the Strict-Transport-Security header
HTTPS Redirection Middleware(UseHttpsRedirection) redirects HTTP requests to HTTPS.
Static File Middleware(UseStaticFiles) returns static files and short-circuits further request processing.
Cookie Policy Middleware(UseCookiePolicy) conforms the app to the EU General Data Protection Regulation (GDPR) regulations.
Routing Middleware( UseRouting ) to routerequests.
Authentication Middleware(UseAuthentication) attempts to authenticatethe user before they're allowed access to secure resources.
Authorization Middleware( UseAuthorization ) authorizes a user to access secure resources.
Session Middleware(UseSession) establishes and maintains session state. If the app uses session state,call Session Middleware after Cookie Policy Middleware and before MVC Middleware.
Endpoint Routing Middleware( UseEndpoints with MapRazorPages ) to add Razor Pages endpoints to the request pipeline.
In .NET Core, “Run,Map and Use ”are the methods that help you configure the middleware pipeline in an ASP.NET Core application.
To build a pipeline, we are using request delegates, which handle each HTTP request. To configure request delegates, we use the Run, Map,and Use extension methods.
The Use method can short-circuit the pipeline (that is, if it doesn't call a next request delegate).
Use method can also use to chain multiple request delegates.
Run is a convention,and some middleware components may expose Run[Middleware] methods that run at the end of the pipeline.
Map extensions are used as a convention for branching the pipeline. Map branches the request pipeline based on matches of the given request path. If there quest path starts with the given path, the branch is executed.
MapWhen branches the request pipeline based on the result of the given predicate. Any predicate of type Func can be used to map requests to a new branch of the pipeline
app.run method accepts a single parameter of the RequestDelegate type.using this context, we can modify the request like
app.Run(async context =>
{
await context.Response.WriteAsync("Hello from the middleware component.");
});
Kestrel is a cross-platform web server for ASP.NET Core. Kestrel is the recommended server for ASP.NET Core, and it's configured by default in ASP.NET Core project templates.
features of Kestrel:-
Cross-platform
High performance
Lightweight:
Wide protocol support:
Integration with ASP.NET Core:
Extensibility:
In the main method (startup.cs or program.cs) when CreateDefaultBuilder method is called, it calls UseKetrel method behind the scene.
How can you customize kestrel options ?
There are multiple methods for this.
One method is to configure in appsettings.json
For eg,
{
"Kestrel": {
"Limits": {
"MaxConcurrentConnections": 100,
"MaxConcurrentUpgradedConnections": 100
}
}
}
Other method is to define in program.cs (or in startup.cs) file.
For eg,
var builder = WebApplication.CreateBuilder(args);
// Configure Kestrel
builder.WebHost.ConfigureKestrel(serverOptions =>
{
serverOptions.Limits.MaxConcurrentConnections = 100;
serverOptions.Limits.MaxRequestBodySize = 10 * 1024; // 10 KB
serverOptions.ListenAnyIP(5000); // Bind to a specific port
});
When a request come first, it is in program.cs file main method, here it creates a webhost builder and it executes startup class which configures services and the app's request pipeline and it calls the ConfigureServices method then calls the configure method and executes all the middleswares in sequence and last app.UseEndpoints for routing.
The MVCRouteHandler calls the RouteAsync method. This method calls the SelectCandidates method which selects all possible methods and checks if the entered URL has a match in the route data. This is simply a name comparison. Then the SelectBestCandidates method is called which narrows down the choice based on action constraints like HttpPost and HttpGet. If a match is found then the particular controller and action method are selected.
The MVC RouteHandler decides the controller that needs to be invoked. The controller Factory class and the controller activator class create an instance of the controller and an action method is selected.
Before the controller is created, authorization filters are called. If the authorization is successful, then the controller is created. Once the controller is created and the action method selected, model binding takes place. This is responsible for populating the action method parameters using querystrings, form data, route data, etc.
After the model binding takes place, the OnActionExecuting filter is executed. First, the action method is executed. Then, the OnActionExecuted filter is executed. Action result is now generated. Remember that in MVC, there is a difference between action result generation and the actual rendering of the action result.
After this, OnResultExecuting filters are executed next and the action result is invoked. After this, the OnResultExecuted filter is executed. This is the last stage where an action result can be modified.
Since in ASP.NET core, the MVC lifecycle and Web API lifecycle are now integrated into one, content negotiation also takes place when creating an ActionResult.
After this action, the results like JsonResult, ViewResult, etc. are rendered, depending upon the action result that needs to be created.
The main steps in life cycle are as below:-
Request Reception User makes a request (GET/POST)
Routing Matching request to a route/controller/page
Middleware (Pre-Action)
Authentication
Logging
Controller/Page - Action method or page handler executes
Model Binding - Binding input data to parameters
Action Filters - Optional: Filters before/after action
View/Page Rendering - Razor view/page generates HTML
Response Handling - Middleware processes the response
Response Sent - Response sent back to the client
Role-Based Simple, predefined user roles
Policy-Based Flexible, reusable policies
Claim-Based Finer-grained access using claims
View-Based - It is an authorization strategy that enables us to manage UI elements’ visibility based on the user’s identity.
Custom Requirement/Handler - Complex, custom authorization logic
Resource-Based Resource-specific permissions
Identity-Based Integration with external identity providers
Session management allows you to store user-specific data across multiple requests. Unlike previous versions of ASP.NET, session management in ASP.NET Core is explicitly added through middleware and configured in Startup.cs.
steps :
In Configure Services method in startup.cs
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(30); // Set session timeout
options.Cookie.HttpOnly = true; // Make the session cookie HttpOnly
options.Cookie.IsEssential = true; // Required when GDPR policies are applied
});
In Configure method,
app.UseSession(); (before authorization middleware)
In controller use
HttpContext.Session.SetString("UserName", "John Honai");
HttpContext.Session.SetInt32("UserAge", 25);
In ASP.NET Core, you can set up constraints within routing to enforce specific rules or patterns on URL parameters. Here’s a guide on implementing routing constraints:
Some common constraints include:
int - Matches integers
bool - Matches boolean values (true or false)
datetime - Matches date values
guid - Matches GUID values
decimal - Matches decimal values
double - Matches double values
length - Matches strings of specific length
minlength(value) - minimum number of charecters.
maxlength(value_ - maximum number of charecters
length(length) - Exact number of charecters
min(value) - minimum value
max(value) - maximum value
alpha - String must consist of one or morealphabetical characters ( a - z , case_insensitive)
example :
[Route("product/{id:int}")]
public IActionResult GetProduct(int id)
This route only matches URLs where id is an integer, like /product/123.
You can also use multiple constraints on the same route parameter by separating them with a colon.
[Route("product/{id:int:min(1)}")]
Regular Expression Constraints
Using regular expressions, you can match complex patterns within URLs.
[Route("user/{username:regex(^[a-zA-Z0-9]*$)}")]
you can define custom routing constraints by implementing the IRouteConstraint interface.
Steps involved:
Define a new class implementing IRouteConstraint.
Override the Match method to define your custom constraint logic.(This method decide whether a request should be matched by the route.)
Register the custom constraint in Startup.cs.
Apply the custom constraint in your route.
Constraints are used to limit the values that a route can accept.
It ensure that the parameters of a route are of a certain type, range, or pattern.
It is making applications more robust and error-free.
It prevent certain requests from matching a route.
If you’re using conventional routing (defined in Startup.cs), you can add constraints to routes using route templates.
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id:int?}");
});
In attribute routing, you can use constraints like
[Route("Home/Index/{id:int?}")]
public IActionResult Index(int? id)
{
return View();
}
Here you have to pass a paremeter id of type integer or null.
It returns a response with problem details for common HTTP status codes. It allows you to handle HTTP errors (status codes) by showing a custom error page or message when a request results in an error status (like 404 Not Found or 500 Internal Server Error).
It provides centralized error handling.
In configure method of Startup.cs file
app.UseStatusCodePages();
it is a middleware method in ASP.NET Core that configures custom error pages for specific HTTP status codes using redirection. It sends a redirect response to the client, causing the browser to make a new request to the specified error page URL.
it will respond with a redirect instead of an actual message and we can then redirect to any action in our application,.
The UseStatusCodePagesWithRedirects extension method:
Sends a 302 - Found status code to the client.
Redirects theclient to the location provided in the URL template.
app.UseStatusCodePagesWithRedirects("/StatusCode?code={0}");
First, add the Microsoft.Extensions.FileProviders namespace.
In configure method,
app.UseStaticFiles();
// Serve static files from a custom folder outside of wwwroot
var customDirectoryPath = Path.Combine(Directory.GetCurrentDirectory(), "CustomStaticFiles");
var fileProvider = new PhysicalFileProvider(customDirectoryPath);
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = fileProvider,
RequestPath = "/StaticFiles" // URL path to access files
});
[Authorize]
public IActionResult GetDocument()
{
var file = Path.Combine(Directory.GetCurrentDirectory(),
"SecureFiles", "secret.pdf");
return PhysicalFile(file, "application/pdf");
}
The UseDefaultFiles middleware is used to serve a default file (like index.html) when a request is made to a folder. It works well with the UseStaticFiles middleware, which serves static files from a directory in your project. By default, UseDefaultFiles looks for files named index.html, default.html
app.UseDefaultFiles();
app.UseStaticFiles(); (In configure method)
You can use the UseFileServer middleware to serve static files from a specified directory. This is helpful for serving files like HTML, JavaScript, CSS, and images from a static directory within your application. The UseFileServer middleware combines three other middlewares: UseStaticFiles, UseDefaultFiles, and UseDirectoryBrowser.
in Configure method,
var options = new FileServerOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "StaticFiles")),
RequestPath = "/files",
EnableDirectoryBrowsing = true
};
app.UseFileServer(options);
Model binding is the process of taking data from an HTTP request (such as form data, route data, or query string parameters) and converting it into a C# object. This process helps streamline the workflow by automatically mapping incoming data to the models used in the application.Model binding lets action methods declare parameters using C# types and automatically receive data from the request without having to inspect, parse, and process the data directly.
The model binding system relies on model binders, which are components responsible for providing data values from one part of the request or application. The default model binders look for data values in these three places:
Form data values
Routing variables
Query strings
public class Product
{
public int Id { get; set; }
public string Name { get; set; }
public decimal Price { get; set; }
}
In Controller
public IActionResult Create(Product product)
{
}
Model binding in MVC Core maps data from:
Route data (e.g., URL parameters),
Query strings (e.g., ?param=value),
Form data (e.g., POST requests),
HTTP headers.
You can use the [Bind] attribute to specify which properties of a model should be bound:
public IActionResult Create([Bind("Name,Price")] Product product)
{
// Only the Name and Price properties are bound
}
Model validation is an essential feature for ensuring that data coming into the application is valid before processing it further. ASP.NET Core uses a combination of data annotations and built-in validation mechanisms to validate models automatically.
Model validation is the process of enforcing the requirements that an application has for the data it receives from clients. Without validation, an application will try to operate on any data it receives, which can lead to exceptions and unexpected behaviors that appear immediately or long-term problems that appear gradually as the repository is populated with bad, incomplete, or malicious data.
Example
using System.ComponentModel.DataAnnotations;
public class UserModel
{
[Required(ErrorMessage = "Name is required.")]
[StringLength(50, ErrorMessage = "Name length can't exceed 50 characters.")]
public string Name { get; set; }
[Required(ErrorMessage = "Email is required.")]
[EmailAddress(ErrorMessage = "Invalid Email Address.")]
public string Email { get; set; }
[Range(18, 120, ErrorMessage = "Age must be between 18 and 120.")]
public int Age { get; set; }
}
Then in Controller,
[HttpPost]
public IActionResult Create(UserModel model)
{
if (!ModelState.IsValid)
{
// Return validation errors
return BadRequest(ModelState);
}
// Process the model (e.g., save to the database)
return Ok("User created successfully.");
}
Here IsValid property checks all validations defined in model class.
Partial views are reusable view components that can render a portion of a web page.
They are useful for breaking down complex views into smaller, manageable parts, which can then be reused across different pages or sections of an application.It reduces code duplication.
It can be used to design layout views, similar to content views.
Partial views are rendered as child views and are usually rendered in the main views using the @Html.Partial() method.
Partial views can be returned directly from controller methods.
Create a .cshtml file under the Views/Shared folder or in a specific view folder (e.g., Views/Home).
In your main View, you can render the parital view like
Using PartialTagHelper:
<partial name="_MyPartialView" model="@model" />
What are Benefits of Partial Views ?
Reusability: Define once, reuse multiple times.
Maintainability: Easier to manage and maintain smaller view components.
Modularity: Allows building a page from separate components, making development cleaner and faster.
View components are similar to partial views in that they allow you to reduce repetitive code, but they're appropriate for view content that requires code to run on the server in order to render the webpage.
View components are useful when the rendered content requires database interaction, such as for a website shopping cart. View components aren't limited to model binding in order to produce webpage output.
A view component renders a chunk rather than a wholeresponse.
It Includes the sameseparation-of-concerns and testability benefits found between a controller and view.
It Can have parameters and business logic.
It Is typically invoked from a layout page.
View components are intended any where you have reusable rendering logic that's too complex for a partial view
A view component consists of two parts: the class (typically derived from ViewComponent) and the result it returns (typically a view).
Define the View Component Class:
Create a class.
The class should inherit from ViewComponent.
The class name must end with ViewComponent (e.g., MyComponentViewComponent).
The Invoke or InvokeAsync method must be defined, as this method renders the component.
Add a View for the Component:
Create a Razor view file for the component in the Views/Shared/Components/[ComponentName]/Default.cshtml.
The view name Default.cshtml is the convention but can be overridden.
Using the View Component in a Razor View:
You can use @Component.InvokeAsync to render the View Component in a view.
@await Component.InvokeAsync("SamplePartialView", new { count = 5 })
Razor. which is responsible for processing the view in order to generate a response for the browser.
It is a Software architecture pattern
Areas - for partitioning a large application into smaller pieces.
Dependencies - provides details of all packages a project relies on.
Controllers - It contains controllers
Models : All the models
Views All the Views
Views/Shared - it contains layouts and views that are not specific to a single controller.
Views/_ViewImports.cshhtml :- This file is used to specify the namespaces that will be included in razor view files. It also used to set up tag helpers.
Views/_ViewStart.cshtml:- This file is used to specify a default layout for the razor view engine.
appsettings.json - It contains configurations settings that can be used for diff environments, such as development,testing,production. Here you can define database server connections strings and logging/debug settings also.
Program.cs - This class configures the hosting platform for the application.
Startup.cs - This class configures the application.
wwwroot - This is where you put static content such as Css files,scripts,image etc.
ViewData:
It is a dictionary object (ViewDataDictionary) of key-value pairs.
It is accessed using string keys, similar to a dictionary in C#.
Not type-safe, meaning it requires type-casting when retrieving values.
No compile-time checking for key existence or value type.
.Slightly faster, as it doesn’t use dynamic objects.
ViewBag:
It is a dynamic object (DynamicViewData) that enables adding properties without declaring them first.
Properties are accessed directly as if they were defined on the ViewBag.
Also not type-safe, as it is dynamic.
However, it allows for somewhat simpler syntax, without explicit type casting
In Model-View-Controller (MVC) frameworks like ASP.NET MVC (or other MVC-based frameworks), a Non-action method is a method in a controller class that is not intended to handle HTTP requests directly. Normally, public methods in a controller are treated as action methods, which can respond to incoming requests.
To prevent a method from being invoked as an action, you can use the [NonAction] attribute. This tells the framework that this method should not be accessible as an HTTP endpoint.
Strongly typed views refer to views that are directly tied to a specific model type. This enables IntelliSense in Visual Studio, allowing for compile-time checking and providing suggestions for properties and methods, which helps reduce errors and improve development efficiency.
HTML helpers in ASP.NET Core MVC are methods designed to simplify the creation of HTML controls within views. These helpers generate HTML elements dynamically based on the model's data, reducing boilerplate code and making views cleaner and easier to maintain.
They are generally classified as
Standard HTML Helpers
These helpers are used for common form elements like text boxes, labels, checkboxes, etc.
Examples
@Html.TextBoxFor(model => model.PropertyName, new { @class = "form-control" })
@Html.LabelFor(model => model.PropertyName, "Custom Label", new { @class = "label-class" })
Validation Helpers
These are used to display validation messages based on the model's data annotations.
@Html.ValidationMessageFor(model => model.PropertyName, "", new { @class = "text-danger" })
Form Helpers
@using (Html.BeginForm("Action", "Controller", FormMethod.Post, new { @class = "form-class" }))
Custom HTML Helpers
Redirecting to Another Action
public IActionResult SomeAction()
{
// Redirect to an action within the same controller
return RedirectToAction("MyAction");
Redirecting to a Specific URL
public IActionResult ExternalRedirect()
{
// Redirect to an external URL
return Redirect("https://www.sample.com");
}
Permanent Redirect
public IActionResult PermanentRedirectToAction()
{
return RedirectToActionPermanent("MyAction");
}
public IActionResult PermanentRedirectToUrl()
{
return RedirectPermanent("https://www.sample.com");
}
Redirecting with RouteValues
To pass additional parameters in a redirection, you can provide route values as a parameter.
public IActionResult RedirectToActionWithRouteValues()
{
return RedirectToAction("MyAction", new { id = 5, name = "example" });
}
Using LocalRedirect for Local URLs
If you’re redirecting to a local URL and want extra security (preventing open redirects), use LocalRedirect. This method only allows redirection to URLs within your application.
public IActionResult SafeLocalRedirect(string returnUrl)
{
if (Url.IsLocalUrl(returnUrl))
{
return LocalRedirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
Content negotiation is the process by which the server determines the best representation of a resource to send back to the client, based on the client’s preferences. The client can specify these preferences in the Accept header of an HTTP request.
The default format used by ASP.NET Core is JSON.
By default, ASP.NET Coresupports application/json , text/json ,and text/plain media types.
When a request contains an accept header, ASP.NET Core Enumerates the media types in theaccept header in preference order and tries to find a formatter that caproducea responsein one of theformats specified.
By default, when the framework detects that the request is coming from a browser,
the Accept header is ignored. In order to activate it, In ConfigureService method in startup.cs (or program.cs) modify code as
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers(options =>
{
options.RespectBrowserAcceptHeader = true; // false by default
});
}
yes we can use multple routes in same method.
for example,
Public class ProductsController : Controller
{
[Route("") // Matches products
[Route("Index") // Matches products/Index
We can also apply to controller also.
Attribute routing supports defining multiple routes that reach the same action,
Example
[Route("[Controller]"]
public class studentController : Controller
{
[Route("")] // Matches Student
[Route("Index")] // Matches Student/Index
public IActionResult Index()
{
}
We can add multiple routes to controller level and action level at a time also.
For example
[Route("Store")]
[Route("controller")]
public class StudentController : Controller
{
[HttpPost("Result")] // matches Store/Result and Student/Result
[HttpPost("attendance")] // Matches Store/attendance & Student/attendance
Public IAction Result
{
}
Url.Action is used to generate a URL for a specified action method in a controller. This method is particularly useful for creating links that navigate to other actions within an MVC application.
Using the UrlHelper you can generate URLs to MVC actions, pages, and routes.
Example:-
Url.Action(action: "Home", controller: "Privacy")
Url.Action(action: "Home", controller: "Index", values: null, protocol: "https", host: "your-website")
The result is now "https://your-website/Home/Index".
@Url.Action("Index", "Home", new { id = 54, com = "delete", page = "5" })
The above overload method of the Url.Action has 3rd parameter as the object parameter that is used to pass the parameter to the action method of the controller.
An IActionConstraint is used to control whether an action method should be selected based on custom logic during the routing process. This can be helpful in scenarios where you have multiple actions that match a route and you want to decide which one should handle the request based on certain conditions.
create a custom class that implements the IActionConstraint interface. This interface has a single method, Accept, where the logic for determining if the action matches a specific request goes.
An IActionConstraint is used to control whether an action method should be selected based on custom logic during the routing process. This can be helpful in scenarios where you have multiple actions that match a route and you want to decide which one should handle the request based on certain conditions.
Create a custom class that implements the IActionConstraint interface. This interface has a single method, Accept, where the logic for determining if the action matches a specific request goes.
Action injection refers to the technique of injecting dependencies directly into action methods, rather than through a controller’s constructor. This can improve clarity and scope control, especially when only specific actions need certain services. Let’s explore how to implement action injection and why it might be beneficial.
In ASP.NET Core, this can be done by adding parameters to your action method and marking them with the [FromServices] attribute
public IActionResult UseService([FromServices] IMyService myService)
Here IMyService is our service.
Dependency Injection (DI) in views allows you to inject dependencies like services, repositories, or utilities directly into views, making the code more modular, testable, and maintainable.
To inject dependencies into views, you can use constructor injection in controllers or @inject in Razor views.
First configure the service in startup.cs, then
Using @inject in Razor Views
@inject IMyService myService
<h1>@myService.GetData()</h1>
here GetData is the method in the service.
Configuration injection in ASP.NET Core is a powerful feature that allows you to inject configuration settings directly into services or controllers, improving modularity and reducing hard-coded values.
Layout templates allow you to specify the HTML container layout of your sitein one place and then apply it across multiple pages in your site. @RenderBody is a placeholder where all the view-specific pages you creates show up, wrapped in the layout page.
Libman (short for Library Manager) is a lightweight client-side library management tool for ASP.NET Core projects. It was introduced to help developers manage client-side libraries like jQuery, Bootstrap, and others, directly in ASP.NET Core applications without relying on more complex package managers like npm
Bundling and minification in ASP.NET Core are techniques to improve web performance by reducing the size and number of HTTP requests required to load web assets, like JavaScript and CSS files.
Steps needed:
Create minified versions of CSS and JavaScript files manually or use a task runner like Gulp/Webpack.
Place these minified files in the wwwroot folder or a similar static content folder.
Reference the minified versions in your layout file when in production mode.
It is a technique that allows you to maintain the state of an application over time. This means keeping track of data that moves in and out of the application, and making sure it's available when needed.
It is used to store user-specific data as they navigate your website or application.
It is an essential aspect of web application development, especially since HTTP is stateless. There are several ways to maintain state across requests in ASP.NET Core:
There are two main types of state management in ASP.NET Core:
Client-side state management
Stores data on the user's browser, typically using cookies or hidden fields.
Server-side state management
Stores data on the server, typically using session state or application state.
Session State - Server Side
It allows data to persist across multiple requests from the same user during a session.
Cookies - Client side
It is used for managing cookies is commonly used for session management, authentication, and storing small pieces of data on the client side.
TempData - Server side
TempData is a dictionary used to store data that needs to persist between requests but only for a short period (typically until the next request). This is useful for scenarios such as showing success or error messages after a redirect, or passing temporary data between actions.
Hidden fields - Client side
Hidden fields are typically used to store data that should be submitted with a form but shouldn't be visible to the user. They are implemented in HTML using the <input> tag with the type="hidden" attribute.
Query strings - Client side
query strings are used to pass data in the URL. They are typically included after a ? symbol in a URL, with each key-value pair separated by &.
Caching - Server side
Caching is used to improve performance by storing the output of a request so that subsequent requests can be served more quickly.
HttpContext.items - Server side
The parameters saved in HttpContext.Items do not persist across multiple requests. They are discarded after one request is completed and HttpContext.Items begins a new collection when another request comes in.
it is a collection in ASP.NET used to store data that is specific to the current HTTP request. It is a key-value dictionary that is available throughout the lifetime of a request. It is typically used for storing data that needs to be shared across various components during the processing of a request (such as controllers, middlewares, etc.).
Models
ViewBag
ViewData
The @addTagHelper directive is used to register Tag Helpers, which enable server-side code to participate in rendering HTML elements. This directive allows you to specify which Tag Helpers should be available in a Razor view or Razor Pages file.
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
This registers all Tag Helpers from Microsoft.AspNetCore.Mvc.TagHelpers (such as asp-for and asp-action for forms) in all views that import this file.
The _ViewImports.cshtml file is used to import common namespaces, tag helpers, and other settings that are shared across views.
It helps to keep view files cleaner and more maintainable by allowing to define common settings such as namespaces, services, view components, and tag helpers in a single location.
It's typically located in the Views folder and is automatically included in every view within the application. This file helps to avoid repetitive code in each individual view by centralizing imports and configurations.
Tag Helpers enable server-side code to participate in creating and rendering HTML elements in Razor files.It provides a rich IntelliSense environment for creating HTML and Razor markup.Most built-in Tag Helpers target standard HTML elements and provide server-side attributes for the element.If you create a new ASP.NET Core web app named SampleTagHelpers, the following Views/_ViewImports.cshtml file will be added to your project:
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
@addTagHelper *, SampleTagHelpers
We can create a custom tag helper by creating a class which Inheriting from TagHelper and override method Process.
Sample code
First create a class which inherits from TagHelper
public class EmailTagHelper : TagHelper
{
// Property for the email address
public string Address { get; set; }
public string LinkText { get; set; }
public override void Process(TagHelperContext context, TagHelperOutput output)
{
output.TagName = "a"; // Replace <email> with <a>
output.Attributes.SetAttribute("href", $"mailto:{Address}");
output.Content.SetContent(LinkText ?? Address);
}
}
Register the Tag Helper in the View
@addTagHelper *, YourApp
Use the Custom Tag Helper in Razor Views
<email address="sample@sample.com" link-text="Contact Us"></email>
The result will be
<a href="mailto:sample@sample.com">Contact Us</a>
The asp-controller tag helper is used in ASP.NET Core MVC to generate the controller name for an HTML element, typically for links or form actions. It simplifies the creation of URLs dynamically by binding the HTML element to a specific controller in your MVC application
Example
<a asp-controller="Home" asp-action="Index">Home</a>
System.ComponentModel.DataAnnotation
The Area attribute is used to define a feature that allows you to organize your application's controllers and views into different sections, or "areas." This helps in breaking down the application into smaller, modular sections that can each handle different parts of the application, such as the admin panel, user management, or public-facing pages.
Example
[Area("Admin")]
public class DashboardController : Controller
{}
In this example, the DashboardController belongs to the Admin area.
Filters are a powerful feature used to perform logic before or after an action method is executed in the controller. They can be used for cross-cutting concerns such as logging, exception handling, authentication, authorization, caching, and validation.
Filters run within the ASP.NET Core action invocation pipeline, sometimes referred to as the filter pipeline.The filter pipeline runs after ASP.NET Core selects the action to execute Authorization Filters:
Each filter type is executed at a different stage in the filter pipeline:
These filters are executed first in the pipeline and are responsible for determining whether the user is authorized to access the action
A filter can be added to the pipeline at one of three scopes:
Using an attribute on a controller action. Filter attributes cannot be applied to Razor Pages handler
methods.
Using an attribute on a controller or Razor Page.
Globally for all controllers,actions,and Razor Pages as shown in the following code:
Action Filters:
These filters are executed before and after the action method is executed.
These filters are used to modify the action method execution, such as logging, or modifying the response.
Like the other types of filters, the action filter can be added to different
scope levels: Global, Action, and Controller.
OnActionExecuting is called before the action method is called. OnActionExecuted is called after the action method returns.
Result Filters:
These filters run after an action executes but before the result is returned to the client.
Used to modify the result, such as applying a custom response format.
Exception Filters:
These filters handle exceptions thrown by action methods.
Used for centralized exception handling, logging errors, or customizing error responses.
Resource Filters:
it runs after authorization
OnResourceExecuting - before the rest of pipeline executed
OnResourceExecuted - after
These filters are executed before any other filter type, providing the ability to short-circuit the action execution.
Used for caching or other early execution logic.
The following order shows how filter types interact in the filter pipeline
Middleware
Authorization filter
Resource filter
Model Binding
Action filter (before)
Action Execution
Action filter (after)
Result filter
Result Execution
Custom filters can be created to handle cross-cutting concerns.Examples of cross-cutting concerns include error handling,caching,configuration,authorization,and logging. Filters avoid duplicating code.
For example,
an error handling exception filter could consolidate error handling.
A Denial of Service (DoS) attack in an ASP.NET Core application refers to an attempt by a malicious actor to disrupt the normal operation of the web application by overwhelming it with a large volume of traffic or requests, causing performance degradation or making the application unavailable to legitimate users.
The solution is Rate limiting and Throttling
Rate limiting controls the number of requests a client can make within a specific time period, preventing malicious users from overwhelming the server.
You can use middleware or third-party libraries like AspNetCoreRateLimit to implement rate limiting.
Request Throttling: Throttle incoming requests based on certain criteria such as IP address, user agent, or request type. This can help mitigate certain forms of attacks where the attacker targets a specific API endpoint.
Use services like Azure DDoS Protection or Cloudflare to detect and mitigate large-scale DDoS attacks
CAPTCHA:
For certain types of requests (e.g., sign-ups, form submissions), you can implement CAPTCHA challenges to ensure that the request is coming from a human user and not an automated script.
Firewall Configuration: Configure your web server or application firewall to block IP addresses or regions that are known sources of DoS attacks.
Connection Limiting: Limit the number of simultaneous connections that can be made from a single IP address. This helps in reducing the chances of an attack that tries to exhaust your server’s resources.
The cyber attack while uploading a file can be of
denial of service attack
upload viruses
compromise networks and servers
Hence the following steps have to taken while uploading a file to a server
Upload files to a dedicated file upload area, mostly to a non-system drive.
Do not persist uploaded files in the same directory tree as the application structure.
Use a safe file name determined by app. Dont use a file name provided by the user.Also it is better to Html encode the untrusted file name.
Allow only approved file extensions for the files uploaded by the user.
Verify that client-side checks are performed on the server.
Check the size of the uploaded file.
Check the content of the file also by checking first few bytes.
In ASP.NET Core, you can handle file uploads using the IFormFile interface, which allows you to receive files from a client in a web application.
in Model
public class FileUploadModel
{
public IFormFile File { get; set; }
}
In controller,
[HttpPost]
public async Task<IActionResult> UploadFile(IFormFile file)
{
if (file != null && file.Length > 0)
{
// Generate a unique file name to avoid conflicts
var filePath = Path.Combine(Directory.GetCurrentDirectory(), "wwwroot/uploads", file.FileName);
// Ensure the directory exists
Directory.CreateDirectory(Path.GetDirectoryName(filePath));
// Copy the file to the specified location
using (var stream = new FileStream(filePath, FileMode.Create))
{
await file.CopyToAsync(stream);
}
return RedirectToAction("FileUploadSuccess");
}
return View();
}
public IActionResult FileUploadSuccess()
{
return View();
}
}
Create the Upload Form (View): In the Views/FileUpload/UploadFile.cshtml, create a form for the user to upload a file.
html
@using (Html.BeginForm("UploadFile", "FileUpload", FormMethod.Post, new { enctype = "multipart/form-data" }))
{
<input type="file" name="file" />
<button type="submit">Upload</button>
}
You can use the FileSystemWatcher class to monitor changes to files and directories. This class is part of the System.IO namespace and is commonly used to watch for events like file changes, additions, deletions, and renaming.
REST (Representational State Transfer) is an architectural style used for designing networked applications. When applied to web APIs, REST principles ensure that the system is scalable, stateless, and efficient.
The core principles of RESTful APIs are:
Statelessness
Every request from a client to a server must contain all the information the server needs to fulfill the request.
Client-Server Architecture
REST follows a client-server model where the client and server are separate entities, and communication happens over standard HTTP methods.
Uniform Interface
A uniform interface simplifies the architecture by ensuring that each resource is accessible and identifiable in a standardized way.
Resource-Based
Resources (such as data objects) are the central abstraction. Each resource is identified by a unique URL and can be interacted with via HTTP methods.
Representation
A resource can have multiple representations. For example, a user resource might have a JSON or XML representation, depending on what the client requests.
Stateless Communication
Each request from the client to the server must be independent; meaning no session state is stored by the server between requests. This improves scalability and simplifies the design.
Cacheability
Responses from the server must explicitly define whether they can be cached. If the data is cacheable, then the client can store the response to reduce the need for repeated requests for the same data.
Layered System
The architecture can be composed of multiple layers, such as load balancers, API gateways, or caching layers, which can work independently of one another.
No. Because The [ApiController] attribute makes model validation errors automatically trigger an HTTP 400 response
Binding refers to the process of mapping incoming HTTP request data (such as form data, query strings, headers, or route data) to action method parameters. This allows the framework to automatically populate parameters in your controller actions from the incoming HTTP request.
1. [FromQuery]
This binds data from the query string in the URL (e.g., /api/products?id=1)
2. [FromRoute]
This binds data from the URL path (e.g., /api/products/1).
3. [FromBody]
This binds data from the body of the HTTP request (e.g., for POST requests with JSON payloads).
4. [FromForm]
This binds data from form data (e.g., submitted via multipart/form-data or application/x-www-form-urlencoded).
5. [FromHeader]
his binds data from the headers of the HTTP request.
6. [FromServices]
This binds data from the dependency injection container
7. [FromQuery], [FromRoute], [FromBody] (combined)
You can use multiple binding sources on the same method.
[HttpPost("api/products/{id}")]
public IActionResult UpdateProduct([FromRoute] int id, [FromBody] Product product)
1. GET
Used to retrieve data from the server (i.e., read data).
2. POST
Used to submit data to the server (i.e., create a new resource).
3. PUT
Used to update a resource entirely (i.e., replace the existing resource).
4. PATCH
Used to apply partial updates to a resource.
5. DELETE
Used to delete a resource.
6. HEAD
Similar to GET but only retrieves headers, not the body. It’s often used to check for the existence of a resource or the status.
7. OPTIONS
Used to describe the communication options for the target resource. It's often used to check the methods supported by a resource.
The CreateAtAction method is part of the ControllerBase class and is used to generate a response that contains a 201 Created HTTP status code. It is typically used in RESTful APIs to indicate that a new resource has been created. The method is useful when the client needs to know the location of the newly created resource.
Swagger is a tool that allows you to document and test APIs. In an ASP.NET Core application, Swagger is commonly used for generating interactive API documentation that helps both developers and consumers of the API to understand and interact with the API endpoints.
In ASP.NET Core Web API, custom formatters allow you to control how data is serialized and deserialized in different formats (like JSON, XML, or even custom formats). A formatter is responsible for converting data between the HTTP request/response and your C# models.
We can make the custom formatter by using the following method:
• Create an output formatter class that inherits the
TextOutputFormatter class.
• Create an input formatter class that inherits the
TextInputformatter class
Types of Custom Formatters
Input Formatters: These are responsible for deserializing incoming data from the request body into a C# object.
Output Formatters: These are responsible for serializing C# objects into the response body.
Use a custom formatter when you want the content negotiation process to support a content type that isn't supported by the built-in formatter
200 OK: Successful GET, PUT, or PATCH request.
201 Created: Successful POST request.
204 No Content: Successful DELETE request.
400 Bad Request: Validation error or invalid request.
404 Not Found: Resource not found.
401 Unauthorized: The client must authenticate to access the resource.
403 Forbidden: The client does not have permission to access the resource.
409 Conflict: The request could not be processed due to a conflict (e.g., resource already exists).
500 Internal Server Error: Server-side error.
SignalR is a real-time communication framework that enables server-side code to send asynchronous notifications to client-side web applications. This is commonly used for scenarios such as live chats, real-time updates (like notifications or stock prices), and collaborative applications. SignalR allows bi-directional communication between server and client, which is perfect for real-time web applications.
SignalR supports the following techniques for handling real-time communication (in order of graceful
fallback):
WebSockets
Server-Sent Events
Long Polling
SignalR automatically chooses the best transport method that is within the capabilities of the server and client.
SignalR uses hubs to communicate between clients and servers.
A hub is a high-level pipeline that allows a client and server to call methods on each other.SignalR handles the dispatching across machine boundaries automatically,allowing clients to call methods on the server and vice versa. You can pass strongly-typed parameters to methods, which enables model binding.
Integration tests are used to verify that different parts of your application work together as expected. These tests often interact with real or in-memory databases, services, or APIs and typically run in an environment that closely mirrors production. The goal is to validate the interaction between components like controllers, middleware, services, and the database.
In ASP.NET Core, logging is built-in and can be configured easily. It allows you to log messages from your application to various outputs such as the console, files, or third-party services. It is used for tracking the application's behavior, performance, and debugging purposes.
The default logging framework in ASP.NET Core is based on Microsoft.Extensions.Logging.
Steps involved:
Configure Logging in Program.cs
using Microsoft.Extensions.Logging;
var builder = WebApplication.CreateBuilder(args);
// Add logging
builder.Logging.ClearProviders(); // Optional: Remove default providers
builder.Logging.AddConsole(); // Add Console logger
builder.Logging.AddDebug(); // Add Debug logger
var app = builder.Build();
Inject the ILogger<T> interface into your classes, such as controllers or services.
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
[ApiController]
[Route("[controller]")]
public class StudentInfoController: ControllerBase
{
private readonly ILogger<WeatherForecastController> _logger;
public StudentInfoController(ILogger<StudentInfoController> logger)
{
_logger = logger;
}
[HttpGet]
public IEnumerable<string> Get()
{
_logger.LogInformation("Fetching student info");
_logger.LogWarning("This is a sample warning message");
_logger.LogError("Sample error occurred");
return new[] { "Country", "City", "District" };
}
}
You can Configure Logging in appsettings.json.
Different logging levels are :-
Trace: Very detailed logs, typically for development.
Debug: Used for debugging information.
Information: Regular information about application flow.
Warning: Warnings about potential issues.
Error: Indicates errors that affect the application's functionality.
Critical: Critical errors that cause the application to stop.
To log to a file, you need to add a third-party package like Serilog or NLog because ASP.NET Core doesn't include file logging by default.
Steps for implementation
Install packages
Serilog.AspNetCore
Serilog.Sinks.File
In program.cs file,
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Hosting;
using Serilog;
public class Program
{
public static void Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
//builder.Services.AddControllers();
builder.Services.AddControllersWithViews();
builder.Services.AddScoped<CustomLogFilter>();
Log.Logger = new LoggerConfiguration()
.WriteTo.File(new JsonFormatter(), @"logslog-.txt", rollingInterval: RollingInterval.Hour)
.MinimumLevel.Error()
.WriteTo.Console(new JsonFormatter())
.CreateLogger();
builder.Host.UseSerilog(Log.Logger);
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
//app.UseAuthorization();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();
}
}
Now you can see a text file created in logs folder.
ASP.NET Core comes with several built-in logging providers, such as:
Console
Debug
EventSource
EventLog (Windows only)
TraceSource
Azure app service file
Application Insights
A web server has a limited number of threads available,and in high load situations all of the available threads might be in use. When that happens, the server can't process new requests until the threads are freed up.
With synchronous code, many threads may be tied up while they aren't actually doing any work because they're waiting for I/O to complete.
With asynchronous code, when a process is waiting for I/O to complete, its thread is freed up for the server to use for processing other requests. As a result,asynchronous code enables server resources to be used more efficiently,and the server can handle more traffic without delays.
Using asynchronous programming with async and await enables the application to handle more requests by freeing up the threads while waiting for I/O-bound operations to complete, such as database or API calls.
In asynchronous programming, we have three return types:
• Task<TResult>, for an async method that returns a value.
• Task, for an async method that does not return a value.
• void, which we can use for an event handler.
Using async methods for I/O-bound tasks (e.g., database queries, file access, HTTP requests) helps to avoid blocking threads, which is essential in high-traffic web applications.
Example
public async Task<IActionResult> GetDataAsync()
{
var data = await _dataService.GetDataAsync();
return Ok(data);
}
The use of async methods (above) prevents blocking threads and reduces thread pool exhaustion, which is especially important in high-throughput scenarios.
A concurrency conflict occurs when one user displays an entity's data in order to edit it,and then another user updates the same entity's data before the first user's change is written to the database. If you don't enable the detection of such conflicts, whoever updates the database last overwrites the other user's changes. In many applications, this risk is acceptable: if there are few users, or few updates, or if isn't really critical if some changes are overwritten, the cost of programming for concurrency might outweigh the benefit. In that case,you don't have to configure the application to handle concurrency conflicts.
Pessimistic concurrency (locking)
If your application does need to prevent accidental data loss in concurrency scenarios, one way to do that is to use database locks.This is called pessimistic concurrency. For example, before you read a row from a database, you request a lock for read-only or for update access. If you lock a row for update access, no other users are allowed to lock the row either for read-only or update access, because they would get a copy of data that's in the process of being changed. If you lock a row for read-only access, others can also lock it for read-only access but not for update.
Optimistic Concurrency
The alternative to pessimistic concurrency is optimistic concurrency. Optimistic concurrency means allowing concurrency conflicts to happen,and then reacting appropriately if they do.
Concurrency in Entity Framework Core (EF Core) is about handling situations where multiple users or processes attempt to update the same data in a database simultaneously. EF Core provides several mechanisms to help developers manage and resolve concurrency conflicts gracefully.
Concurrency Tokens
EF Core uses concurrency tokens to detect when a concurrency conflict occurs. A concurrency token is a property in an entity that EF Core monitors to see if it’s changed by another user/process since the data was last read. If EF Core detects a change to this token when updating data, it throws a DbUpdateConcurrencyException.
Timestamp / RowVersion: The most common type of concurrency token is a Timestamp (also known as RowVersion). EF Core uses this timestamp to detect changes to a row in the database. Typically, a byte[] array or DateTime is used for this purpose.
Manual Concurrency Tokens: Any property in your model can be used as a concurrency token by marking it with the [ConcurrencyCheck] attribute or by configuring it via the Fluent API in your DbContext.
The ASP.NET Core Module is a native IIS module that plugs into the IIS pipeline to either:
Host an ASP.NET Core app inside of the IIS worker process ( w3wp.exe ),called the in-process hosting model.
Or
Forward web requests to a backend ASP.NET Core app running the Kestrel server,called the out-of-process hosting model.
ASP.NET Core apps default to the in-process hosting model
In ASP.NET Core, hosting a service or application can be done either "in-process" or "out-of-process." Each model offers specific benefits, depending on factors like performance, isolation, and control
In-Process Hosting Model
The ASP.NET Core app runs in the same process as the web server (IIS in the case of Windows).
Faster startup time and lower latency since it avoids inter-process communication between IIS and the ASP.NET Core application.
This model is Ideal for scenarios where performance is crucial and the app will be hosted on IIS in a Windows environment.
2. Out-of-Process Hosting Model
The ASP.NET Core app runs in a separate process from the IIS server. The web server acts as a reverse proxy, forwarding requests to the ASP.NET Core app running on Kestrel.
This model is Slightly slower than in-process due to the need for inter-process communication between IIS and Kestrel. However, it allows more isolation between the server and app, which can improve security and reliability.
This model is recommended for cross-platform applications or when you need more isolation between IIS and your application.
Choosing between In-process and Out-of-process hosting models in ASP.NET Core MVC depends on your application’s deployment needs and performance requirements.
Performance Needs: For maximum performance on IIS, in-process is preferred.
Platform Requirements: For cross-platform apps, out-of-process with Kestrel is necessary.
Isolation Requirements: If you need isolation between the web server and the application, go with out-of-process.
To host an ASP.NET Core application, you have several options depending on your requirements and the scale of your application.
The .NET Core Hosting bundle is an installer for the .NET Core Runtime and the ASP.NET Core Module. The bundle allows ASP.NET Core apps to run with IIS.
you can host on windows server. In that case,
Install the .NET Core Hosting Bundle on the server, which includes the .NET Core runtime, libraries, and the ASP.NET Core IIS Module to run ASP.NET Core apps.
Configure your application in IIS and ensure it's using the correct application pool and settings for ASP.NET Core.
After the Hosting Bundle is installed, a manual IIS restart may be required.
http.sys is a Windows-only web server that provides an alternative to Kestrel, the cross-platform web server that's generally used in ASP.NET Core applications. http.sys is useful if you need Windows-specific features, such as Windows Authentication or support for certain Windows-based hosting features.
http.sys is particularly useful in scenarios where:
If there is a need to expose the server directly to the internet without using IIS.
Windows Authentication is required, and there’s no reverse proxy in place.
Port sharing or advanced connection control is necessary.
You want kernel-mode request queuing, allowing efficient processing of incoming requests and better handling of DoS (Denial of Service) attacks.
You need direct access to the Windows kernel, which enables lower-level configuration options.
A web farm in the context of ASP.NET Core refers to a setup where multiple web servers are hosting the same ASP.NET Core application, working together to distribute the load, handle increased traffic, and ensure high availability
Web farms improve:-
Reliability/availability
Capacity/performance
Scalability
Maintainability
Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. In ASP.NET Core, preventing XSS attacks is crucial because they can lead to data theft, unauthorized actions, and session hijacking.
In order to prevent xss attack,
1. Use Razor Tag Helpers and Encoded Output
The Razor engine in ASP.NET Core automatically encodes output to prevent XSS attacks.
Avoid manually outputting HTML content without encoding it, and use Html.Encode where necessary:
for example,
@Html.Encode(Model.UserName)
2. Avoid Html.Raw() with User Input
3.Use Content Security Policy (CSP)
4. Use AntiXss Libraries
5. Validate Input Properly
Use HTTP-Only Cookies for Authentication
Use AntiForgery Tokens in Forms
SQL injection is a common web security vulnerability that can allow attackers to execute malicious SQL statements in a database. In ASP.NET Core, SQL injection can occur if user inputs are directly used to construct SQL queries without proper validation and escaping.
The different solutins are
Use Parameterized Queries
Use ORM (Object-Relational Mapping)
Using an ORM like Entity Framework Core for CRUD operations is generally safer because it automatically parameterizes queries.
Validate User Input
Always validate user input to ensure it meets expected patterns and lengths. For example, if username should only contain alphanumeric characters, use regular expressions to enforce this.
Use Stored Procedures with Parameters
Avoid Dynamic SQL Construction
Cross-Site Request Forgery (CSRF) is a type of attack that tricks authenticated users into unknowingly performing actions on a web application they are logged into. In ASP.NET Core, CSRF protection is essential for secure web applications, particularly for forms or APIs that perform data-changing actions (like POST, PUT, or DELETE requests).
The different solutions are
Antiforgery Middleware:
Adding Antiforgery Token Validation
Configuring Antiforgery in Startup.cs:
Including Antiforgery Tokens in Forms:
Using Antiforgery Tokens in AJAX Requests:
You might have scenarios where you need to disable CSRF protection, such as for public endpoints.
Use the [IgnoreAntiforgeryToken] attribute to disable CSRF for specific actions:
[IgnoreAntiforgeryToken]
public IActionResult PublicEndpoint()
{
// No CSRF validation
}
Open redirect attacks in ASP.NET Core occur when an application allows an attacker to redirect a user to a malicious URL, potentially leading to phishing attacks or exposing sensitive data. These attacks often happen when the application accepts untrusted input (such as URL parameters) without proper validation or sanitization, and then redirects the user to that input.
Whitelist Redirection URLs: Only allow redirects to trusted domains.
For example, check if the redirect URL starts with a safe domain.
Use Relative URLs: Avoid accepting full URLs from user input. Instead, handle relative paths for redirection.
Validate the URL Format: Ensure the URL is well-formed and belongs to a trusted source.
Use Url.IsLocalUrl(): For local redirection, use the built-in method to check if the URL is local to the application.
Avoid Redirects in Sensitive Areas: Limit the use of redirects for login, authentication, and other sensitive operations. Always ensure these redirects are to trusted paths.
IAuthenticationService is an interface that provides the necessary methods for handling authentication operations. It is part of the authentication framework in ASP.NET Core and is typically used to authenticate users based on various schemes (such as cookies, JWT, etc.).
It is a Razor Class Library. ASP.NET Core Identity is a system for managing user authentication and authorization in web applications built with ASP.NET Core. It provides features such as user registration, login, password recovery, roles, claims, two-factor authentication, and more. It is designed to integrate seamlessly into ASP.NET Core applications and is highly customizable, allowing developers to extend and tailor it to their needs.
Key Features of ASP.NET Core Identity:
User Management: It handles user registration, login, password reset, email confirmation, and more.
Role-Based Authorization: Supports role-based access control (RBAC), allowing you to restrict access to different parts of your application based on roles.
Claims-Based Authorization: You can associate user-specific claims to manage permissions and access.
Two-Factor Authentication (2FA): Provides built-in support for two-factor authentication using email, SMS, or authenticator apps.
External Login Providers: Supports external authentication providers, like Google, Facebook, Twitter, or Microsoft.
Customizable: You can extend the default models for users, roles, and other Identity entities to suit your needs.
Data Protection: Ensures that passwords and sensitive data are stored securely, often using hashing techniques like PBKDF2.
Core Components:
UserManager: Manages users, such as creating, updating, and deleting them.
SignInManager: Manages user sign-ins, such as login, logout, and cookie-based authentication.
RoleManager: Manages roles and role-based access control.
IdentityDbContext: Represents the database context for storing users, roles, and other related information.
Setting Up ASP.NET Core Identity:
To integrate Identity into an ASP.NET Core application, follow these steps:
Add NuGet Packages:
Microsoft.AspNetCore.Identity.EntityFrameworkCore
Microsoft.EntityFrameworkCore.SqlServer (or another provider depending on your database choice)
Microsoft.EntityFrameworkCore.Tools (for database migrations)
Configure Identity in Startup: In Startup.cs (or Program.cs in .NET 6+), you need to configure the Identity services and set up the authentication middleware.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication()
.AddCookie(options =>
{
options.LoginPath = "/Account/Login";
options.LogoutPath = "/Account/Logout";
});
services.AddAuthorization(options =>
{
options.AddPolicy("AdminPolicy", policy => policy.RequireRole("Admin"));
});
services.AddControllersWithViews();
}
Create the User and Role Models: You can extend the default IdentityUser class to include additional properties (e.g., FirstName, LastName, etc.).
public class ApplicationUser : IdentityUser
{
public string FirstName { get; set; }
public string LastName { get; set; }
}
Database Setup: Use Entity Framework migrations to create the necessary database schema for Identity.
dotnet ef migrations add CreateIdentitySchema
dotnet ef database update
Managing Users and Roles: Use UserManager, SignInManager, and RoleManager to interact with users and roles in your application, such as creating users, logging in, and assigning roles.
Views for Authentication: Use built-in Razor Pages or custom controllers to handle user authentication, registration, and account management.
Example of a login view (Login.cshtml):
<form method="post">
<div>
<label for="Input_Email">Email</label>
<input type="email" name="Input.Email" id="Input_Email" required />
</div>
<div>
<label for="Input_Password">Password</label>
<input type="password" name="Input.Password" id="Input_Password" required />
</div>
<button type="submit">Login</button>
</form>
Authorization: Use attributes like [Authorize] to restrict access to controllers or actions based on user roles or claims.
[Authorize(Roles = "Admin")]
public class AdminController : Controller
{
public IActionResult Index() => View();
}
Customizing ASP.NET Core Identity:
You can customize user login logic, add additional fields to user profiles, or replace the entire authentication system.
You can also implement custom stores to change how user data is saved or modify how claims are generated.
ASP.NET Core Identity provides a flexible and powerful way to handle authentication and authorization in modern web applications.
Facebook authentication
Microsoft authentication
Twitter authentication
Authentication is a process of verifying the identity of a user or system. It allows you to identify the user, while authorization controls access to resources based on that identity. Authentication in ASP.NET Core can be implemented in several ways, depending on the application requirements.
There are multiple types of authentication in ASP.NET Core MVC
Cookie authentication - A common type of authentication that uses user credentials stored in a database.
Passport authentication - A centralized authentication service provided by Microsoft that uses Microsoft forms
Windows authentication - A mechanism that uses user Windows credentials to authenticate users, typically used in intranet scenarios
JWT bearer authentication: - It allows secure communication between clients and APIs.
External authentication providers: - Using OAuth and OpenID Connect
Authorization in ASP.NET Core is the process of determining whether a user has permission to perform a certain action or access a resource. ASP.NET Core provides a flexible and powerful authorization system that can be used to control access to web pages, APIs, and other resources in your application. Authorization is typically handled through policies, roles, and claims.
You can use the [Authorize] attribute to specify which users can access certain parts of your application.
Global Authorization: Apply to the entire controller:
[Authorize]
public class HomeController : Controller
Role-Based Authorization: Only users with a specific role can access an action:
[Authorize(Roles = "Admin")]
Policy-Based Authorization: Use a policy you’ve defined in Startup.cs:
[Authorize(Policy = "AdminOnly")]
Claims-based authorization: Enforces policies on controllers, and identities must meet the policy requirements to access a resource.
Custom Authorization
Custom authorization in ASP.NET Core involves creating your own logic to determine whether a user can access specific resources.
You can implement a custom authorization filter by implementing the IAuthorizationFilter interface. This gives you full control over the authorization logic.
public class CustomAuthorizationFilter : IAuthorizationFilter
{
public void OnAuthorization(AuthorizationFilterContext context)
{
Here you can write your logic for checking inside onauthorization method
Register the above Filter inside startup.cs file
AuthorizationFilterContext.Items is a property in the ASP.NET Core framework, specifically within the Microsoft.AspNetCore.Mvc.Filters namespace. It provides a dictionary (IDictionary<object, object>) that allows you to store and retrieve data within the context of an authorization filter. This can be useful for passing data between different components of the request pipeline.
You can use Items to:
Store custom data during the execution of an authorization filter.
Retrieve the stored data later in other filters, middleware, or controllers during the same request.
A RequestDelegate is a delegate type defined in the ASP.NET Core framework, specifically in the Microsoft.AspNetCore.Http namespace. It represents a function that can process an HTTP request. Middleware components in ASP.NET Core use RequestDelegate to handle requests in the HTTP pipeline.
You can access HTTP request headers using the HttpContext object, particularly within ASP.NET Core or ASP.NET MVC applications.
If you are in a controller or middleware, you can access request headers via HttpContext.Request.Headers:
var headers = HttpContext.Request.Headers; // to get all headers.
To get a particular value from header, you can use
var token = context.Request.Headers["Authorization"].toString();
You can create more complex authorization rules by defining custom authorization policies. A policy can include multiple requirements that must be satisfied for the user to access a resource.
for example
public class CustomRequirement : IAuthorizationRequirement
{
public string Role { get; }
public CustomRequirement(string role)
{
Role = role;
}
}
And create a handler class to implment above requiredment
public class CustomRequirementHandler : AuthorizationHandler<CustomRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomRequirement requirement)
{
if (context.User.IsInRole(requirement.Role))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
And register inside Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(options =>
{
options.AddPolicy("AdminPolicy", policy =>
policy.Requirements.Add(new CustomRequirement("Admin")));
});
services.AddSingleton<IAuthorizationHandler, CustomRequirementHandler>();
}
Applying Policy:
[Authorize(Policy = "AdminPolicy")]
public IActionResult AdminPage()
{
return View();
}
Policy-based authorization allows you to create more complex and fine-grained access control than role-based or claim-based authorization. Policies are a way of grouping requirements and making decisions based on those groups, such as user claims, custom logic, or data.
Steps involved .
Define a Requirement
public class MinimumAgeRequirement : IAuthorizationRequirement
Create an Authorization Handler
public class MinimumAgeHandler : AuthorizationHandler<MinimumAgeRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MinimumAgeRequirement requirement)
Register Services
Apply Policy in Controllers
Claim-based authorization is a way to manage access to resources based on the claims provided by the identity of a user. Claims are key-value pairs associated with a user's identity, and they can be used to enforce authorization policies. Claims can represent various attributes about a user, such as roles, permissions, or other custom data.
Steps for Implementing Claim-Based Authorization in ASP.NET Core
Add Claims to User Identity
Create Authorization Policies Based on Claims in configureservice method
Use Claims-Based Authorization in Controllers
Accessing Claims in Code
Resource-based authorization in ASP.NET Core allows you to control access to resources based on specific attributes of those resources. It’s useful in scenarios where you need to grant access to resources depending on the user's role, ownership of the resource, or any other criteria specific to the resource.
ASP.NET Core provides flexible authorization mechanisms, including Role-based, Policy-based, and Resource-based authorization. Resource-based authorization is particularly useful when an action depends on the entity being acted upon (e.g., a user trying to edit a particular article).
The steps involved are
Define the Authorization Requirement:
public class ResourceOwnerRequirement : IAuthorizationRequirement
Create an Authorization Handler:
public class ResourceOwnerHandler : AuthorizationHandler<ResourceOwnerRequirement>
Register the Requirement and Handler:
Apply Authorization to Controllers or Actions:
Enforce the Authorization in the Controller Action
Fine-Grained Control: You have precise control over which resources a user can access or modify.
Dynamic Access: Authorization logic can be dynamic and based on various factors (e.g., resource owner, specific attributes of the resource).
Security: Ensures that users can only interact with resources they are authorized to manage, helping to prevent unauthorized access or modifications.
A view-based authorization allows you to control the visibility of certain parts of your views based on user roles, claims, or policies. It's typically used to hide or display content based on the user's identity or access level.
Different methods for implemenation
1. Using AuthorizeView Component (Razor Pages)
ASP.NET Core provides the AuthorizeView component for use in Razor views. This component allows you to conditionally render different parts of a page depending on the user’s authorization.
@using Microsoft.AspNetCore.Authorization
@inject IAuthorizationService AuthorizationService
@{
var authorized = await AuthorizationService.AuthorizeAsync(User, null, "AdminPolicy");
}
<AuthorizeView>
<Authorized>
<h2>Welcome, Admin!</h2>
</Authorized>
<NotAuthorized>
<h2>You do not have permission to view this content.</h2>
</NotAuthorized>
</AuthorizeView>
2. Using User.IsInRole or User.HasClaim for Role-Based and Claim-Based Authorization
In Razor views, you can also use the User.IsInRole or User.HasClaim methods to check the user's roles or claims and conditionally render content based on this.
@if (User.IsInRole("Admin"))
{
<h2>Admin Panel</h2>
<!-- Admin-specific content here -->
}
else
{
<h2>Access Denied</h2>
}
In ASP.NET Core, the Data Protection API provides methods for protecting (encrypting) and unprotecting (decrypting) data. The Protect method is used to securely encrypt data so that it can only be decrypted by authorized parties within the same application. Here's a guide on how to use the Protect method:
steps involved :
Configure the Data Protection API
services.AddDataProtection(); (startup.cs)
Inject IDataProtector
To use Protect, inject IDataProtectionProvider where you need it (such as in a controller or a service), then create an IDataProtector instance.
using Microsoft.AspNetCore.DataProtection;
public class HomeController : Controller
{
private readonly IDataProtector _protector;
public HomeController(IDataProtectionProvider provider)
{
// Create a protector with a unique purpose string
_protector = provider.CreateProtector("SamplePurpose");
}
public IActionResult Index()
{
// Data to be protected
string sensitiveData = "MySecretData";
// Encrypt the data
string protectedData = _protector.Protect(sensitiveData);
// To decrypt, you can use _protector.Unprotect(protectedData)
ViewBag.ProtectedData = protectedData;
return View();
}
}
Using Protect and Unprotect
Use Protect to securely encrypt data and Unprotect to decrypt it when needed:
string protectedData = _protector.Protect("MySensitiveData");
string unprotectedData = _protector.Unprotect(protectedData);
UseHttpsRedirection is a middleware component that automatically redirects HTTP requests to HTTPS. This is particularly useful for enforcing HTTPS across your application, adding security by ensuring that all traffic is encrypted. Here’s how to configure it in an ASP.NET Core project:
In program.cs
app.UseHttpsRedirection();
By adding UseHttpsRedirection middleware you instruct your webapp to redirect all calls to HTTP endpoints to their HTTPS counterparts.
What is hsts ?
HSTS (HTTP Strict Transport Security) is a method by which your application server can force clients to use a secure connection when sending requests. The browser prevents the user from using untrusted or invalid certificates.It is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks by forcing web browsers to access the website over HTTPS only.
To enable HTTP Strict Transport Security (HSTS) in an ASP.NET application, you can configure it in several ways, depending on whether you're using ASP.NET Core or ASP.NET Framework.
One common way to implement
in program.cs,
app.UseHsts();
After configuring HTTPS redirection you can enable HSTS in Asp.Net Core to force web browsers to access the website over HTTPS only.
Cross-Origin Resource Sharing (CORS) in ASP.NET Core allows your application to handle requests made from other origins, which is essential for frontend applications or APIs accessed by different domains.
Steps involved
Install CORS Middleware
Define the CORS Policy
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowSpecificOrigins",
builder =>
{
builder.WithOrigins("https://example.com", "https://another-example.com") // Add allowed origins
.AllowAnyHeader()
.AllowAnyMethod();
});
});
services.AddControllers(); // or services.AddMvc(); depending on your setup
}
Apply the CORS Policy
app.UseCors("AllowSpecificOrigins"); // Enable the policy globally
Applying CORS to Specific Controllers or Actions
[EnableCors("AllowSpecificOrigins")]
[ApiController]
[Route("[controller]")]
public class MyController : ControllerBase
{
[HttpGet]
public IActionResult Get()
{
return Ok("CORS is configured for this endpoint.");
}
}
Response caching reduces the number of requests a client or proxy makes to a web server. Response caching also reduces the amount of work the web server performs to generate a response.
The primary HTTP header used for caching is Cache-Control, which is used to specify cache directives.The directives control caching behavior as requests maketheir way from clients to servers and as responses maket heir way from servers back to clients.
Common Cache-Control directives are
public A cache may store the response.
private - A private cache may store and reuse the response.
max-age - The client doesn't accept a response whose age is greater
than the specified number of seconds
no-cache - A cache must not use a stored response to satisfy the request.
no-store - A cache must not store the request
age - An estimate of the amount of time in seconds since the response was generated or successfully validated at the origin server
expires - The time after which the response is considered stale
pragma - Exists for backwards compatibility
vary - Specifies that a cached response must not be sent unless all of the Vary header fields match in both the cached response's original request and the new request.
Asp.Net core also uses caching technologies used in asp.net are
In-memory caching - In-memory caching uses server memory to store cached data.
Distributed cache - It is used to store data in memory when the application is hosted in a cloud or server farm.
Cache Tag Helper - Cache the content from an MVC view or Razor Page with the CacheTag Helper.The CacheTag Helper uses in_memory caching to store data.
Distributed Tag Helper - Cachethecontent from an MVC view or Razor Page in distributed cloud or web farm scenarios with the Distributed CacheTag Helper.
Response Caching Middleware is used to cache HTTP responses to improve performance and reduce server load. It works by storing a copy of the response data in memory and serving it to subsequent requests that meet the caching criteria, eliminating the need to regenerate the response every time.
Cache control specifies how the response can be cached
Main Response Caching Headers are like below,
Cache-Control
Pragma
Vary
Cache-Control Header
The Cache-Control header is the main header type for response caching.
The Pragma header can control cache performance.
An object pool can be used to manage a collection of reusable objects that are expensive to create and destroy. Object pooling improves performance by reusing objects rather than creating and destroying them repeatedly. ASP.NET Core provides an ObjectPool class to handle this efficiently. This class is part of the Microsoft.Extensions.ObjectPool namespace.
The best scenarios suitable for Object pooling are as follows:-
Database connections
Thread management
Memory-heavy objects
High-concurrency
Response compression helps reduce the size of HTTP responses, which can improve load times and reduce bandwidth usage. This is typically achieved by compressing responses using algorithms like Gzip or Brotli.
Steps involved
Install the Package Microsoft.AspNetCore.ResponseCompression package
Configure Middleware
using Microsoft.AspNetCore.ResponseCompression;
using System.IO.Compression;
public void ConfigureServices(IServiceCollection services)
{
services.AddResponseCompression(options =>
{
options.Providers.Add<GzipCompressionProvider>();
options.Providers.Add<BrotliCompressionProvider>(); // Optional
options.EnableForHttps = true; // Enable for HTTPS responses if desired
options.MimeTypes = new[] // Compress specific MIME types
{
"text/plain",
"text/css",
"application/javascript",
"text/html",
"application/json",
"application/xml"
};
});
// Optional: Configure compression level
services.Configure<GzipCompressionProviderOptions>(options =>
{
options.Level = CompressionLevel.Fastest; // Choose level: Optimal, Fastest, or NoCompression
});
services.Configure<BrotliCompressionProviderOptions>(options =>
{
options.Level = CompressionLevel.Fastest;
});
}
Use Response Compression Middleware:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseResponseCompression(); // Enable compression
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
Test Compression
Run your application.
Inspect the HTTP response headers to verify compression. Compressed responses will include headers like Content-Encoding: gzip or Content-Encoding: br.
There are multiple ways to Read the Request Body in a Web API Controller
1. Using Model Binding
public IActionResult Create([FromBody] MyModel model)
2.Manually Reading the Request Body
[HttpPost]
public async Task<IActionResult> Create()
{
using (var reader = new StreamReader(Request.Body))
{
var body = await reader.ReadToEndAsync();
// Now `body` contains the raw request body as a string
}
return Ok();
}
3.Using Middleware to Read the Request Body
You can create a custom middleware for this purpose.
public class RequestLoggingMiddleware
{
private readonly RequestDelegate _next;
public RequestLoggingMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
// Enable buffering so we can read the request body
context.Request.EnableBuffering();
using (var reader = new StreamReader(context.Request.Body, Encoding.UTF8, leaveOpen: true))
{
var body = await reader.ReadToEndAsync();
// Log the request body or do something with it
Console.WriteLine(body);
}
// Reset the position to the beginning of the stream for the next middleware
context.Request.Body.Position = 0;
await _next(context);
}
}
Then, register the middleware in Startup.cs:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseMiddleware<RequestLoggingMiddleware>();
// Other middleware and routing
}
4. Reading Form Data (For Multipart Requests)
Here you can use Request.Form
[HttpPost]
public async Task<IActionResult> UploadFile()
{
var file = Request.Form.Files[0]; // Accessing the first file in the form
var fileName = file.FileName;
var filePath = Path.Combine(Directory.GetCurrentDirectory(), "uploads", fileName);
using (var stream = new FileStream(filePath, FileMode.Create))
{
await file.CopyToAsync(stream);
}
return Ok();
}
In ASP.NET Core, you can use streaming and piping to efficiently handle large files or data streams without loading everything into memory at once. This is especially useful when dealing with large uploads or downloads, or when processing real-time data.
Streaming for File Download
If you want to send a large file to the client without loading it entirely into memory, you can use the FileStreamResult in ASP.NET Core
Streaming for File Upload
For file uploads, you can use the Request.Body property to access the incoming data stream. This allows you to process large files as they are being uploaded, without having to store them in memory.
Piping with Streams
You can also use piping to forward data from one stream to another. For example, you might need to read from one stream and pipe it into another stream, such as when processing a file while uploading it, or when redirecting data from a source to a destination.
Pipelines are recommended over streams.Streams can be easier to use for some simple operations, but pipelines have a performance advantage and are easier to use in most scenarios
URL rewriting is a process of modifying current request URL and pointing it to some other URL to complete the request
In ASP.NET Core, URL rewriting can be done using the Microsoft.AspNetCore.Rewrite package, which allows you to manage URL patterns and redirects or modify them as needed. You can rewrite URLs either on the server-side (in the backend) or through middleware.
Steps involved :
Install the Microsoft.AspNetCore.Rewrite package
Configure URL Rewriting in Startup
A URL redirect involves a client-side operation, where the client is instructed to access a resource at a different address than the client originally requested.This requires a round trip to the server.The redirect URL returned to the client appears in the browser's address bar when the client makes a new request for the resource.
Redirect in a Controller Action
return RedirectToAction("Index", "Home");
Redirect Permanently (301 Redirect)
return RedirectPermanent("https://www.example.com");
Conditional Redirects in Middleware
You can also handle redirects globally using middleware, particularly for custom routing logic or conditions based on headers, cookies, etc. For example, to redirect to a new URL if the user is not authenticated:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.Use(async (context, next) =>
{
if (!context.User.Identity.IsAuthenticated)
{
context.Response.Redirect("/Account/Login");
return;
}
await next();
});
}
Redirect with Query Parameters
public IActionResult RedirectWithParams()
{
return Redirect("https://www.example.com?param1=value1¶m2=value2");
}
Redirect Using HttpContext
public IActionResult RedirectWithHttpContext()
{
HttpContext.Response.Redirect("https://www.example.com");
return new EmptyResult();
}
HttpContext represents the HTTP request and response, and it contains important information related to the current HTTP request, such as headers, query strings, request body, and response details. It is central to handling HTTP requests in ASP.NET Core applications.
properties of httpcontext
Request: Contains information about the current HTTP request, such as URL, method (GET, POST, etc.), headers, cookies, form data, and more. It is an instance of HttpRequest.
Response: Represents the HTTP response that will be sent back to the client. It includes methods and properties for setting headers, cookies, status codes, etc.
Session: Provides access to session data. You can store data that persists across multiple requests from the same client.
User: Represents the current authenticated user and their claims. This is an instance of ClaimsPrincipal, which contains the identity and claims of the user.
Items: A collection of arbitrary objects that can be stored for the duration of the request. This is useful for passing data through middleware.
You can directly access httpcontext in controller
public IActionResult Index()
{
string userIp = HttpContext.Connection.RemoteIpAddress.ToString();
string userAgent = HttpContext.Request.Headers["User-Agent"].ToString();
// Pass the values to the view or return them as part of the response
return View();
}
In custom middleware, you can modify HttpContext before passing it to the next middleware in the pipeline:
Example
public class CustomMiddleware
{
private readonly RequestDelegate _next;
public CustomMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
// Modify the context, such as adding headers or logging
context.Response.Headers.Add("X-Custom-Header", "Value");
await _next(context); // Pass control to the next middleware
}
}
To access HttpContext in classes that do not have it directly injected (like services), you can use IHttpContextAccessor. This interface provides access to the current HttpContext.
First add code in Configureservices method in startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddHttpContextAccessor(); // Add IHttpContextAccessor to DI container
}
Now you can access in service like
public class MyService
{
private readonly IHttpContextAccessor _httpContextAccessor;
public MyService(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
public void DoSomething()
{
var userAgent = _httpContextAccessor.HttpContext.Request.Headers["User-Agent"];
// Perform actions based on user-agent or other HttpContext properties
}
}
Asp.net Core supports the Open Web Interface for .Net (OWIN) allows web apps to be decoupled from web servers. It defines a standard way for middleware to be used in a pipeline to handle requests and associated responses.
OWIN provides an abstraction layer between a web server and a web application.
The namespace Microsoft.Owin.Host.systemWeb contains the types related to handling OWIN requests.
Background tasks are used to run long-running or periodic tasks outside of the request-response cycle. There are several ways to implement background tasks in an ASP.NET Core application. Here are the most common approaches:
1. BackgroundService
BackgroundService is an abstract class that is part of Microsoft.Extensions.Hosting namespace. It provides a way to create a long-running background task that runs in the background of your ASP.NET Core application.
2. IHostedService
IHostedService is an interface for implementing background services
3. Timer-based Tasks
4. Using IBackgroundTaskQueue for Queued Background Work
5. Hangfire (Third-Party Library)
Hangfire is a powerful library that can manage background jobs in ASP.NET Core applications. It provides features like automatic retries, job persistence, and recurring jobs.
The dotnet watch command in .NET is used to watch for file changes and automatically recompile and restart your application, which is particularly useful during development.
dotnet watch is a development time tool that runs a dotnet command when source files change. It can be used to compile, run tests, or publish when code changes.
The SOLID principles are a set of five design principles intended to make software more understandable, flexible, and maintainable. They are especially useful in ASP.NET Core applications, where clean architecture and dependency injection are crucial.
1. S - Single Responsibility Principle (SRP)
A class should have one, and only one, reason to change, meaning it should only have one job.
2. O - Open/Closed Principle (OCP)
Software entities (classes, modules, functions, etc.) should be open for extension but closed for modification.
3. L - Liskov Substitution Principle (LSP)
Derived classes should be substitutable for their base classes.
Interface Segregation Principle (ISP)
Clients should not be forced to implement interfaces they don't use.
Dependency Inversion Principle (DIP)
High-level modules should not depend on low-level modules; both should depend on abstractions. Additionally, abstractions should not depend on details.
By adhering to SOLID principles, ASP.NET Core applications become more maintainable, flexible, and testable, ensuring that each class and method has a clear and single purpose and that changes in one area don't cascade through the application.
By adhering to SOLID principles, your ASP.NET Core applications become more maintainable, flexible, and testable, ensuring that each class and method has a clear and single purpose and that changes in one area don't cascade through the application.
The Dependency Inversion Principle states:
High-level modules should not depend on low-level modules. Both should depend on abstractions (e.g., interfaces).
Abstractions should not depend on details. Details should depend on abstractions.
Steps involved to implement in asp.net core:-
Define an Abstraction (Interface)
Implement the Interface in Concrete Classes
Register the Dependency in the Dependency Injection Container
Inject the Abstraction into Controllers or Services
Using ASP.NET Core to build microservices is a popular choice because of its cross-platform capabilities, lightweight nature, and integration with modern tools and patterns, such as dependency injection and middleware.
Microservices architecture breaks down an application into small, independently deployable services, each focusing on a specific business capability. Unlike monolithic applications, microservices allow each service to be developed, deployed, and scaled independently
Features :
Single Responsibility
Independence
Scalability
You can use Web API to create microservices in asp.net core.
Sample diagram of microservices. Here there are 3 different teams having 3 different dbs.
Product Microservice- DB - Db1 team
Client -> API GateWay => Customer Microservice - DB - Db2 team
Order Microservice - DB - Db3 team
Ocelot is an Open Source API Gateway for the .NET/Core Platform. What is does is simple. It cunifies multiple microservices so that the client does not have to worry about the location of each and every Microservice. Ocelot API Gateway transforms the Incoming HTTP Request from the client and forward it to an appropriate Microservice.
Add XML Formatters to MVC
In startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers(options =>
{
// Add XML formatter
options.OutputFormatters.Add(new XmlSerializerOutputFormatter());
});
}
Specify XML Output in Your Controller
using Microsoft.AspNetCore.Mvc;
[ApiController]
[Route("api/[controller]")]
public class MyController : ControllerBase
{
[HttpGet]
[Produces("application/xml")]
public IActionResult Get()
{
var data = new { Message = "Hello, XML!" };
return Ok(data);
}
}
Test the Endpoint
When you send a request to this endpoint, it should respond with XML if the client accepts XML (Accept: application/xml) or if no specific Accept header is set.
Jsonmediatypeformatter
Xmlmediatypeformatter
Urlencodedtypeformatter
JqueryMVCFormUrlencodedtypeformater
1xx – informal response
2xx – successful
3xx-Redirection
4xx – Client error
5xx-Server error
JWT token is a string and has three parts separated by dot (.) a) Header b) Payload c) Signature
Header & Payload are JSON objects
Header contains algorithm & type of token which is jwt
Payload contains claims (key/value pairs) + expiration date + aud/issuer etc.
Signature is HASH value computed using Base64(Header) +"." + Base64(Payload). This information is passed to an algorithm with a secret key.
Token structure is base64(header) + "." + base64(payload) + "." + hash
Attributes of Form Tag Helper
- asp-controller
- asp-action
- asp-route
- asp-all-route-data
- asp-route-{value}
- asp-area
- asp-fragment
- asp-page
- asp-page-handler
- asp-host
- asp-protocol
- asp-antiforgery
The Common built-in Tag Helpers in Asp.Net Core are :-
Anchor
Cache
Component
Distributed Cache
Environment
Form
Form Action
Image
Input
Label
Link
Partial
Script
Select
TextArea
Validation Message
Validation Summary
Here are some of the built-in validation attributes:
- [ValidateNever]: The ValidateNeverAttribute indicates that a property or parameter should be excluded from validation.
- [CreditCard]: Validates that the property has a credit card format. Requires jQuery Validation Additional Methods.
- [Compare]: Validates that two properties in a model match.
- [EmailAddress]: Validates that the property has an email format.
- [Phone]: Validates that the property has a telephone number format.
- [Range]: Validates that the property value falls within a specified range.
- [RegularExpression]: Validates that the property value matches a specified regular expression.
- [Required]: Validates that the field is not null.
- [StringLength]: Validates that a string property value doesn't exceed a specified length limit.
- [Url]: Validates that the property has a URL format.
[Remote]: Validates input on the client by calling an action method on the server.
Hosting determines how the application is started, configured, and managed. Here are the main hosting models in ASP.NET Core:
1. In-Process Hosting
Runs the application in the same process as the IIS worker process (w3wp.exe).
Benefits:-
Improved performance due to no additional proxy server between IIS and Kestrel.
Lower latency, as requests don’t need to be forwarded to another process.
Simplified deployment since there’s no need for additional Kestrel configuration.
2. Out-of-Process Hosting
Runs the application in a separate process from the IIS worker process and uses a reverse proxy to forward requests.
Benefits :
Improved isolation, as the application process is separated from IIS, which can aid in fault tolerance.
Enables using Kestrel as a lightweight and performant cross-platform server.
Suitable for applications needing cross-platform compatibility or when Kestrel needs to be used for specific configurations.
3. Kestrel-Only Hosting
Uses only the Kestrel web server without any additional reverse proxy, directly exposing the application to the internet or network.
Benefits :
Simplicity and ease of deployment, particularly useful in Docker containers or minimal server environments.
Cross-platform support for Linux, Windows, and macOS.
Excellent performance when properly configured.
4. IIS with Reverse Proxy (IIS + Kestrel)
A common setup where IIS acts as a reverse proxy server, and Kestrel is the internal server processing requests.
Benefits:
Combines IIS’s advanced management capabilities (e.g., logging, security, and load balancing) with Kestrel’s performance.
Allows you to leverage IIS’s capabilities while keeping the application platform-independent.
Good compatibility with Microsoft ecosystems and deployments.
5. Self-Hosting (Console Application)
ASP.NET Core applications can be self-hosted as standalone applications running in a console or as background services.
Benefits:
Provides full control over the hosting process, suitable for microservices and isolated application instances.
Platform independence, as it can run on Linux, macOS, and Windows.
Ideal for containerized deployments, as each instance can be a self-contained process.
It is suitable for microservice architectures, containerized applications, and cases where minimal dependencies are required.
6. Other Cloud-Specific Hosting Models
ASP.NET Core applications can also be hosted in specialized environments like Azure App Service or AWS Elastic Beanstalk, each providing cloud-specific configurations and scaling options.
Route data refers to the information extracted from the URL that is used to map requests to controller actions. Route data typically includes parameters extracted from the route pattern, such as values in the URL, query strings, or route constraints.
The UseRouting middleware is used to handle the request routing.
In Configure method of startup.cs (or program.cs)
app.UseRouting();
You can access route data within your controller actions using the RouteData property of the ControllerBase class, which is inherited by controllers.
var controller = RouteData.Values["controller"]; // "Home"
var action = RouteData.Values["action"]; // "Index"
// You can also access custom route parameters
var id = RouteData.Values["id"]; // If present, otherwise null
Route data tokens are special values associated with routes. They are used to carry metadata or additional information that can be accessed later in the request processing pipeline, usually in controllers or middleware.
In startup.cs in configure method,
app.UseEndpoints(endpoints =>
{
// Define a custom route with a data token
endpoints.MapControllerRoute(
name: "customRoute",
pattern: "custom/{controller=Home}/{action=Index}/{id?}",
defaults: null,
constraints: null,
dataTokens: new { myToken = "specialValue" } // Adding a data token here
);
});
In this example, dataTokens is set to { myToken = "specialValue" }. This attaches a token named myToken with the value "specialValue" to the route.
To access the route data tokens, you can read from the RouteData property within a controller action:
using Microsoft.AspNetCore.Mvc;
public class HomeController : Controller
{
public IActionResult Index()
{
// Access the route data token
var myToken = RouteData.DataTokens["myToken"];
// Use the token in your logic
ViewData["TokenValue"] = myToken;
return View();
}
}
You can then pass this token value to your view if needed:
<p>Token Value: @ViewData["TokenValue"]</p>
The Repository Pattern is a design pattern often used in ASP.NET Core applications to abstract data access, promote separation of concerns, and make the codebase more modular, testable, and maintainable.
The Repository Pattern creates an abstraction layer between the data access and the business logic of an application. It allows you to define a contract for data operations, such as CRUD operations, and hide the implementation details (like Entity Framework Core).
steps involved in implementation:
Define a model class
Create a Repository Interface
Create a class which implments the above interface
Register the Repository with Dependency Injection in startup.cs
Use the Repository in a Service or Controller
The unit of work pattern keeps track of all changes to aggregates. Once all updates of the aggregates in a scope are completed, the tracked changes are played onto the database in a transaction so that the database reflects the desired changes. Thus, the unit of work pattern tracks a business transaction and translates it into a database transaction, wherein steps are collectively run as a single unit. To ensure that data integrity is not compromised, the transaction commits or is rolled back discretely, thus preventing indeterminate state.
Creating and managing HttpClient instances correctly is critical because improper use can lead to performance issues. For example, instantiating HttpClient frequently in code (e.g., within every request) can exhaust available sockets and lead to performance degradation.
To address these issues, ASP.NET Core provides IHttpClientFactory, which offers a centralized way to manage HttpClient instances. Benefits of HttpClientFactory include:
Reuse of HttpClient instances to avoid socket exhaustion.
Configurable and named clients for specific services.
Built-in support for resilience with policies, such as retry and circuit breaker.
NewtonsoftJson is a NuGet package designed to enable the use of JSON serialization and deserialization using Newtonsoft. Json in ASP.NET Core MVC applications. This package provides support for handling JSON input and output in ASP.NET Core MVC controllers, allowing for seamless integration with existing Newtonsoft.
Steps required for implementation
Install package - Microsoft.AspNetCore.Mvc.NewtonsoftJson.
In program.cs
builder.Services.AddControllers()
.AddNewtonsoftJson(options =>
{
options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore;
options.SerializerSettings.NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore;
});
Model class
public class Product
{
public int Id { get; set; }
[JsonProperty("product_name")]
public string Name { get; set; }
}
In Controller,
[HttpGet]
public IActionResult GetProduct()
{
var product = new Product { Id = 1, Name = "Laptop" };
return Ok(product);
}
A controller class in ASP.NET Core MVC is a class that handles user requests, retrieves data, and renders views. It's the initial entry point for an MVC application and controls each user request by routing it to the correct action method. A controller class is usually public and has a name that ends with "Controller".It contains action methods that respond to HTTP requests. It Interacts with models to retrieve or update data.It selects views to render HTML or returns data directly.
When we create an MVC project, and create a controller it is inherted from Controller class which is an abstract class. This controller abstract class is inherited from another abstract class Controllerbase.
Public methods in a controller class are called action methods. Action methods must be public,
The TypeFilter attribute is used to apply filters by specifying the type of the filter directly. It allows you to specify the type of a filter and its constructor parameters. This is a flexible way to apply filters, as it allows you to create and configure filters on the fly.
The ServiceFilter attribute is used to apply filters that are registered as services in the dependency injection container. It refers to a filter by specifying the type of the filter as well as the service type. This is useful when you want to use filters that require dependency injection.
RedirectToAction lets you construct a redirect url to a specific action/controller in your application, that is, it'll use the route table to generate the correct URL.
Redirect requires that you provide a full URL to redirect to.
If you have an action Index on controller Home with parameter Id:
- You can use RedirectToAction("Index", "Home", new { id = 5 }) which will generate the URL for you based on your route table.
- You can use Redirect but must construct the URL yourself, so you pass Redirect("/Home/Index/5") or however your route table works.
- You can't redirect to google.com (an external URL) using RedirectToAction, you must use Redirect.
Use RedirectToAction for anything dealing with your application actions/controllers. If you use Redirect and provide the URL, you'll need to modify those URLs manually when your route table changes
CookieOptions options = new CookieOptions
{
Expires = DateTime.Now.AddDays(7), // Cookie expiration date
Secure = true, // Ensure the cookie is sent only over HTTPS
HttpOnly = true // Make the cookie accessible only through the HTTP protocol (not accessible via JavaScript)
};
Response.Cookies.Append("UserName", "John Doe", options);
To retrieve from cookie
getLead.RoleId = Convert.ToInt32(Request.Cookies["UserName "]);
IActionResult is an interface in ASP.NET Core that represents the result of an action method.
It provides a way to encapsulate the result of an action, allowing you to return different types of responses from your controllers.
public IActionResult Index()
{
var queryParameters = Request.Query;
foreach (var param in queryParameters)
{
Console.WriteLine($"{param.Key}: {param.Value}");
}
return View();
}
public IActionResult SubmitForm(IFormCollection form)
{
foreach (var key in form.Keys)
{
Console.WriteLine($"{key}: {form[key]}");
}
return View();
}
Create a class which inherits from ExceptionFilterAttribute and implement OnException method.
public class CustomExceptionFilter : ExceptionFilterAttribute
{
public override void OnException(ExceptionContext context)
{
var controllerName = context.RouteData.Values["controller"];
var actionName = context.RouteData.Values["action"];
string message = $" Time: {DateTime.Now}, Controller: {controllerName}, Action: {actionName}, Exception: {context.Exception.Message}";
string filePath = Path.Combine(Directory.GetCurrentDirectory(), "Log", "Log.txt");
//saving the data in a text file called Log.txt
File.AppendAllText(filePath, message);
}
}
public class HomeController : Controller
{
[CustomExceptionFilter]
public ActionResult Index()
Register it
builder.Services.AddControllersWithViews(options =>
{
options.Filters.Add(new CustomExceptionFilter());
});
DRY stands for "Don't Repeat Yourself." It is a software development principle aimed at reducing repetition of code patterns and promoting reusability. By following the DRY principle, developers can write more maintainable, scalable, and cleaner code, reducing the chances of errors and bugs.
Here’s how the DRY principle applies to ASP.NET Core development:
1. Reusability of Components
Eg: Controllers ,Services
2. Shared Code in Views
Eg: Partial Views,View Components,Tag Helpers
3.Middleware
4.Custom Services
5. Extension Methods
Create a static class with 2 static methods for storing and retrieving session
public static class SessionExtensions
{
public static T GetComplexData<T>(this ISession session, string key)
{
var data = session.GetString(key);
if (data == null)
{
return default(T);
}
return JsonConvert.DeserializeObject<T>(data);
}
public static void SetComplexData(this ISession session, string key, object value)
{
session.SetString(key, JsonConvert.SerializeObject(value));
}
HttpContext.Session.SetComplexData("loggerUser", user);
LoggedUserVM loggedUser = HttpContext.Session.GetComplexData<LoggedUserVM>("loggerUser");
HttpUtility.JavaScriptStringEncode is a method in the .NET Framework's System.Web namespace that is used to encode strings for use in JavaScript.
It's typically used when you need to pass strings from server-side code to client-side JavaScript code and want to ensure that the strings are properly formatted and do not cause any syntax errors or security vulnerabilities.
This method is particularly useful for encoding strings that may contain characters with special meaning in JavaScript, such as quotes, backslashes, or certain control characters.
JavaScriptEncoder.Default.Encode is used in ASP.NET Core to encode strings for safe output in web pages, preventing JavaScript injection attacks. It is part of the System.Text.Encodings.Web namespace..
Sample code
string userInput = "<script>alert('XSS');</script>"; // Encode the user input to prevent XSS attacks string
string safeOutput = JavaScriptEncoder.Default.Encode(userInput);
Sample code for downloading a file.
public class Program
{
public static async Task Main(string[] args)
{
var httpClient = new HttpClient();
var fileDownloader = new FileDownloader(httpClient);
string fileUrl = "https://example.com/file.zip"; // Replace with the URL of the file you want to download
string destinationPath = "path/to/save/file.zip"; // Replace with your desired file path
await fileDownloader.DownloadFileAsync(fileUrl, destinationPath);
}
}
Also Register in ConfigureService method of startup.cs
services.AddHttpClient<FileDownloader>();
HTTP GET can transmit only a limited amount of data.
HTTP POST allows for the transmission of large volumes of data.
Data is transmitted in the header in HTTP GET
.In HTTP POST, data is transmitted in the body.
HTTP GET is less secure as details are visible in the URL bar
HTTP POST is more secure as details are not displayed in the URL bar.
In summary, POST is typically used for creating or updating resources when the exact URL may not be known in advance, while PUT is used for updating or creating resources at specific URLs and is idempotent.
Constructor Injection
Constructor injection is a design pattern used in dependency injection (DI) where the dependencies of a class are provided through its constructor. This method ensures that a class's required dependencies are injected into it at the time of its creation, rather than the class creating them internally or obtaining them via setters or methods.
method Injection
Method injection is a design pattern used in software development, particularly in the context of Dependency Injection (DI). It involves injecting dependencies into a class via methods, instead of through the constructor (constructor injection) or directly through properties (property injection).
,property injection
Property injection in the context of Model-View-Controller (MVC) typically refers to a design pattern in which dependencies are provided to an object through its properties rather than through constructor or method injection..
1. Cross-Platform Support
2. Performance
ASP.NET Core is optimized for high performance, making it one of the fastest web frameworks available. This is due to improvements in the runtime and new features like the Kestrel web server, which is lightweight and highly performant.
3. Unified Framework
ASP.NET Core unifies MVC, Web API, and Razor Pages under a single framework. You no longer have to choose between Web API and MVC for creating APIs; ASP.NET Core provides a cohesive approach to building web UIs and APIs.
Dependency Injection (DI) Built-In
ASP.NET Core has built-in dependency injection, making it easier to manage dependencies and create loosely coupled, testable code.
5. Modular and Lightweight
ASP.NET Core is modular, allowing you to include only the necessary packages through NuGet. This modularity reduces the application's footprint and enhances performance.
Simplified Development and Configuration
In ASP.NET Core, configuration is much simpler and more flexible, using JSON, environment variables, and command-line arguments. This is beneficial for cloud and container environments.
Razor Pages
ASP.NET Core introduces Razor Pages, a page-based programming model that simplifies the creation of page-focused applications. This is ideal for simple or single-page applications.
Support for Modern Front-End Development
Open Source and Community Driven
Middleware Pipeline
ASP.NET Core has a flexible middleware pipeline, giving developers more control over request processing and enabling the addition of custom middleware components.
Better Testing and Integration
ASP.NET Core applications are designed with testing in mind, with support for in-memory hosting, simplified unit testing of controllers, and integrated dependency injection.
Enhanced Security
ASP.NET Core includes more advanced security features, such as built-in HTTPS, data protection APIs, and easier configuration for identity and authentication.
In an ASP.NET Core application, Program.cs is the entry point of the application. It's where the application is configured and the WebHost is built and run.
Create the builder: WebApplication.CreateBuilder(args) sets up the WebApplicationBuilder which contains configuration, logging, and dependency injection.
Configure services: builder.Services.AddControllersWithViews() adds support for controllers and views (MVC). You can also register other services, like database contexts, identity, or any custom services here.
Build the application: builder.Build() creates the actual WebApplication instance to configure the middleware and start the app.
Configure middleware: app.Use... statements set up middleware in the request pipeline (for error handling, static files, routing, etc.).
Map endpoints: The MapControllerRoute and MapRazorPages methods specify routing for controllers and Razor pages.
run the app: Finally, app.Run() starts the web application
The following factors made Asp.Net Core became cross platform :-
Runtime: .
Base Class Library (BCL):
Open Source:
Modular Design:
Containerization Support - for eg: Docker
Development Tools: - for eg: Visual Studio Code
In an ASP.NET Core project, the .csproj file is a crucial component for managing dependencies, configurations, and build settings. This XML file specifies the project’s settings, references, and dependencies.
The Common Language Runtime (CLR) is a core component of the .NET environment that enables ASP.NET Core applications to run and perform essential tasks
The CLR is responsible for executing .NET applications. In ASP.NET Core, the CLR manages code execution, memory allocation, security,garbage collection, exception handling,thread and execution management.
The ViewStart file (usually named _ViewStart.cshtml) is a special Razor view file that helps streamline layout configuration across views in an MVC application. It is typically placed in the Views folder of your project and is executed before any individual view is rendered.
The _ViewStart.cshtml file allows you to define common settings that apply to all views in your application, such as layout pages. By setting the layout here, you avoid having to specify a layout in each individual view file.
app.UseEndpoints is a method in the request pipeline configuration that lets you define endpoints for routing in an application.
This is commonly used in the Startup.cs file within the Configure method, allowing you to map endpoints to specific controllers, actions, or custom routes.
SqlConnection: Establishes a connection to the database.
SqlCommand: Executes SQL commands, such as SELECT, INSERT, UPDATE, and DELETE.
SqlDataReader: Reads data from the database in a forward-only, read-only stream.
SqlDataAdapter: Fills a DataSet with results from the database and supports disconnected data operations.
DataSet and DataTable: Represent data in memory and can be used to manipulate data offline.
Tthe IWebHostEnvironment interface provides information about the environment the application is running in, such as the environment name (e.g., Development, Staging, Production), the application's content root path, and the web root path.
This interface is useful for configuring settings, determining the appropriate behavior of your application based on the environment, and accessing directories like the file system.
IHttpContext.Request.Form.Files is a collection that contains the files that were uploaded as part of an HTTP request. These files are typically sent as part of a multipart/form-data request, which is commonly used when submitting forms with file inputs (e.g., uploading an image or document).
The asp-route-{parameter} syntax is used in Razor views to generate route values for a link. It helps build dynamic URLs with specific route parameters. When you use asp-route-status, it's typically used in scenarios like routing based on a specific "status" parameter in a URL.
In an MVC (Model-View-Controller) framework, handling multipart/form-data typically involves uploading files or sending data in a form that includes both text and binary data (like images). This type of encoding is most commonly used when submitting forms that include files. Here's how you can handle multipart/form-data in an MVC framework.
Rfc2898DeriveBytes in C# is a class used to derive cryptographic keys using the PBKDF2 (Password-Based Key Derivation Function 2) algorithm. It's not directly used for encryption but to generate a key from a password, which you can then use with an encryption algorithm such as AES.
Code Example:-
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
class Program
{
static void Main()
{
string originalText = "Hello, World!";
string password = "strongpassword";
// Encrypt the text
byte[] encryptedData = EncryptText(originalText, password);
Console.WriteLine($"Encrypted Data: {Convert.ToBase64String(encryptedData)}");
// Decrypt the text
string decryptedText = DecryptText(encryptedData, password);
Console.WriteLine($"Decrypted Text: {decryptedText}");
}
static byte[] EncryptText(string plainText, string password)
{
// Generate salt
byte[] salt = new byte[16];
using (var rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(salt);
}
// Derive key and IV from password
using (var rfc2898 = new Rfc2898DeriveBytes(password, salt, 100000)) // Iterations: 100,000
{
using (var aes = Aes.Create())
{
aes.Key = rfc2898.GetBytes(32); // AES-256 key
aes.IV = rfc2898.GetBytes(16); // AES block size (128-bit IV)
using (var ms = new MemoryStream())
{
// Write salt at the beginning of the encrypted data
ms.Write(salt, 0, salt.Length);
using (var cryptoStream = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
using (var writer = new StreamWriter(cryptoStream))
{
writer.Write(plainText);
}
return ms.ToArray();
}
}
}
}
static string DecryptText(byte[] encryptedData, string password)
{
// Extract salt (first 16 bytes)
byte[] salt = new byte[16];
Array.Copy(encryptedData, 0, salt, 0, salt.Length);
// Derive key and IV from password and salt
using (var rfc2898 = new Rfc2898DeriveBytes(password, salt, 100000))
{
using (var aes = Aes.Create())
{
aes.Key = rfc2898.GetBytes(32);
aes.IV = rfc2898.GetBytes(16);
using (var ms = new MemoryStream(encryptedData, salt.Length, encryptedData.Length - salt.Length))
using (var cryptoStream = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Read))
using (var reader = new StreamReader(cryptoStream))
{
return reader.ReadToEnd();
}
}
}
}
}
suppose DBContext is the name of connection string in appsettings.json
So in class file,
public class Course
{
private readonly IConfiguration _config;
public Course(IConfiguration config)
{
_config = config;
}
public IDbConnection _dbConnection
{
get
{
return new SqlConnection(_config.GetConnectionString("DBContext"));
}
}
}
IDbConnection conn = _dbConnection.
Now you open connection string like,
conn.Open();
HttpClient and WebClient are both tools used for making HTTP requests in .NET applications, but HttpClient is generally preferred due to its modern design, flexibility, and performance advantages.
The Benefits are
Asynchronous Programming Support
Resource Management and Reusability
Customization and Flexibility
Support for Modern HTTP Features
Testability
Content Handling
Better Error Handling
In C#, JsonResult is a type commonly used in ASP.NET Core MVC applications to return JSON data from a controller action. It allows you to send JSON-formatted data as a response, typically used in API endpoints or AJAX calls from the client side.
You can customize the JSON response using JsonSerializerOptions
System.Text.Json
NameValueCollection is a collection type that is part of the System.Collections.Specialized namespace. It is a specialized collection that stores key-value pairs, where each key is associated with one or more values. It is similar to a Dictionary<TKey, TValue>, but allows multiple values to be stored for a single key.
Features :
Multiple Values per Key
By default, the keys are case-insensitive, meaning that key and KEY would be treated as the same key.
You can access values by their key, and retrieve all values for a given key as a collection.
A MemoryStream is a class in the System.IO namespace that provides a stream for reading and writing data in memory (as opposed to files or other I/O devices). It allows you to manipulate data stored in a byte array as if it were a stream.
It's often used when you need to pass data as a stream to APIs or libraries that expect a stream.
It's frequently used for serializing or deserializing objects to/from byte arrays.
Sending an email involves using the SMTP protocol with the System.Net.Mail or integrating third-party libraries like MailKit or SendGrid.. Here we are using MailKit.
Steps to send mail using MailKit.
Install package MailKit
Add Email Settings in appsettings.json
"EmailSettings": {
"SMTPServer": "smtp.your-email-provider.com",
"SMTPPort": 587,
"SenderEmail": "john@gmail.com",
"SenderName": "John Honai",
"SMTPUsername": "your-email@example.com",
"SMTPPassword": "your-email-password"
}
Create a service class for sending mail.
using MailKit.Net.Smtp;
using MimeKit;
public class EmailService
{
private readonly IConfiguration _config;
public EmailService(IConfiguration config)
{
_config = config;
}
public async Task SendEmailAsync(string recipientEmail, string subject, string message)
{
var email = new MimeMessage();
email.From.Add(new MailboxAddress(
_config["EmailSettings:SenderName"],
_config["EmailSettings:SenderEmail"]));
email.To.Add(MailboxAddress.Parse(recipientEmail));
email.Subject = subject;
email.Body = new TextPart("plain") { Text = message };
using var smtp = new SmtpClient();
await smtp.ConnectAsync(
_config["EmailSettings:SMTPServer"],
int.Parse(_config["EmailSettings:SMTPPort"]),
MailKit.Security.SecureSocketOptions.StartTls);
await smtp.AuthenticateAsync(
_config["EmailSettings:SMTPUsername"],
_config["EmailSettings:SMTPPassword"]);
await smtp.SendAsync(email);
await smtp.DisconnectAsync(true);
}
}
Register the service in program.cs file
builder.Services.AddSingleton<EmailService>();
Now We have to Inject and use the service in a controller
public class HomeController : Controller
{
private readonly EmailService _emailService;
public HomeController(EmailService emailService)
{
_emailService = emailService;
}
public async Task<IActionResult> SendEmail()
{
await _emailService.SendEmailAsync("recipient@example.com",
"Test Subject", "This is a test email.");
return Ok("Email sent!");
}
}
IEnumerable<T>: It is an interface that defines a collection that can be enumerated (iterated) over, but it does not provide methods for modifying or directly accessing elements by index. It supports only the GetEnumerator() method, which allows iteration over the collection.
List<T>: It is a concrete class that implements the IEnumerable<T> interface and provides a more feature-rich collection with various methods for adding, removing, and accessing elements. It is part of the System.Collections.Generic namespace.
In ASP.NET MVC and Web API, the [JsonIgnore] attribute is used to prevent certain properties of a model from being included in the JSON serialization process. This is particularly useful when you need to hide sensitive data or reduce the size of the JSON response.
For example,
using System.Text.Json.Serialization;
public class User
{
public int Id { get; set; }
public string Username { get; set; }
[JsonIgnore] // This property will be ignored during JSON serialization
public string Password { get; set; }
}
If you serialize an instance of the User class, the Password field won't be included in the JSON result:
User user = new User { Id = 1, Username = "JohnDoe", Password = "Secret123" };
string jsonString = JsonSerializer.Serialize(user);
// Output JSON: {"Id":1,"Username":"JohnDoe"}
Delegates provide a way to encapsulate methods that can be executed on a separate thread.
Steps to Create a Thread with a Delegate
Define a method to execute in a separate thread.
Create a delegate that points to this method.
Instantiate the Thread class using the delegate.
Start the thread using the Start() method.
using System;
using System.Threading;
class Program
{
// Step 1: Define a method to run on a separate thread
static void PrintNumbers()
{
for (int i = 1; i <= 10; i++)
{
Console.WriteLine($"Number: {i}");
Thread.Sleep(500); // Simulate work (500 ms delay)
}
}
static void Main(string[] args)
{
// Step 2: Create a delegate instance pointing to the method
ThreadStart threadDelegate = new ThreadStart(PrintNumbers);
// Step 3: Create a Thread instance using the delegate
Thread thread = new Thread(threadDelegate);
// Step 4: Start the thread
thread.Start();
// Main thread continues to run independently
Console.WriteLine("Main thread continues to execute...");
}
}
The RestRequest class is primarily associated with the RestSharp library, which is a popular HTTP client used to simplify consuming RESTful APIs.
RestRequest represents a request to be sent to a server.
You can configure HTTP methods (GET, POST, PUT, DELETE, etc.), headers, parameters, and bodies using this class.
To use RestRequest, you need to install RestSharp:
Sample code for how to use RestRequest class
using RestSharp;
var client = new RestClient("https://api.example.com"); // API base URL
var request = new RestRequest("endpoint/resource", Method.Get); // Set HTTP method
// Add parameters if needed
request.AddParameter("param1", "value1");
request.AddHeader("Authorization", "Bearer YOUR_TOKEN");
// Execute request
var response = client.Execute(request);
if (response.IsSuccessful)
{
Console.WriteLine(response.Content);
}
else
{
Console.WriteLine($"Error: {response.ErrorMessage}");
}
There are 2 approaches. With ADo.net & without EFCore
Consider the SP
CREATE PROCEDURE GetMultipleResults
AS
BEGIN
SELECT * FROM Products;
SELECT * FROM Categories;
END
Ist approach. with Ado.net & EFCore
here you have to create model class
public class Product
{
public int Id { get; set; }
public string Name { get; set; }
}
public class Category
{
public int Id { get; set; }
public string CategoryName { get; set; }
}
You have go create DBContext class for data access
public class ApplicationDbContext : DbContext
{
public DbSet<Product> Products { get; set; }
public DbSet<Category> Categories { get; set; }
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
: base(options) { }
}
Then in Controller
using (var command = _context.Database.GetDbConnection().CreateCommand())
{
command.CommandText = "GetMultipleResults";
command.CommandType = CommandType.StoredProcedure;
_context.Database.OpenConnection();
using (var result = command.ExecuteReader())
{
var products = new List<Product>();
var categories = new List<Category>();
// First result set
while (result.Read())
{
products.Add(new Product
{
Id = result.GetInt32(0),
Name = result.GetString(1)
});
}
// Move to next result set
result.NextResult();
while (result.Read())
{
categories.Add(new Category
{
Id = result.GetInt32(0),
CategoryName = result.GetString(1)
});
}
// Use the data as needed, e.g., pass to a view
ViewBag.Products = products;
ViewBag.Categories = categories;
}
}
2nd Approch. (Without EFCore)
Here No need of model class and dbcontext class.
Use SqlConnection and SqlCommand for direct database access.
public IActionResult GetData()
{
string connectionString = Configuration.GetConnectionString("DefaultConnection");
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand("GetMultipleResults", connection)
{
CommandType = CommandType.StoredProcedure
};
connection.Open();
using (SqlDataReader reader = command.ExecuteReader())
{
var products = new List<Product>();
var categories = new List<Category>();
// First result set
while (reader.Read())
{
products.Add(new Product
{
Id = reader.GetInt32(0),
Name = reader.GetString(1)
});
}
// Move to next result set
reader.NextResult();
while (reader.Read())
{
categories.Add(new Category
{
Id = reader.GetInt32(0),
CategoryName = reader.GetString(1)
});
}
ViewBag.Products = products;
ViewBag.Categories = categories;
}
}
return View();
}
In View
<h2>Products</h2>
<ul>
@foreach (var product in ViewBag.Products)
{
<li>@product.Name</li>
}
</ul>
<h2>Categories</h2>
<ul>
@foreach (var category in ViewBag.Categories)
{
<li>@category.CategoryName</li>
}
</ul>
Yes. It will compile without any Error.
Steps involved :-
Create an HttpWebRequest instance.
Add the JWT to the request headers (usually in the Authorization header).
Send the request and read the response.
Sample Code :
using System;
using System.IO;
using System.Net;
using System.Text;
class Program
{
static void Main()
{
string url = "https://api.example.com/endpoint"; // Replace with your API endpoint
string jwtToken = "your-jwt-token"; // Replace with your actual JWT
// Create the HttpWebRequest
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "GET"; // Change to "POST", "PUT", etc., if needed
request.ContentType = "application/json";
// Add the JWT to the Authorization header
request.Headers["Authorization"] = "Bearer " + jwtToken;
try
{
// Get the response
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
using (StreamReader reader = new StreamReader(response.GetResponseStream()))
{
string responseText = reader.ReadToEnd();
Console.WriteLine(responseText); // Output the response
}
}
}
catch (WebException ex)
{
// Handle errors
using (var reader = new StreamReader(ex.Response.GetResponseStream()))
{
string errorText = reader.ReadToEnd();
Console.WriteLine("Error: " + errorText);
}
}
}
}
SelectListItem is a class in ASP.NET MVC (Model-View-Controller) that represents an item in a list, commonly used for building HTML dropdown lists (<select> elements), radio buttons, or checkboxes. It's typically used with Razor views to populate form controls dynamically.
Example
In model class
public List<SelectListItem> Categories { get; set; }
In Controller
public ActionResult Create()
{
var model = new ProductViewModel
{
Categories = new List<SelectListItem>
{
new SelectListItem { Text = "Electronics", Value = "1" },
new SelectListItem { Text = "Clothing", Value = "2" },
new SelectListItem { Text = "Books", Value = "3", Selected = true } // Pre-selected item
}
};
return View(model);
}
[DataType(DataType.Upload)]
Sample code
[Required]
[DataType(DataType.Upload)]
[Display(Name = "Upload File")]
public IFormFile File { get; set; }
ADO.NET in an ASP.NET Core MVC application allows direct interaction with databases, providing more control over data operations compared to using ORMs like Entity Framework Core. ADO.NET provides classes to connect, retrieve, insert, update, and delete data using SQL commands.
add package Microsoft.Data.SqlClient
In appsettings.json,
{
"ConnectionStrings": {
"DefaultConnection": "Server=your_server_name;Database=your_db_name;Trusted_Connection=True;"
}
}
Create a class to manage database operations (DatabaseHelper.cs)
using Microsoft.Data.SqlClient;
using System.Data;
namespace MyMvcApp.Data
{
public class DatabaseHelper
{
private readonly IConfiguration _configuration;
private readonly string _connectionString;
public DatabaseHelper(IConfiguration configuration)
{
_configuration = configuration;
_connectionString = _configuration.GetConnectionString("DefaultConnection");
}
public DataTable GetData(string query)
{
DataTable dt = new DataTable();
using (SqlConnection connection = new SqlConnection(_connectionString))
{
using (SqlCommand command = new SqlCommand(query, connection))
{
connection.Open();
using (SqlDataReader reader = command.ExecuteReader())
{
dt.Load(reader);
}
}
}
return dt;
}
}
}
Create a controller to fetch and display data from the database.
using Microsoft.AspNetCore.Mvc;
using MyMvcApp.Data;
namespace MyMvcApp.Controllers
{
public class HomeController : Controller
{
private readonly DatabaseHelper _dbHelper;
public HomeController(IConfiguration configuration)
{
_dbHelper = new DatabaseHelper(configuration);
}
public IActionResult Index()
{
string query = "SELECT * FROM YourTableName"; // Replace with your table name
var dataTable = _dbHelper.GetData(query);
return View(dataTable);
}
}
}
AutoMapper is a popular object-to-object mapping library for .NET applications, including ASP.NET Core MVC. It simplifies the process of mapping data from one object type to another, reducing the boilerplate code needed for transforming data between layers (such as mapping between domain models and DTOs).
benefits:
No need to write manual property mappings.
You define a mapping configuration, and AutoMapper handles the rest.
Works with nested objects, lists, and custom mapping rules.
Changes to mapping logic only need to be made in one place.
In ASP.NET Core MVC, JObject is a class from the Newtonsoft.Json library, commonly used to work with JSON data. JObject represents a JSON object and allows you to parse, query, and manipulate JSON data programmatically.
ASP.NET Core often uses Newtonsoft.Json to serialize and deserialize JSON data, especially when more complex or custom JSON handling is required.
Example
First Instll package Newtonsoft.Json
Confiture in startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers()
.AddNewtonsoftJson(); // Enables Newtonsoft.Json
}
in Cointroller,
using Newtonsoft.Json.Linq;
using Microsoft.AspNetCore.Mvc;
public class HomeController : Controller
{
[HttpPost]
public IActionResult ProcessJson([FromBody] string jsonData)
{
// Parse the JSON string into a JObject
JObject jsonObject = JObject.Parse(jsonData);
// Access values from the JSON object
string name = jsonObject["name"]?.ToString();
int age = jsonObject["age"]?.Value<int>() ?? 0;
// Use the data in your logic
return Content($"Name: {name}, Age: {age}");
}
}
A JObject[] refers to an array of JObject instances, which means it's an array containing multiple JSON objects.
Example Code "
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json.Linq;
public class ExampleController : Controller
{
[HttpPost]
public IActionResult ProcessJsonArray([FromBody] JObject[] jsonArray)
{
foreach (var item in jsonArray)
{
// Access properties in each JObject
var name = item["name"]?.ToString();
var age = item["age"]?.ToObject<int>();
// Process the data as needed
// e.g., save to database, perform validation, etc.
}
return Ok(new { message = "Data processed successfully" });
}
}
OkObjectResult is a class in ASP.NET Core that represents an HTTP 200 (OK) response with a value object included in the response body. It is typically used in ASP.NET Core Web API controllers to return data along with a successful status code (200 OK).
Example
[HttpGet]
public IActionResult GetData()
{
var data = new { Name = "John", Age = 30 };
return Ok(data); // Simplifies to 'OkObjectResult' implicitly
}
This is Ideal when you want to return both a successful HTTP response and a data object.
You can customize the response headers or behavior by extending OkObjectResult.
NoContentResult is typically used to return an HTTP 204 (No Content) status code, indicating that the server successfully processed the request but there is no content to return. This is particularly useful when handling RESTful APIs where the response body is intentionally left empty.
Sample Code
using Microsoft.AspNetCore.Mvc;
public class MyController : Controller
{
[HttpDelete("{id}")]
public IActionResult DeleteItem(int id)
{
bool itemDeleted = _service.DeleteItemById(id); // Some deletion logic
if (itemDeleted)
{
return new NoContentResult(); // Returns HTTP 204 No Content
}
else
{
return NotFound(); // Returns HTTP 404 if the item wasn't found
}
}
}
The [Key] attributeis used to identify a property as the primary key (PK) when the property nameis something other than classnameID or ID.
[DatabaseGenerated(DatabaseGeneratedOption.Identity)] is an attribute in Entity Framework (EF), a popular Object Relational Mapping (ORM) framework for .NET. It's used to specify how the value of a database column is generated.
It indicates that the database will generate a value for this property when a new row is inserted. This is commonly used for primary key fields that are auto-incremented.
Sample Code
using System.ComponentModel.DataAnnotations;
using System.ComponentModel.DataAnnotations.Schema;
public class Product
{
[Key]
[DatabaseGenerated(DatabaseGeneratedOption.Identity)]
public int ProductId { get; set; }
public string Name { get; set; }
}
The term [keyless] usually refers to a model class that doesn't have a primary key or explicitly doesn't need one
In Entity Framework, a class without a primary key is considered an "untracked entity.". Annotate the class with [Keyless] attribute if using EF Core.
Example
[Keyless]
public class KeylessModel
{
public string Name { get; set; }
}
public int? VoucherTypeId { get; set; }
public string? VoucherNumber { get; set; }
259. What is DBcontext class in EF Core ?
In ASP.NET Core MVC, DbContext is a crucial class provided by Entity Framework Core (EF Core). It represents a session with the database and is responsible for querying and saving data. DbContext allows you to interact with your database using C# objects and LINQ queries rather than raw SQL.
Database.ExecuteSqlRawAsync is a method in Entity Framework Core (EF Core) used to execute raw SQL commands asynchronously against the database. It’s typically employed when you need to perform operations that can't be easily expressed using LINQ or when you want to leverage existing SQL queries directly.
This method is asynchronous, meaning it doesn’t block the calling thread and returns a Task<int> representing the number of rows affected.
In Entity Framework Core (EF Core), SqlRaw refers to methods used to execute raw SQL queries or commands directly against the database. This approach is useful when you need to execute custom SQL that cannot be easily translated using LINQ.
Example
var products = context.Products
.FromSqlRaw("SELECT * FROM Products WHERE Price > {0}", 100)
.ToList();
In ASP.NET MVC, you can use TransactionScope to manage transactions when performing multiple database operations that should either succeed or fail as a single unit. This is especially useful when working with complex operations that involve multiple tables or databases.
Ensures atomicity; either all operations commit or none do
An exception automatically triggers a rollback unless Complete() is called.
Sample Code
using System;
using System.Transactions;
using System.Web.Mvc;
using YourProjectNamespace.Models; // Replace with your namespace
public class ExampleController : Controller
{
private readonly YourDbContext _context = new YourDbContext(); // Replace with your DbContext class
[HttpPost]
public ActionResult ProcessTransaction()
{
using (var scope = new TransactionScope())
{
try
{
// Example operation 1: Add a new record
var newRecord = new YourModel { Name = "Example", DateCreated = DateTime.Now };
_context.YourModels.Add(newRecord);
_context.SaveChanges();
// Example operation 2: Update another record
var existingRecord = _context.YourModels.Find(1);
if (existingRecord != null)
{
existingRecord.Name = "Updated Name";
_context.SaveChanges();
}
// Commit the transaction
scope.Complete();
return Content("Transaction completed successfully.");
}
catch (Exception ex)
{
// Log the error and handle the rollback automatically
return Content($"Transaction failed: {ex.Message}");
}
}
}
}
The Complete() method signals that all operations have succeeded. If not called, the transaction will automatically roll back.
An exception inside the using block ensures the transaction is rolled back.
Ensure all database operations use the same connection
TransactionScopeAsyncFlowOption is an enumeration in .NET, often used in combination with TransactionScope to handle asynchronous code in scenarios like MVC (Model-View-Controller) applications. This option allows transactions to flow across asynchronous continuations, which is essential for maintaining transactional integrity in async/await scenarios.
By default, TransactionScope does not support flowing transactions across asynchronous code. Without enabling TransactionScopeAsyncFlowOption, operations after await may not be executed within the same transaction context, potentially leading to inconsistencies.
Sample Code
using (var scope = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
{
await SomeAsyncDatabaseOperation();
// Additional asynchronous operations
await AnotherAsyncMethod();
scope.Complete(); // Commit the transaction if all operations succeed
}
There are 3 options -
Enabled: Allows the transaction context to flow across asynchronous operations.
Suppress: Prevents the transaction context from flowing across async continuations.
None: Default behavior (transaction context does not flow across async boundaries).
ICryptoTransform is an interface in the System.Security.Cryptography namespace. It defines the basic operations of cryptographic transformations, such as:
Encrypting data
Decrypting data
Transforming data for hashing
The AppDomain.CurrentDomain.BaseDirectory property is used to get the base directory of the current application domain. This is particularly useful when you need to construct file paths or access resources within the application.
Example :
string basePath = AppDomain.CurrentDomain.BaseDirectory;
IHttpContextAccessor is an interface in ASP.NET Core that provides access to the current HttpContext. It allows services and components to access HTTP-specific information (like requests, responses, and user information) outside of the MVC pipeline, where dependency injection normally wouldn't provide HttpContext directly.
The Mediator pattern is a behavioral design pattern that promotes loose coupling between components. Instead of components communicating directly, they interact through a mediator object. This helps reduce dependencies and simplifies communication between classes.
When to Use:
When a set of objects need to communicate in a well-defined but complex manner.
To centralize complex communications logic in one class, improving maintainability.
In the case of MVC Core, MediatR is the popular .NET library implementing the Mediator pattern. It simplifies communication within ASP.NET Core by sending requests (commands/queries) and handling them in a centralized way.
Benefits of Combining Mediator with MVC Core:
Decoupling: Controllers are not tightly bound to specific services or models.
Testability: Easier to write unit tests for handlers and mediator logic.
Maintainability: Reduces complexity in controllers, keeping them clean and focused on handling HTTP requests.
System.Diagnostics.Stopwatch is often used for measuring the time taken to execute code blocks, such as controller actions, database queries, or any performance-critical sections. This helps with profiling and improving the performance of your application.
Sample Code
using System.Diagnostics;
using System.Web.Mvc;
public class HomeController : Controller
{
public ActionResult Index()
{
Stopwatch stopwatch = new Stopwatch(); // Create a new instance of Stopwatch
stopwatch.Start(); // Start measuring time
// Simulate some processing time
System.Threading.Thread.Sleep(2000);
stopwatch.Stop(); // Stop measuring time
ViewBag.ExecutionTime = stopwatch.ElapsedMilliseconds; // Pass the elapsed time to the view
return View();
}
}
ExceptionContext is a class that provides information about an exception that occurs during the execution of an MVC action or filter. It is primarily used within exception filters to customize error handling.
Properties of ExceptionContext
Exception: The actual Exception object that was thrown.
Handled: A boolean indicating whether the exception has been handled. Setting this to true prevents the exception from propagating further.
Result: An IActionResult that can be set to customize the response sent to the client.
ActionDescriptor: Describes the action where the exception occurred.
HttpContext: Provides access to the HttpContext, allowing you to access request, response, and session data.
RouteData: Contains the route data associated with the current request.
ModelState: Represents the state of the model during the current request
Create a class which by implementing the IExceptionFilter interface or inheriting from ExceptionFilterAttribute:
Example by implementing a IExceptionFilter interface
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System;
public class CustomExceptionFilter : IExceptionFilter
{
public void OnException(ExceptionContext context)
{
// Log the exception (you could use a logging framework here)
Console.WriteLine(context.Exception.Message);
// Customize the response
context.Result = new JsonResult(new
{
error = "An error occurred while processing your request.",
details = context.Exception.Message
})
{
StatusCode = 500 // Internal Server Error
};
// Mark the exception as handled
context.ExceptionHandled = true;
}
}
If you want to use globally, then you have to register in ConfigureServices method of Startup.cs file
The OnResultExecuted method is part of the action filter pipeline. It is used to perform operations after the result of an action method has been executed, but before the response is sent to the client. This method is typically found in custom action filters.
The ResultExecutingContext is part of the filter pipeline and is used in action filters and result filters. It provides context information during the execution of a result filter's lifecycle. This context is especially relevant when you need to execute code right before the action result is executed and sent to the client.
This context provides access to the result being executed, the HTTP context, and other relevant data.
Main Properties of ResultExecutingContext:
HttpContext: Represents the HTTP context associated with the request.
Result: The result to be executed. You can manipulate this result or replace it if needed.
ActionDescriptor: Provides information about the currently executing action.
RouteData: Provides information about the route data.
ModelState: Represents the state of model binding and validation.
Cancel: A boolean value that, when set to true, prevents the execution of the result. This is useful for short-circuiting the pipeline.
For example to in order to get info about current area,controller,action method name,you can override method OnResultExecuting.
Example
public class ApprovalActionFilter : ActionFilterAttribute
{
public void OnException(ExceptionContext filterContext)
{
}
public override void OnResultExecuting(ResultExecutingContext filterContext)
{
string Area = filterContext.RouteData.DataTokens["area"]?.ToString() ?? "";
string Controller = filterContext.RouteData.Values["controller"].ToString();
string Action = filterContext.RouteData.Values["action"].ToString();
string RequestMethod = filterContext.HttpContext.Request.HttpMethod;
}
asp-validation-summary.
Separation of Concerns (SoC) in the Model-View-Controller (MVC) architecture is a design principle that divides a software application into distinct sections, each with its specific role. This separation improves code organization, maintainability, and scalability by ensuring that different aspects of the application do not overlap in responsibilities.
It is implemented by help of model,view,controller.
Model:
Represents the application's data and business logic.
View
Displays data and provides the user interface (UI).
Controller:
Acts as an intermediary between the Model and the View.
Modelstate represents errors that come from two subsystems: model binding and model validation. Errors that originate from model binding are generally data conversion errors.
It is a dictionary containing the state of the model and model binding validation.
you can add the error to Model state in try catch code also. For eg,
try
{
// crud operation here
}
catch (Exception ex)
{
string errMessage = ex.Message;
ModelState.AddModelError("", errMessage);
return View(item);
}
Model validation occurs after model binding and reports errors where data doesn't conform to business rules.
Moreover, the ModelState object has an IsValid property where we can check its state. This property is exposed since it should be an application’s responsibility to review ModelState and act accordingly.
Web API controllers don't have to check ModelState.IsValid if they have the [ApiController] attribute
A .csproj file (short for C# Project file) is an XML-based file used by .NET Core (and .NET Framework) projects to define essential information about the project, such as dependencies, configuration, and build settings. For an ASP.NET Core MVC application, the .csproj file specifies the project's dependencies and settings for building and running the application.
Unit testing is a form of testing in which individual components are isolated from the rest of the application so their behavior can be thoroughly validated. ASP.NET Core MVC has been designed to make it easy to create unit tests, and Visual Studio provides support for a wide range of unit testing frameworks.
By Default, only 3 types
int
string
byte[]
create an extension class to store and retrieve objects in session
The object is converted into JSON and stored as a string. Later, it is retrieved as a string and deserialized to the original object.
Sample Code
public static class SessionExtensions
{
public static void SetObject(this ISession session, string key, object value)
{
session.SetString(key, JsonConvert.SerializeObject(value));
}
public static T GetObject<T>(this ISession session, string key)
{
var value = session.GetString(key);
return value == null ? default(T) : JsonConvert.DeserializeObject<T>(value);
}
}
Now, you can store your complex objects as shown below:
var newclass = new Product();
HttpContext.Session.SetObject("Product", objNew);
In order to Get it,
var objComplex = HttpContext.Session.GetObject("Product");
The BindNever attribute is used to explicitly prevent a property from being bound by model binding. This is useful in scenarios where you do not want certain data to be updated from the request, such as properties that are set programmatically and should not be changed by user input
When to use BindNever
Security: Prevents external input from modifying sensitive or read-only properties.
Data integrity: Ensures that certain properties are only set internally (e.g., database-generated values like Id).
Example
[BindNever]
public string CreatedBy { get; set; }
The BindRequired attribute, on the other hand, specifies that a property must be present in the input data of a request; otherwise, model binding will fail. This attribute is useful for ensuring that necessary fields are not omitted when data is submitted.
The [BindRequired] attribute only applies to model binding and does not validate data annotations like [Required], which are used in combination with ModelState.IsValid.
Example
[BindRequired]
public string Username { get; set; }
When to Use
Ensuring certain fields are always present in the incoming data.
Validating API inputs where specific fields are critical for processing.
How to restrict a positive decimal value in model class file ?
[Required]
[Range(0.01, double.MaxValue,
ErrorMessage = "Please enter a positive price")]
public decimal Price { get; set; }
First step add required jquery files in _Layout.cshtml.
For Example,
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validation/1.19.3/jquery.validate.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.11/jquery.validate.unobtrusive.min.js"></script>
Sample code.
in Model class
[Required(ErrorMessage = "Name is required")]
[StringLength(50, ErrorMessage = "Name cannot exceed 50 characters")]
public string Name { get; set; }
In View,
<form asp-action="Submit" method="post">
<div class="form-group">
<label asp-for="Name"></label>
<input asp-for="Name" class="form-control" />
<span asp-validation-for="Name" class="text-danger"></span>
</div>
</form>
Content-generating middleware in ASP.NET Core can dynamically modify or generate responses during the request processing pipeline. Middleware is a key component in ASP.NET Core applications, and you can create custom middleware to intercept requests and responses to perform tasks such as logging, modifying response content, or generating dynamic content.
Create a custom middleware class that implements the logic to generate or modify content.
Sample code
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
public class ContentGeneratingMiddleware
{
private readonly RequestDelegate _next;
public ContentGeneratingMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
// Check for specific conditions (optional)
if (context.Request.Path.StartsWithSegments("/custom-content"))
{
// Generate custom response content
context.Response.ContentType = "text/html";
await context.Response.WriteAsync("<h1>Custom Middleware Generated Content</h1>");
}
else
{
// Continue to the next middleware in the pipeline
await _next(context);
}
}
}
Add your custom middleware to the Configure method in Startup.cs or Program.cs
app.UseMiddleware<ContentGeneratingMiddleware>();
Short-circuiting middleware refers to middleware that terminates the HTTP request pipeline early, preventing subsequent middleware or request handling from being executed. This is useful when you need to handle specific conditions, such as authentication failures or requests to static files, without processing the entire pipeline.
Each middleware component in ASP.NET Core processes the request and either:
Passes the request to the next middleware in the pipeline.
Terminates the pipeline early by directly generating a response.
Short-Circuiting Middleware occurs when a middleware stops the pipeline from continuing by immediately sending a response to the client.
Sample code
public class ShortCircuitMiddleware
{
private readonly RequestDelegate _next;
public ShortCircuitMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext context)
{
// Short-circuiting condition: stop further processing if URL is "/stop"
if (context.Request.Path == "/stop")
{
context.Response.StatusCode = 403; // Forbidden
await context.Response.WriteAsync("Request was short-circuited!");
return; // Short-circuit: stop the pipeline
}
// Continue to the next middleware if condition is not met
await _next(context);
}
}
IHostingEnvironment (or IWebHostEnvironment in newer versions) is an interface that provides information about the web hosting environment an application is running in. It's often used to configure different behavior depending on whether the application is running in development, staging, or production environments.
Sample code for getting hosting envionment in controller method
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
public class HomeController : Controller
{
private readonly IWebHostEnvironment _env;
public HomeController(IWebHostEnvironment env)
{
_env = env;
}
public IActionResult Index()
{
if (_env.IsDevelopment())
{
// Perform development-specific actions
return Content("Running in Development environment.");
}
else if (_env.IsProduction())
{
// Perform production-specific actions
return Content("Running in Production environment.");
}
return Content($"Environment: {_env.EnvironmentName}");
}
}
ApplicaitonName : It returns the name of the application, which is set by the hosting platform.
EnvironmentName : It returns a string that describes the current environment.
ContentRootPath: It retruns the path that contains the application's content files and configuration files.
WebRootPath : It returns a string that specifies the directory that contains the static content for the application, normally, it is wwwroot folder.
ContentRootFile Provider - It returns an object that implements the IFileProvider interface and that can be used to read files from the folder specified by contentroot property.
WebRootFileProvider : It returns an object that implements the IFileProvider interface and that can be used to read files from the folder specified by the WebRootPath property.
RouteData.Values is a property that stores routing information about the current request. It contains key-value pairs that represent route parameters, typically extracted from the URL by the routing system. This data is crucial for determining which controller action to invoke and what values to pass to it.
Using RouteData.Values, you can
Access route values directly in a controller action.
Intercept or modify route values during request processing.
Access route information to influence dynamic content.
It provides access to everything that is known about the request and provides the features required to send the response back to the client.It provides context information about the current request being routed.
HttpContext: Represents the HTTP request context. This property gives access to the HTTP request and response, along with other features like session, cookies, and user authentication.
RouteData: Holds information about the matched route. The RouteData object contains the route parameters and their values, and it is used throughout the processing pipeline to resolve a route to an action.
ActionDescriptor: Contains metadata about the action that will be executed if the route match is successful. It represents the controller action that will handle the request.
Router: The router responsible for route matching. This helps in directing the request to the correct route handler.
Request: This property returns an HttpRequest object that describes the request received from the client.
Response: This property returns an HttpResponse object that is used to create the response to the client.
HttpContext: This property returns an HttpContext object, which is the source of many of the objects returned by other properties, such as Request and Response. It also provides information about the HTTP features available and access to lower-level features like web sockets.
RouteData: This property returns the RouteData object produced by the routing system when it matched the request
ModelState: This property returns a ModelStateDictionary object, which is used to validate data sent by the client.
User: This property returns a ClaimsPrincipal object that describes the user who has made the request.
Path: This property returns the path section of the request URL.
QueryString: This property returns the query string section of the request URL.
Headers: This property returns a dictionary of the request headers, indexed by name.
Body: This property returns a stream that can be used to read the request body.
Form: This property returns a dictionary of the form data in the request, indexed by name.
Cookies: This property returns a dictionary of the request cookies, indexed by name.
Connection:- This property returns a ConnectionInfo object that describes the low-level connection to the client.
Request:- This property returns an HttpRequest object that describes the HTTP request received from the client.
Response:- This property returns an HttpResponse object that is used to create the response that will be returned to the client.
Session:- This property returns an ISession object that describes the session with which the request is associated.
User:- This property returns a ClaimsPrincipal object that describes the user associated with the request.
StatusCode: This property is used to set the HTTP status code for the response.
ContentType: This property is used to set the Content-Type header of the response.
Headers: This property returns a dictionary of the HTTP headers that will be included in the response.
Cookies: This property returns a collection that is used to add cookies to the response.
Body: This property returns a System.IO.Stream object that is used to write the body data for the response.
StatusCodeResult - StatusCode - It sends a specified httpstatus to client.
OkResult - Ok - It sends an Http 200 status code to the client.
CreatedResult - Created - It sends an Http 201 status code to client.
CreatedAtActionResult - CreatedAtAction - It sends an 201 statuscode with a url in the location header that targets an action and controller.
BadrequestResult - BadRequest - it sends an http 400 status code to client
UnauthorizedResult - Unauthorised - It sends an http 401 status code to client.
NotFoundResult - NotFound - It sends an http 404 status code to client.
UnsupportedMediaTypeResult - It sends an http 415 to the client.
ActionDescriptor:- This property returns an ActionDescriptor object, which describes the action method.
HttpContext:- This property returns an HttpContext object, which provides details of the HTTP request and the HTTP response that will be sent in return.
ModelState:- This property returns a ModelStateDictionary object, which is used to validate data sent by the client, as described in Chapter 27.
RouteData:- This property returns a RouteData object that describes the way that the routing system has processed the request, as described in Chapter 15.
Filters:- This property returns a list of filters that have been applied to the action method, expressed as an IList<IFilterMetadata>
Authorization filters are used to implement an application’s security policy. Authorization filters are executed before other types of filter and before the action method is executed.
The OnAuthorization method is called to provide the filter with the opportunity to authorize the request.
For example:
Create an authorization filter to prevent access the Non-https requests.
Sample Code
public class HttpsOnlyAttribute : Attribute, IAuthorizationFilter {
public void OnAuthorization(AuthorizationFilterContext context) {
if (!context.HttpContext.Request.IsHttps) {
context.Result =
new StatusCodeResult(StatusCodes.Status403Forbidden);
}
}
}
And implement in the controller.
[HttpsOnly]
public class HomeController : Controller {
public ViewResult Index() => View("Message",
"This is the Index action on the Home controller");
public ViewResult SecondAction() => View("Message",
"This is the SecondAction action on the Home controller");
}
here HttpsOnlyAttribute class inspects the IsHttps property of the HttpRequest context object and sets the Result property to interrupt execution if the request has been made without HTTPS.
void OnActionExecuting(ActionExecutingContext context);
void OnActionExecuted(ActionExecutedContext context);
When an action filter has been applied to an action method, the OnActionExecuting method is called just before the action method is invoked, and the OnActionExecuted method is called just after the action method
The IAsyncActionFilter interface is used to define action filters that operate asynchronously. It is commonly used for tasks like logging, authentication, and custom processing logic.
It has only a method OnActionExecutionAsync.
This single method that relies on task continuation to allow the filter to run before and after the action method has been executed.
What is CDN ?
Content delivery networks (CDNs) are used to offload requests for application content to servers that are closer to the user. Rather than requesting a JavaScript file from your servers, the browser requests it from a host name that resolves to a geographically local server, which reduces the amount of time required to load files and reduces the amount of bandwidth you have to provision for your application.
For example,
The LinkTagHelper class is the built-in tag helper for link elements and is used to manage the inclusion of CSS style sheets in a view.
Some important attributes are :-
asp-href-include - It is used to select files for the href attribute on the output element.
asp-href-exclude - It is used to exclude files for the href attribute on the output element .
asp-fallback-href: It is used to specify a fallback file if there is a problem with a CDN.
asp-fallback-href-include: It is used to select files that will be used if there is a CDN problem.
asp-fallback-href-exclude: It is used to exclude files that will be used if there is a CDN problem.
asp-fallback-test-class : It is used to specify the CSS class that will be used to test the CDN.
asp-fallback-test-property : It is used to specify the CSS property that will be used to test the CDN.
asp-fallback-test-value : It is used to specify the CSS value that will be used to test the CDN.
asp-action - It specifies the action method that the URL will target.
asp-controller - It specifies the controller that the URL will target.
asp-area - It specifies the area that the URL will target
asp-fragment - It specifies the URL fragment.
asp-host - It specifies the name of the host that the URL will target.
asp-protocol - It specifies the protocol that the URL will target.
asp-route - It specifies the name of the route that the URL will target.
asp-route-* - attributes whose names begin with asp-route- are used to specify additional values for the URL so that asp-route-id attribute is used to provide a value for the id segment to the routing system.
The validation process can be extended by creating an attribute that implements the IModelValidator interface.
create a class that inherits from ValidationAttribute, and override the IsValid method.
Sample
Create a model class student
public int Id { get; set; }
[Required(ErrorMessage = "Please enter name")]
public string Name { get; set; }
[Required(ErrorMessage = "Please choose admission date.")]
[Display(Name = "Admission Date")]
[DataType(DataType.Date)]
[CustomAdmissionDate(ErrorMessage = "Admission Date must be less than or equal to Today's Date.")]
public DateTime AdmissionDate { get; set; }
Create a class which inherit from
using System;
using System.ComponentModel.DataAnnotations;
namespace MvcCoreCustomModelValidation_Demo.CustomValidation
{
public class CustomAdmissionDate : ValidationAttribute
{
public override bool IsValid(object value)
{
DateTime dateTime = Convert.ToDateTime(value);
return dateTime <= DateTime.Now;
}
}
}
In View
<div class="form-group">
<label asp-for="AdmissionDate" class="label-control"></label>
<input asp-for="AdmissionDate" class="form-control" />
<span asp-validation-for="AdmissionDate" class="text-danger"></span>
</div>
Unobtrusive client-side validation in ASP.NET Core MVC enhances the user experience by validating form inputs on the client side (in the browser) without requiring a full page reload. This reduces the load on the server and provides instant feedback to the user.
The term unobtrusive means that validation rules are
expressed using attributes added to the HTML elements that views generate. These attributes are interpreted by a JavaScript library that is included as part of MVC that, in turn, configures the jQuery Validation library, which does the actual validation work.
Steps to Enable Unobtrusive Client-Side Validation in ASP.NET Core MVC
Include Required Libraries
jQuery
jQuery Validation
jQuery Validation Unobtrusive
Add them to your project via CDN in your HTML or _Layout.cshtml:
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script src="https://cdn.jsdelivr.net/jquery.validation/1.19.3/jquery.validate.min.js"></script>
<script src="https://cdn.jsdelivr.net/jquery.validation.unobtrusive/3.2.11/jquery.validate.unobtrusive.min.js"></script>
Ensure client-side validation is enabled in your Startup.cs or Program.cs:
services.AddControllersWithViews()
Benefits of unobtrusive client side validation :-
Performance: Reduces server load.
User Experience: Provides immediate feedback.
Consistency: Validates both client and server-side for security.
This is a client-side validation technique that invokes an action method on the server to perform validation.
Remote Validation is used to validate user input on the client side by making an asynchronous call to the server.
A common example of remote validation is to check whether a username is available in applications where such names must be unique, when the user submits the data, and the client-side validation is performed. As part of this process, an Ajax request is made to the server to validate the username that has been requested. If the username has been taken, a validation error is displayed so that the user can enter another value.
Steps to implement remote validation.
Create a model and use the [Remote] attribute on the property you want to validate remotely.
[Required]
[Remote(action: "CheckUsername", controller: "Account", ErrorMessage = "Username already exists.")]
public string Username { get; set; }
Implement the action in the controller to handle the remote validation request. It should return a JsonResult.
using Microsoft.AspNetCore.Mvc;
public class AccountController : Controller
{
// Simulated user check - in a real app, query the database
private readonly List<string> _existingUsernames = new List<string> { "john_doe", "alice", "bob123" };
public IActionResult CheckUsername(string username)
{
if (_existingUsernames.Contains(username, StringComparer.OrdinalIgnoreCase))
{
return Json(false); // Username is taken
}
return Json(true); // Username is available
}
}
Ensure jQuery Validation and Unobtrusive Validation scripts are included in your view. These are required for remote validation to work on the client side
In the View,
<form asp-action="Register" method="post">
<div class="form-group">
<label asp-for="Username"></label>
<input asp-for="Username" class="form-control" />
<span asp-validation-for="Username" class="text-danger"></span>
</div>
<button type="submit" class="btn btn-primary">Register</button>
</form>
The IFileProvider interface is a core abstraction for accessing file systems. It provides a way to work with files and directories, whether they are located on the physical file system, embedded within an assembly, or in other custom storage locations. This interface is particularly useful when dealing with resources like static files, views, and configuration files.
In ASP.NET Core, IFileProvider is used by the StaticFiles middleware to serve static files from specified directories.
Sample Code:
using Microsoft.Extensions.FileProviders;
// Create a PhysicalFileProvider instance for a specific directory
var fileProvider = new PhysicalFileProvider(@"C:MyWebAppwwwroot");
// Get file information
IFileInfo fileInfo = fileProvider.GetFileInfo("images/logo.png");
// Check if the file exists and read its contents
if (fileInfo.Exists)
{
using (var stream = fileInfo.CreateReadStream())
{
// Process the stream (e.g., read file contents)
}
}
// Monitor changes to a specific file
var changeToken = fileProvider.Watch("config/settings.json");
changeToken.RegisterChangeCallback(state =>
{
// Handle file changes (e.g., reload configuration)
}, null);
IApplicationBuilder interface is used to configure the HTTP request pipeline in a web application. The pipeline is a sequence of middleware components that process incoming requests and generate responses. Middleware can perform various tasks, such as routing, authentication, logging.
The IApplicationBuilder interface provides the means to define the structure of the ASP.NET pipeline.
It is used as parameter in the Configure method of the startup.cs file.
What are the benefits of Dependency Injection over Service locator pattern ?
DI Makes unit testing easier by allowing you to inject mock or stub dependencies into your classes. This enables testing in isolation without relying on actual implementations
Dependencies are explicit, making it clear what a class needs by looking at its constructor or methods. This improves readability and helps new developers understand the class's dependencies.
Promotes the use of interfaces and abstractions, reducing tight coupling between classes. This makes your application more modular and easier to extend or modify.
Follows the Inversion of Control principle naturally, where the control of creating and managing dependencies is shifted to an external container.
ASP.NET Core has built-in support for dependency injection with a well-defined configuration. It provides a straightforward way to register and resolve services.
Issues related to missing or misconfigured dependencies are often caught at application startup, making them easier to diagnose and fix.
Changing a dependency implementation is easier, as you only need to update the service registration in one place (usually in the Startup.cs or Program.cs file).
AddControllersWithViews() is a method in ASP.NET Core used to configure services for MVC (Model-View-Controller) applications with both controllers and views. This method registers the necessary services for handling controllers and views, enabling your application to process HTTP requests and serve Razor views.
It is a architectural patterns like MVC, commonly used in application development, especially in ASP.NET Core.
Command Query Responsibility Segregation is a pattern that separates read and write operations:
Commands: Modify the system state (e.g., create, update, delete).
Queries: Retrieve data without changing the state.
CQRS is often paired with Event Sourcing and Mediator Patterns for managing complex business logic.
Steps to Implement CQRS in MVC Core:
Define Commands and Queries:
Use Handlers:
Command Handlers process commands.
Query Handlers return data for queries.
Implement a mediator (e.g., using the MediatR library) to decouple handlers from controllers.
Register command/query handlers in the service container. (DI)
Implement validation logic within command handlers.
Newtonsoft.Json is a popular, high-performance JSON framework for .NET. It allows you to easily work with JSON data in C#, providing functionality for parsing, serializing, and deserializing JSON.
You can convert a C# object into a JSON string using JsonConvert.SerializeObject
You can convert a JSON string back into a C# object using JsonConvert.DeserializeObject.
System.Text.Json.JsonSerializer is a class in .NET used for serializing and deserializing objects to and from JSON (JavaScript Object Notation) format. It is part of the System.Text.Json namespace, introduced in .NET Core 3.0, and is optimized for performance, offering a lightweight and high-speed way of working with JSON data.
Use the File.ReadAllTextAsync or FileStream with async methods.
Sample Code
static async Task Main(string[] args)
{
var astr = await File.ReadAllTextAsync(@"C:UsersUserDesktopTest.txt");
Console.WriteLine(astr);
}Use the File.WriteAllTextAsync or FileStream with async methods
Sample Code
var writeMe = "File content"; File.WriteAllText("output.txt", writeMe);
Canceling asynchronous tasks is often managed using the CancellationToken mechanism. Cancelling a Task in C# using a CancellationToken is a powerful way to terminate asynchronous operations.This provides a robust way to signal cancellation requests to tasks and manage their behavior.
Attributes in ASP.NET Core are declarative tags that provide additional information about the behavior of code elements, such as classes, methods, and properties. They can be used as reusable elements that can be applied to various targets.
Here are some examples of attributes in ASP.NET Core:
[Route]: Specifies the URL pattern for an action or controller
[Bind]: Specifies the properties and prefix to include for model binding
[HttpGet]: Identifies an action that supports the HTTP GET action verb
[Consumes]: Specifies the data types that an action accepts
Compare: Validates that two property values in a model match
Range: Validates that a property value falls within a specified range
RegularExpression: Validates that a property value matches a specified regular expression
Remote: Performs a remote validation when you call an action method on the server to validate inputs on the client
asp-page: The name of the Razor page
asp-page-handler: The name of the Razor page handler
asp-route: The name of the route
asp-route-{value}: A single URL route value
The @implements directive is used within Razor views or pages to inject and implement a specified interface into a view. This allows you to define view-specific functionality, ensuring the view has access to methods or properties defined in the interface.
Example - Create an interface and implement it in a view
public interface ICustomViewInterface
{
string GetGreetingMessage();
}
In View
@inherits Microsoft.AspNetCore.Mvc.Razor.RazorPage<TModel>
@implements ICustomViewInterface
@functions {
public string GetGreetingMessage()
{
return "Hello from the implemented interface!";
}
}
<h1>@GetGreetingMessage()</h1>
Benefits of using @implements:
Reusability: Allows you to share common functionality across different views.
Consistency: Enforces a contract that views must follow, leading to more maintainable code.
Decoupling: Separates view-specific logic from controller logic, keeping each part of the MVC pattern distinct.
@Implements is Only valid in views (.cshtml files).
localhost
Entity Framework Core (EF Core)
Dapper
Ado.Net
LINQ to SQL
Microservices or APIs
yes.
Example:-
[RegularExpression(@"^[A-Z]+[a-zA-Z""'s-]*$"), Required, StringLength(30)]
How to restrict entry with minimum length and not allowing null using attributes in model class ?
[StringLength(60, MinimumLength = 3)]
[Required]
public string Title { get; set; }
What is Scaffolding in EFCore ?
Scaffolding in Entity Framework Core (EF Core) refers to generating C# classes (models) and a DbContext based on an existing database schema. This is particularly useful when you want to reverse-engineer an existing database into a new or existing EF Core project.
It is the command of the EF Core Package Manager Console (PMC) tools to scaffold entity type classes and a DbContext class based on a database schema.
It generate the DbContext and models.This is mainly used for DB First approach.That is first create db and tables and run this commnand from nmp console. For example,
Scaffold-DbContext "Server=DESKTOP-AB46;Database=TestDB;Trusted_Connection=True;" Microsoft.EntityFrameworkCore.SqlServer -OutputDir Models.
All the model classes of the tables will be created in Models folder and also a Dbcontext class file.
After updating database, you can give the following command,
Scaffold-DbContext "Server=DESKTOP-AB46;Database=TestDB;Trusted_Connection=True;" Microsoft.EntityFrameworkCore.SqlServer -OutputDir Models --force
It allows the browser to send cookies with requests originating from other sites.
It is used in different scenarios.
Advertisers may use cross-site cookies to track a user's visits to various websites where they advertise.
A malicious site can use cross-site cookies to fixate the session identifier cookie of another site, which can be used to perform session fixation attacks.
You can block cross-site cookies in almost major browsers.
You have to configure in the ConfigureServices method of the startup..cs
public void ConfigureServices(IServiceCollection services)
{
services.ConfigureApplicationCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.None; // Allow cross-site usage
options.Cookie.SecurePolicy = CookieSecurePolicy.Always; // Ensure Secure flag is set
});
}
For example,
Response.Cookies.Append("myCookie", "cookieValue", new CookieOptions
{
SameSite = SameSiteMode.None,
Secure = true, // Important: ensures compliance with modern browser standards
HttpOnly = true
});
Use carefully, as enabling cross-site cookies can expose your site to cross-site request forgery (CSRF) attacks if not properly protected.
This setup is useful for applications that interact with external services or domains, such as API integrations or Single Sign-On (SSO) scenarios.
[DataType(DataType.Date)]
public DateTime ReleaseDate { get; set; }
Now time part from the value wont display.
It is a security risk. Cross Site Request Forgery is so much easier in GET requests. Moreover, it violates HTTP best practices and the architectural REST pattern, which specifies that GET requests shouldn't change the state of your application.
Lambdas are used in method-based LINQ queries as arguments to standard query operator methods such as the Where method or Contains. LINQ queries are not executed when they're defined or when they're modified by calling a method such as Where , Contains , or OrderBy . Rather, query execution is deferred.
What is mean by ApplyFormatInEditMode = true) of the option Displayformat attribute in model class ?
The ApplyFormatInEditMode setting specifies that the formatting should also be applied when thevalueis displayed in a text box for editing.
For eg,
[DisplayFormat(DataFormatString = "{0:yyyy-MM-dd}", ApplyFormatInEditMode = true)]
public DateTime ReleaseDate { get; set; }
Here while editing the field also, it checks for the dateformat specified.
If you are not using Date type attribute, by default, the browser will render data using the correct format based on your locale.
True
(You will need to disable jQuery datevalidation to use the Range attribute with DateTime)
This attribute indicates that the controller responds to web API requests.
The [ApiController] attribute is used to denote a controller class as a Web API controller. This attribute enhances the behavior of the controller and provides built-in functionalities and conventions that simplify the development of RESTful APIs.
The [ApiController] attribute can be applied to a controller class to enable the following opinionated, API_specific behaviors:
Attribute routing requirement
Automatic HTTP 400 responses
Binding source parameter inference
Multipart/form-data request inference
Problem details for error status codes.
No. becuase,
In Web API, Automatically returns a 400 Bad Request response if the model state is invalid, without needing to manually check ModelState.IsValid inside each action.
you can use built-in methods like JsonSerializer or Newtonsoft.Json.
Example - JsonSerializer
Using System.Text.Json
var myObject = new { Name = "John", Age = 30 };
string jsonString = JsonSerializer.Serialize(myObject);
Console.WriteLine(jsonString);
Example - NewtonSoft.Json
First install package Newtonsoft.Json.
using Newtonsoft.Json;
var myObject = new { Name = "John", Age = 30 };
string jsonString = JsonConvert.SerializeObject(myObject);
Console.WriteLine(jsonString);
IdentityServer is an open-source framework used to implement authentication and authorization in ASP.NET Core applications. It helps secure APIs and provides Single Sign-On (SSO) capabilities for modern applications.
Install necessary Jquery files.
create a Core Web API method
In View call Jquery Ajax method
For example,
Core Web API Method .
using Microsoft.AspNetCore.Mvc;
[Route("api/[controller]")]
[ApiController]
public class SampleController : ControllerBase
{
[HttpGet]
public IActionResult Get()
{
return Ok(new { Message = "Hello from the Web API!", Time = DateTime.Now });
}
}
In View
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Call ASP.NET Core API with jQuery</title>
<!-- Include jQuery from CDN -->
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
</head>
<body>
<h1>API Data:</h1>
<div id="apiResponse"></div>
<script>
$(document).ready(function() {
// Call the API endpoint
$.ajax({
url: 'https://localhost:5001/api/sample', // Change the URL to match your API's URL
type: 'GET', // HTTP method
dataType: 'json', // Expected response type
success: function(response) {
// Handle the successful response
$('#apiResponse').html(`
<p>Message: ${response.message}</p>
<p>Time: ${response.time}</p>
`);
},
error: function(xhr, status, error) {
// Handle errors
console.error('Error:', status, error);
$('#apiResponse').html('<p>Error occurred while fetching data.</p>');
}
});
});
</script>
</body>
</html>
What is ML.Net ?
ML.NET is an open-source, cross-platform machine learning framework developed by Microsoft, which allows .NET developers to incorporate machine learning models into their .NET applications, including ASP.NET Core MVC (Model-View-Controller) projects. It provides a simple API for creating, training, and deploying machine learning models for a variety of tasks like classification, regression, clustering.
It returns a value that's created by concatenating two other properties
For eg,
public string LastName { get; set; }
public string FirstName { get; set;
public string FullName
{
get
{
return LastName + ", " + FirstMidName;
}
}
The DataType attribute is used to specify the type of data associated with a model property. It helps to provide additional metadata for the model, which can influence how the data is displayed and validated in the view. The attribute belongs to the System.ComponentModel.DataAnnotations namespace.
Common DataTypes:
Text: Default for string properties.
Password: Masks the input in UI.
EmailAddress: Indicates an email field; supports validation.
Url: For web addresses.
PhoneNumber: For phone numbers; supports formatting and validation.
Currency: Used for monetary values.
Date: Displays only the date part.
Time: Displays only the time part.
Example
[DataType(DataType.EmailAddress)]
public string Email { get; set; }
[DataType(DataType.Date)]
public DateTime BirthDate { get; set; }
[DataType(DataType.PhoneNumber)]
public string PhoneNumber { get; set; }
[DataType(DataType.Password)]
public string Password { get; set; }
Fluent APIs are commonly used in Entity Framework Core (EF Core) and when configuring options or building complex query expressions.
Fluent APIs in EF Core provide detailed control over model configuration, such as setting relationships, constraints, and keys. They are used within the OnModelCreating method in your DbContext in EFCore.
They are alternatives to attributes in model class.
Example
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Entity<School>()
.Property(b => b.StudentId)
.IsRequired();
}
Here we have created a required property named StudentId in a School db.
Lazy loading and eager loading are data-loading techniques commonly used with Object Relational Mapping (ORM) frameworks like Entity Framework Core.
Lazy loading delays the loading of related data until it is explicitly requested. It improves performance when dealing with large datasets or when the related data isn't always needed.
Advantages:
Reduces initial data load, improving performance when related data is rarely needed.
Reduces memory consumption if not all data is needed.
Disadvantages:
Can cause multiple queries, leading to the "N+1 query problem."
May introduce performance issues if many related entities are accessed in a loop.
Eager loading retrieves related data along with the main entity query. It's done using the Include() method in Entity Framework Core.
Advantages:
Reduces the number of queries sent to the database.
Avoids the N+1 query problem.
Improves performance when you know related data will be needed.
Disadvantages:
Loads more data upfront, which may increase memory usage and response time for large datasets.
Might fetch unnecessary data if related entities are not always needed.
Example
var blogs = context.Blogs
.Include(b => b.Posts) // Eagerly load related Posts
.ToList();
An entity may be in one of the following states:
Added - The entity doesn't yet exist in the database.The SaveChanges method issues an INSERT statement.
Unchanged - Nothing needs to be done with this entity by the SaveChanges method. When you read an entity from the database, the entity starts out with this status.
Modified - Some or all of the entity's property values have been modified.The SaveChanges method issues an UPDATE statement.
Deleted - The entity has been marked for deletion.The SaveChanges method issues a DELETE statement.
Detached - The entity isn't being tracked by the databasecontext.
What are the methods of Entity Framework CodeFirst API that enable
you to pass SQL commands directly to the database ?
Use the DbSet.FromSql method for queries that return entity types.
Use the Database.ExecuteSqlCommand for non-query commands.
Kestrel is a cross-platform web server. Kestrel is often run in a reverse proxy configuration using IIS. In
ASP.NET Core 2.0 or later, Kestrel can be run as a public-facing edge server exposed directly to the Internet.
IIS HTTP Server is a server for windows that uses IIS. With this server, the ASP.NET Core app and IIS run in the same process.
HTTP.sys is a server for Windows that isn't used with IIS.
The Options Pattern is a design pattern used to manage and access configuration settings in a structured way. It promotes strong typing and separation of concerns, making configuration management more organized and maintainable.
Benefits :
Strong Typing: Configuration values are mapped to strongly-typed classes.
Validation: You can validate configuration data.
Decoupling: Decouples configuration logic from application code.
Steps in implementing option pattern :
Create a Configuration Class to represent your configuration settings:
Example
public class MyAppSettings
{
public string ApiKey { get; set; }
public int MaxItems { get; set; }
}
Place your configuration values declared in above class in appsettings.json.
{
"MyAppSettings": {
"ApiKey": "12345-abcde",
"MaxItems": 100
}
}
Register the configuration class with the dependency injection container in ConfigureService method of Startup.cs file.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<MyAppSettings>(Configuration.GetSection("MyAppSettings"));
services.AddControllersWithViews();
}
Inject and Access Configuration
using Microsoft.Extensions.Options;
public class MyController : Controller
{
private readonly MyAppSettings _settings;
public MyController(IOptions<MyAppSettings> options)
{
_settings = options.Value;
}
public IActionResult Index()
{
ViewData["ApiKey"] = _settings.ApiKey;
return View();
}
}
ASPNETCORE_ENVIRONMENT is an environment variable in ASP.NET Core that specifies the environment the application is running in. This setting influences how the application behaves, particularly in terms of configuration, logging, and error handling.
Common Environment Values:
Development: Used during development. Enables detailed error messages, the developer exception page, and other debugging features.
Staging: Used in staging environments for testing before deploying to production. Can mirror the production setup closely.
Production: Used in live production environments. It typically disables detailed error messages to avoid leaking sensitive information and ensures optimized performance.This is the default environment.
you can set ASPNETCORE_ENVIRONMENT in launchsettings.json
create a Startup{EnvironmentName} class for each environment.
for eg, in development environment,
public class StartupDevelopment
{
public void ConfigureServices(IServiceCollection services)
{
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
}
}
Here Both Configure and Configureservice method also can be set according to the environement.
Example for Staging environement,
public void ConfigureStagingServices(IServiceCollection services)
{
StartupConfigureServices(services);
}
public void ConfigureStaging(IApplicationBuilder app, IHostingEnvironment env)
{
if (!env.IsStaging())
{
throw new Exception("Not staging.");
}
app.UseExceptionHandler("/Error");
app.UseStaticFiles();
app.UseMvc();
}
It provide a more flexible and powerful way to handle routing in your application. It separates routing decisions from middleware execution, improving performance and enabling advanced routing capabilities.
For eg, In startup.cs
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
action
area
controller
handler
page
This can be done 2 ways
1. Using UseWhen Middleware in Startup.cs file.
You can use middleware to check the host and return a 404 or redirect if it doesn’t match the required host.
Sample Code
public class Startup
{
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseWhen(context => !context.Request.Host.Host.Equals("example.com", StringComparison.OrdinalIgnoreCase), appBuilder =>
{
appBuilder.Run(async context =>
{
context.Response.StatusCode = StatusCodes.Status404NotFound;
await context.Response.WriteAsync("Host not allowed.");
});
});
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
}
2nd method
Using RequireHost Attribute with Endpoint Routing.
using Microsoft.AspNetCore.Mvc;
[RequireHost("example.com", "www.example.com")]
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
}
IExceptionHandlerPathFeature in ASP.NET Core is an interface used to capture exception details when using the built-in exception-handling middleware. It provides information about unhandled exceptions, such as the error path and exception details.
Sample Code
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// Enable Exception Handler Middleware
app.UseExceptionHandler("/Error"); // Redirect to a custom error page
// Example of accessing exception details:
app.Use(async (context, next) =>
{
await next();
if (context.Response.StatusCode == 500)
{
var exceptionHandlerPathFeature = context.Features.Get<IExceptionHandlerPathFeature>();
if (exceptionHandlerPathFeature != null)
{
var exception = exceptionHandlerPathFeature.Error; // Get the exception object
var path = exceptionHandlerPathFeature.Path; // Get the path where the exception occurred
// Log the details (for demonstration purposes, using console logging)
Console.WriteLine($"Error: {exception.Message}");
Console.WriteLine($"Path: {path}");
}
}
});
// Add other middleware like routing, static files, etc.
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
[SkipStatusCodePages] is an attribute used to bypass the status code pages middleware for specific actions or controllers. This can be useful when you want to avoid the standard status code pages for certain endpoints and return custom error responses instead.
[SkipStatusCodePages] ensures that the response generated by the action is sent directly without being intercepted or modified by the middleware.
Sample code
using Microsoft.AspNetCore.Mvc;
public class HomeController : Controller
{
[HttpGet("/api/error")]
[SkipStatusCodePages] // This action will not use the status code pages middleware
public IActionResult Error()
{
return StatusCode(404, new { message = "Resource not found" });
}
}
wwwroot is the default location. We can change it by HostingAbstractionsWebHostBuilderExtensions.UseWebRoot Method.
In an ASP.NET Core MVC application using Entity Framework Core (EF Core Codew First Approach), the __EFMigrationsHistory table is automatically created and managed by EF Core. This table keeps track of the migrations that have been applied to the database.
The HtmlEncoder.Default.Encode method is used to encode strings to ensure that content is safely displayed in HTML views, preventing Cross-Site Scripting (XSS) attacks.
It converts special characters in a string to their HTML-encoded representations.
for eg,
< becomes <
For example,
string userInput = "<script>alert('XSS');</script>"; // Potentially harmful input
string safeOutput = HtmlEncoder.Default.Encode(userInput);
Windows Authentication in ASP.NET Core allows your application to authenticate users based on their Windows credentials. It's commonly used in intranet applications where you need to authenticate users within an organization using their Active Directory accounts.
Windows authentication can be configured with IIS,Kestrel or HTTP.sys.
To enable windows authentication, create a new project. While creating you can specify authentication or in an existing application you can configure windows authentication in the iisSettings node of the launchSettings.json file:
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": false,
"iisExpress": {
"applicationUrl": "http://localhost:52000/",
"sslPort": 44358
}
}
In program.cs or startup.cs file,
builder.Services.AddAuthentication(IISDefaults.AuthenticationScheme);
builder.Services.AddAuthorization();
You can secure specific controllers or actions with the [Authorize] attribute:
in Controller,
[Authorize]
public class HomeController : Controller
{
public IActionResult Index()
{
// here you can write your logic.
}
}
Azure Active Directory (Azure AD) is a cloud-based identity and access management service from Microsoft, widely used to authenticate users and control access to applications. Integrating Azure AD into an ASP.NET Core application allows you to secure your app using Azure AD's authentication capabilities.
Steps Involved :
1. Install package Microsoft.AspNetCore.Authentication.Cookies
2. In Configure services method of startup.cs (or in program.cs)
Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Account/Login"; // Redirect path for unauthenticated users
options.AccessDeniedPath = "/Account/AccessDenied"; // Path for access denied
options.ExpireTimeSpan = TimeSpan.FromMinutes(30); // Session timeout
options.SlidingExpiration = true; // Reset expiry on each request
});
Services.AddAuthorization();
In configure method,
app.UseAuthentication();
app.UseAuthorization();
3. In controller method, check the identity of use and create a set of Claims and add to the cookie and set expiration for eg, 30 minutes.
Sample code
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using System.Security.Claims;
public class AccountController : Controller
{
[HttpPost]
public async Task<IActionResult> Login(string username, string password)
{
// Validate user credentials (you would replace this with your own logic)
if (username == "test" && password == "password")
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, username),
new Claim(ClaimTypes.Role, "Administrator")
};
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
new AuthenticationProperties
{
IsPersistent = true, // Persist across browser sessions
ExpiresUtc = DateTime.UtcNow.AddMinutes(30)
});
return RedirectToAction("Index", "Home");
}
return View(); // Return to login view with error
}
}
4. Write the logic for logout also. For eg,
[HttpPost]
public async Task<IActionResult> Logout()
{
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return RedirectToAction("Login", "Account");
}
5. In Controller use [authorize] attribute to protect the method.
[Authorize]
public IActionResult SecureArea()
{
return View();
}
Certificate authentication in ASP.NET Core allows you to authenticate clients (like users or services) based on certificates rather than traditional methods like username/password. This is particularly useful in securing APIs or internal services.
Certificate-based Authentication uses Digital Certificate to identify a client’s request and then grants it the access to a resource, network, application.
In view-based authorization, we conditionally display or enable different view parts, such as buttons, links, and form fields, based on the user’s authorization status.
Not only in controller method, we can also check the authorization login in views also.
First create a service class with a logic to identity a user and his role and inject this service using @inject command into the view and check the login in view.
For example, if you are using Identity framework, you can check role like this
For password hashing & encryption, we can use the package
Microsoft.AspNetCore.Cryptography.KeyDerivation package, which uses PBKDF2 (Password-Based Key Derivation Function 2) for secure key derivation.
You can use the KeyDerivation.Pbkdf2 method to securely hash passwords with a salt.
First Install package Microsoft.AspNetCore.Cryptography.KeyDerivation.
Sample Code
string password = "MySuperSecretPassword";
byte[] storedSalt = GenerateSalt(); // This should be retrieved from the database
byte[] storedHash = KeyDerivation.Pbkdf2(password, storedSalt, KeyDerivationPrf.HMACSHA256, 10000, 32);
// Assume user inputs the password for verification
string inputPassword = "MySuperSecretPassword"; // This would come from a login form
byte[] inputHash = KeyDerivation.Pbkdf2(inputPassword, storedSalt, KeyDerivationPrf.HMACSHA256, 10000, 32);
if (CompareHashes(storedHash, inputHash))
{
Console.WriteLine("Password is correct.");
}
else
{
Console.WriteLine("Password is incorrect.");
}
private static byte[] GenerateSalt()
{
byte[] salt = new byte[16]; // 16 bytes = 128 bits
using (var rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(salt);
}
return salt;
}
private static bool CompareHashes(byte[] hash1, byte[] hash2)
{
if (hash1.Length != hash2.Length)
{
return false;
}
for (int i = 0; i < hash1.Length; i++)
{
if (hash1[i] != hash2[i])
{
return false;
}
}
return true;
}
KeyDerivation.Pbkdf2 derives a key from the password using the PBKDF2 algorithm with HMAC-SHA256 as the pseudo random function.
iterationCount specifies the number of iterations the function should perform to slow down brute-force attacks.
numBytesRequested specifies the desired length of the derived key (e.g., 32 bytes for 256-bit security).
RequireHttpsAttribute is used to enforce HTTPS on specific controllers or actions. When applied, it ensures that the page or resource is accessed over HTTPS, not HTTP.
You can apply the RequireHttpsAttribute globally, at the controller level, or on specific actions.
Ensure your application is properly configured to support HTTPS in production (e.g., using an SSL certificate).
Do not use RequireHttps Attribute on Web APIs that receive sensitive information. RequireHttpsAttribute uses HTTP status codes to redirect browsers from HTTP to HTTPS.
A whitelist for IP addresses refers to a list of trusted IP addresses that are allowed to access a system, service, or network. If an IP address is on the whitelist, it is granted access, while others may be denied or have limited access. Whitelisting is commonly used in firewalls, security systems, and email services to ensure only legitimate traffic or users can interact with a resource.
To implement IP whitelisting in an ASP.NET Core MVC application, you can add custom middleware to check the incoming IP addresses against a list of allowed IPs
Steps involved:-
create a middleware class that will inspect each incoming request's IP address and compare it to the allowed list of IPs.
Sample code
public class IpWhitelistMiddleware
{
private readonly RequestDelegate _next;
private readonly List<string> _whitelistedIps;
public IpWhitelistMiddleware(RequestDelegate next, IConfiguration configuration)
{
_next = next;
_whitelistedIps = configuration.GetSection("WhitelistedIPs").Get<List<string>>();
}
public async Task InvokeAsync(HttpContext httpContext)
{
var remoteIp = httpContext.Connection.RemoteIpAddress?.ToString();
if (string.IsNullOrEmpty(remoteIp) || !_whitelistedIps.Contains(remoteIp))
{
httpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
await httpContext.Response.WriteAsync("Forbidden: Your IP is not allowed.");
return;
}
await _next(httpContext);
}
}
Add the middleware to the request pipeline in the Configure method of Startup.cs (or Program.cs for .NET 6+).
app.UseMiddleware<IpWhitelistMiddleware>();
Define the whitelisted IPs in the appsettings.json file.
Sample
{
"WhitelistedIPs": [
"192.168.1.1",
"203.0.113.0"
]
}
Now, when an incoming request comes from an IP that is not in the whitelist, it will be rejected with a 403 Forbidden response. If the IP is on the list, the request will proceed as usual.
In ASP.NET Core, a "hot code path" generally refers to the portion of the application code that is executed most frequently during runtime, which can have a significant impact on performance.
Use of any good profiling tool
Action Method Optimization:
Ensure that controllers are performing minimal work. Avoid doing expensive operations inside action methods
Asynchronous Programming:
Use async and await where applicable to ensure the action methods do not block the thread, especially for I/O-bound operations like database queries or web service calls.
Lazy Loading:
Be cautious with lazy loading in Entity Framework Core as it may lead to N+1 query problems.
Caching:
Implement caching strategies (e.g., MemoryCache, DistributedCache) to avoid querying the database frequently for the same data.
Keep the logic in the view minimal. Use partial views, components, or AJAX to offload work.
Use View Models:
Avoid passing complex models directly to the view
Early Exit in Middleware:
Avoid unnecessary work in the middleware pipeline.
Use Response Compression:
Enable gzip or brotli compression to reduce the size of HTTP responses.
Use the appropriate lifetimes for services (singleton, scoped, or transient) to avoid excessive object creation or memory leaks.
Don't inject too many dependencies into a single controller. It can slow down the system and make it harder to manage.
For larger applications, consider using load balancing techniques to distribute traffic across multiple instances of your application
Minimize large object allocations
Opitmize Data access & I/O
Pool HTTP connections with HttpClientFactory
Avoid synchronous read or write on HttpRequest/HttpResponse body
Avoid reading large request bodies or response bodies into memory
Do not access HttpContext from multiple threads
Do not modify the status code or headers after the response body has started.
In an MVC (Model-View-Controller) Core application, garbage collection is an automatic process managed by the .NET runtime (CLR), which handles the memory used by objects during the execution of an application. Garbage collection (GC) helps manage memory by automatically reclaiming unused memory and freeing resources that are no longer being referenced.
NET Core uses a generational garbage collector. It divides objects into three generations (0, 1, and 2). Objects are initially allocated in Generation 0. If they survive a GC pass, they get promoted to Generation 1 and then Generation 2.
Generation 0: Short-lived objects, frequently collected.
Generation 1: Medium-lived objects, collected less frequently.
Generation 2: Long-lived objects, collected even less frequently.
MIME types (also known as media types) are essential for defining the type of content sent to the client or accepted from the client. MIME types help browsers and other clients correctly interpret and handle the content.
you can set MIME Types in Responses.
For eg,
public IActionResult DownloadFile()
{
var fileBytes = System.IO.File.ReadAllBytes("path/to/file.pdf");
return File(fileBytes, "application/pdf", "download.pdf");
}
You can control the types of content that your actions accept using the [Consumes] attribute.
For example,
[HttpPost]
[Consumes("application/json")]
public IActionResult PostData([FromBody] MyModel model)
{
// Process data
}
some common types are below:-
.html text/html
.css text/css
.js application/javascript
.json application/json
.pdf application/pdf
.jpg/.jpeg image/jpeg
.png image/png
.gif image/gif
.mp4 video/mp4
Application Insights is a powerful monitoring service within Azure that helps you monitor the performance, availability, and usage of your ASP.NET Core MVC applications.
Application Insights provides in-depth performance data for your app. Application Insights automatically collects data on response rates, failure rates, dependency response times. Application Insights supports logging custom events and metrics specific to your app.
PerfView is a performance-analysis tool developed by Microsoft, often used for analyzing .NET applications, including ASP.NET Core MVC (Model-View-Controller) applications. It helps diagnose performance issues, such as CPU bottlenecks, memory usage, and garbage collection (GC) behavior.
Load testing an ASP.NET Core MVC application involves assessing how well the application performs under various levels of load. The goal is to identify bottlenecks and ensure the application can handle expected user traffic.
These are the some common tools
Apache JMeter: Open-source tool for performance testing.
Visual Studio Load Test: Integrated with Visual Studio (deprecated, but older versions available).
k6: Modern open-source tool for scripting load tests.
Azure Load Testing: Cloud-based load testing service.
Gatling: JVM-based load testing tool, known for detailed reports.
Locust: Python-based, supports distributed load tests.
It tests application's stability when running under extreme conditions, often for a long period of time.The tests place high user load,either spikes or gradually increasing load, on the application, or they limit the app's computing resources.
The purpose of stress testing is to evaluate a piece of software’s robustness and error-handling abilities under conditions of extremely high load and to make sure that it won’t crash under extreme conditions.
Globalization is the process of designing apps that support different cultures. Globalization adds support for input, display,and output of a defined set of language scripts that relate to specific geographic areas.
Steps involved in implementing globalization
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews()
.AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
.AddDataAnnotationsLocalization();
services.Configure<RequestLocalizationOptions>(options =>
{
var supportedCultures = new[]
{
new CultureInfo("en-US"),
new CultureInfo("fr-FR"),
new CultureInfo("es-ES")
};
options.DefaultRequestCulture = new RequestCulture("en-US");
options.SupportedCultures = supportedCultures;
options.SupportedUICultures = supportedCultures;
});
}
Add localization middleware in the Configure method:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
var localizationOptions = app.ApplicationServices.GetService<IOptions<RequestLocalizationOptions>>().Value;
app.UseRequestLocalization(localizationOptions);
// Other middleware components
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
Create Resource Files
Inject the IStringLocalizer into your controller or view:
public class HomeController : Controller
{
private readonly IStringLocalizer<HomeController> _localizer;
public HomeController(IStringLocalizer<HomeController> localizer)
{
_localizer = localizer;
}
public IActionResult Index()
{
ViewData["Message"] = _localizer["Greeting"];
return View();
}
}
Custom model binding in ASP.NET Core MVC allows you to map HTTP request data to complex objects or types that aren't directly handled by the built-in model binders. This is particularly useful when working with data structures or formats that require custom handling during the binding process.
Create a class that implements the IModelBinder interface. This class will define how to bind the data to your model.
It contains a method BindModelAsync and it has parameter of type ModelBindingContext. The ModelBindingContext class provides the context that model binder functions.
Register the custom model binder in the Startup.cs or Program.cs file.
Apply the Custom Model Binder to a Model
File Providers manage file system access, facilitating operations such as reading files, serving static content, and organizing content in a structured way. They abstract the underlying file system, providing a consistent interface for accessing files, whether from the physical file system, embedded resources, or other sources.
The Main File provider interface is IFileProvider. it has methods like
IFileInfo - to obtain file information
DirectoryContents - to objtain directory info
3 Implementation of IFileProvider
1 PhysicallFileProvider
Represents files on the physical file system.
2. EmbeddedFileProvider
Represents files embedded within an assembly.
3. CompositeFileProvider
Access files from multiple sources seamlessly.
If you want to monitor changes to files or directories, you can use IFileProvider along with its Watch method. This is useful when implementing features that respond to file changes, such as auto-reloading configuration or templates.
It provides access to the raw HTTP request data. This feature interface is usually accessed through the HttpContext and provides essential information about the incoming HTTP request.
Key Properties of IHttpRequestFeature:
Method: The HTTP method (GET, POST, etc.).
Scheme: The request scheme (HTTP or HTTPS).
PathBase: The base path of the request.
Path: The request path.
QueryString: The query string portion of the request.
Protocol: The HTTP protocol version.
Headers: The collection of request headers.
Body: The request body as a Stream.
You can access it through the HttpContext.Features collection:
Sample Code
using Microsoft.AspNetCore.Http.Features;
using Microsoft.AspNetCore.Mvc;
public class HomeController : Controller
{
public IActionResult Index()
{
var httpRequestFeature = HttpContext.Features.Get<IHttpRequestFeature>();
// Access raw HTTP request details
string method = httpRequestFeature.Method;
string path = httpRequestFeature.Path;
string queryString = httpRequestFeature.QueryString;
// Example usage
return Content($"Method: {method}, Path: {path}, QueryString: {queryString}");
}
}
IHttpResponseFeature is an interface that represents the HTTP response in the context of a request. It provides low-level access to the HTTP response's properties and functionality, such as status codes, headers, and body content.
Key Properties and Methods of IHttpResponseFeature:
StatusCode: Gets or sets the HTTP status code of the response (e.g., 200, 404, 500).
Headers: Provides access to the response headers, allowing you to read or modify them.
Body: A Stream representing the response body, which you can write directly to.
HasStarted: Indicates whether the response has started (e.g., headers have been sent).
OnStarting: Registers a callback to be invoked just before the response is sent to the client.
OnCompleted: Registers a callback to be invoked after the response has been sent.
It is primarily used for monitoring changes to data sources or configuration settings. It helps signal when something has changed, allowing components to react accordingly, such as reloading configurations, invalidating caches, or refreshing data.
Methods and Properties of IChangeToken interface-
HasChanged: Indicates if the change has occurred.
ActiveChangeCallbacks: Indicates if the token will invoke callbacks.
RegisterChangeCallback(Action<object>, object): Registers a callback to be invoked when a change occurs.
IChangeToken is integrated into the IConfiguration system to reload configurations when a file or source changes.
It is used for Monitor file changes
It is used to change column name mapping according to the database.
for eg,
[Column(TypeName = "money"]
public decimal Budget {get;set;}
Here in db, Budget column is money.
AsNoTracking() is a method in Entity Framework Core (EF Core) that improves performance by telling EF Core not to track the retrieved entities in its change tracker. This is useful when you are querying data for read-only purposes and do not intend to update these entities.
Sample Code
public async Task<IActionResult> Index()
{
var products = await _context.Products
.AsNoTracking() // Improves performance for read-only data
.ToListAsync();
return View(products);
}
Azure App Service is a fully managed platform by Microsoft Azure that enables you to build, deploy, and scale web apps, mobile app backends, and RESTful APIs. It supports multiple programming languages and frameworks, including .NET, Java, Python, Node.js, PHP, and more.
Key Features:
Multi-Language Support: Run applications in various languages, including .NET, Java, Node.js, Python, PHP, and static HTML.
Scalability: Automatically scale applications based on demand with built-in autoscaling features.
Continuous Deployment: Integrates with GitHub, Azure DevOps, Bitbucket, and other CI/CD tools for continuous deployment and automated builds.
Integrated Monitoring: Utilize Azure Monitor and Application Insights for performance monitoring and troubleshooting.
Custom Domains and SSL: Easily configure custom domains and secure your apps with SSL/TLS certificates.
Serverless Hosting (Azure Functions): App Service includes serverless options for background tasks or microservices.
Authentication and Authorization: Built-in support for authentication with Azure Active Directory, social logins, and custom OAuth providers.
DevOps Integration: Seamlessly integrates with various DevOps tools for streamlined development and deployment workflows.
Hybrid and On-Premises Connectivity: Connect your app to on-premises resources using Azure Hybrid Connections or Azure Virtual Network.
High Availability: Supports high availability with features like automatic load balancing, backup, and geo-replication.
Common Use Cases:
Hosting web applications and websites
Running RESTful APIs and microservices
Backends for mobile apps
Serverless computing with Azure Functions
1. Scalability and Flexibility
Auto-Scaling: Azure App Service allows you to automatically scale your MVC Core application based on load or manually set rules.
Elasticity: Easily adjust resources to handle traffic spikes without redeploying or restructuring your application.
2. Performance Optimization
Integrated Caching: Azure provides services like Redis Cache to speed up data retrieval.
Global Distribution: Use Azure Front Door or Azure Traffic Manager to distribute requests across global data centers, reducing latency.
3. High Availability
Built-in Load Balancing: Azure App Service includes automatic load balancing, ensuring high availability.
Service Redundancy: Deploy your MVC Core app in multiple regions to ensure resilience and disaster recovery.
4. Continuous Deployment and DevOps Integration
CI/CD Pipelines: Seamless integration with GitHub, Azure DevOps, and Bitbucket allows continuous deployment and automated testing.
Version Control: Simplifies versioning and rollback to previous versions if issues arise.
5. Security and Compliance
Managed Security: Built-in security features, including Azure Active Directory (Azure AD) integration and SSL certificates.
Compliance: Azure App Service adheres to industry standards (ISO, HIPAA, SOC, etc.) for data protection and compliance.
6. Cost Management
Pay-as-you-go Pricing: Pay for what you use with flexible pricing plans.
Resource Optimization: Monitor usage and set alerts to avoid unexpected costs.
7. Integration with Azure Services
Azure Functions: Extend functionality by integrating with serverless computing.
Azure SQL and Cosmos DB: Easily connect your MVC Core app to robust databases for structured and unstructured data.
Storage Services: Integrate with Blob Storage or Azure Files for scalable data storage.
8. Easy Management and Monitoring
Azure Monitor and Application Insights: Get detailed analytics, logs, and performance monitoring.
Diagnostics: Built-in tools to troubleshoot performance and errors.
9. Deployment Options
Docker Support: Deploy containerized MVC Core apps using Azure Kubernetes Service (AKS) or Azure Container Instances.
Blue-Green Deployment: Easily set up multiple deployment slots for zero-downtime releases.
10. Developer Productivity
Visual Studio Integration: Seamless development experience with Azure extensions for Visual Studio.
Easy Configuration: Manage settings and secrets through Azure Key Vault and App Service configurations.
app_offline.htm is a special file used primarily in ASP.NET applications. When this file is present in the root directory of an application, the ASP.NET runtime recognizes it and automatically takes the application offline and stop processing incoming requests.
DevOps for ASP.NET Core applications involves automating and optimizing the processes of development, deployment, and operations. It ensures faster, more reliable software delivery by integrating development and operations through continuous integration, continuous delivery (CI/CD), monitoring, and infrastructure management.
some DevOps practices tailored for ASP.NET Core projects:-
1. Version Control:
Tool: Git (GitHub, GitLab, Azure DevOps Repos). This is for Maintain branches (feature, development, main/master). Use pull requests for code reviews.
2. Continuous Integration (CI):
Tools:
Azure DevOps Pipelines
GitHub Actions
Jenkins
3. Continuous Delivery/Deployment (CD):
Tools
Azure DevOps Release Pipelines
Containerization:
tools
Docker
Orchestration:
Tools
Kubernetes.
Monitoring and Logging:
tools
Application Insights
Automation Scripts:
Tools: PowerShell
It is a environment involves automating the process of integrating code changes, running tests, and deploying applications.
Continuous Integration (CI): Automatically building and testing code whenever changes are committed to the repository.
Continuous Deployment/Delivery (CD): Automatically deploying the application to production or staging after passing CI tests.
WebSockets provide a powerful way to enable real-time, full-duplex communication between the server and the client. It enables seamless communication between clients and servers over a single, long-lived connection Using this, both the client and server can send and receive data simultaneously, allowing for instant updates and real-time interaction.
Websockets are used in online multiplayer games, online chat,real time notificatiions,stock market data feeds etc.
Worker services are used for implementing background tasks or long-running operations that do not require user interaction. Worker services are often used for scenarios like sending emails, processing queues, running scheduled jobs, or performing any background task that is essential to the application but independent of the request/response lifecycle.
It is based on the IHostedService interface, which provides a mechanism for executing background tasks.
It can be implemented by creating a class which inherit from BackgroundService class and register it in program.cs.
For example
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Hosting;
public class EmailWorker : BackgroundService
{
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
// Simulate background work
await Task.Delay(5000, stoppingToken);
Console.WriteLine("Email Worker: Sending emails...");
}
}
}
And register
builder.Services.AddHostedService<EmailWorker>();
First Build the project using Build menu and click on publish option in Build menu. You can publish to the following
Microsoft Azure
it is to pubilsh the application to Microsoft Cloud
'Docker container
it is to pubilsh the application to any supported registry that works with docker images
Folder
it is to pubilsh the application to any local folder or file share
FTP/FTPS Server
Web Server IIS
it is to pubilsh the application to
Import Profile
Import your publish settings to deploy your application.
wwwroot folder - it contains static assets - css files,js files, images etc
Configuration files - web.config
Application files
Packages
A runtime
Health checks are used to monitor the health of an application or its services (like databases, APIs, etc.). These health checks can be integrated with monitoring systems to ensure that the application is running smoothly.The health check functionality helps ensure that your application is running properly and can handle requests.
steps for implemeting
Install package - Microsoft.Extensions.Diagnostics.HealthChecks
In program.cs file,in main method,
builder.Services.AddHealthChecks()
.AddCheck("CustomHealthCheck", () => HealthCheckResult.Healthy("Custom check passed"));
app.MapHealthChecks("/health", new HealthCheckOptions
{
ResponseWriter = async (context, report) =>
{
context.Response.ContentType = "application/json";
var result = new
{
status = report.Status.ToString(),
checks = report.Entries.Select(e => new
{
name = e.Key,
status = e.Value.Status.ToString(),
description = e.Value.Description
})
};
await context.Response.WriteAsJsonAsync(result);
}
});
Run the project https://localhost:yourportnumber/health
The ServiceFilter attribute allows you to register a filter in the dependency injection (DI) container and then use it by referencing the service type.
For Eg,
Create a class which inherits from IActionFitler
using Microsoft.AspNetCore.Mvc.Filters;
using System;
public class CustomLogFilter : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{
Console.WriteLine("Before Execute");
}
public void OnActionExecuted(ActionExecutedContext context)
{
Console.WriteLine("After Execute");
}
}
Register it in Main method (program.cs)
builder.Services.AddScoped<CustomLogFilter>();
In Controller,
[HttpGet]
[ServiceFilter(typeof(CustomLogFilter))]
public IActionResult TestGet()
{
Console.WriteLine("Method Executed");
return Ok("ServiceFilter in action!");
}
TypeFilter attribute is a way to specify filters dynamically by type. This is particularly useful when you need to inject dependencies into the filter via dependency injection, which is not possible with static attributes like ActionFilterAttribute.
The TypeFilter attribute takes the type of the filter you want to apply and resolves it using the dependency injection (DI) container. This allows you to inject services or configuration settings into your custom filters.
For example
Create a class which inherits from IActionFitler
using Microsoft.AspNetCore.Mvc.Filters;
using System;
public class CustomLogFilter : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{
Console.WriteLine("Before Execute");
}
public void OnActionExecuted(ActionExecutedContext context)
{
Console.WriteLine("After Execute");
}
}
Register it in Main method (program.cs)
builder.Services.AddScoped<CustomLogFilter>();
In Controller,
[HttpGet]
[TypeFilter(typeof(CustomLogFilter))]
public IActionResult TestGet()
{
Console.WriteLine("Method Executed");
return Ok("ServiceFilter in action!");
}
For example, consider OnActionExecuting method, the order will be in following order :-
Global
Controller
Action Method
then
for the OnActionExecuted metod,, the order will be in following order :-
Action Method
Controller
Global
The context.Result property in a middleware pipeline or filter can be used to short-circuit the request processing pipeline. This is often done to immediately return a specific response without further executing the rest of the pipeline or action logic.
context.Result is a property of the ActionExecutingContext or ResultExecutingContext object in filters.
By setting it to a specific IActionResult, you prevent the action method or other filters from executing.
For example,
public class ValidateModelFilter : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{
if (!context.ModelState.IsValid)
{
context.Result = new BadRequestObjectResult(context.ModelState); // Short-circuit
}
}
}
Here, If there is any model validation error happens, the filter sets the context.Result to a BadRequestObjectResult, skipping the action execution.
JSON Patch in ASP.NET Core MVC is a way to apply partial updates to a resource using a standard format defined in RFC 6902. It allows for efficient updates by sending only the changes instead of the entire object.
. A JSON Patch document has an array of operations.Each operation identifies a particular type of change.
The following are common operations.
add
Add a property or array element. For existing property: set
value.
remove
Removea property or array element.
replace
Same as remove followed by add at samelocation.
move
Same as remove from sourcefollowed by add to
destination using valuefrom source.
copy
Same as add to destination using valuefrom source.
test
Return success status codeif valueat path = provided
value .
Sample code to implment Jsonpatch in core
Install package Microsoft.AspNetCore.Mvc.NewtonsoftJson.
Create a model class
public class Product
{
public int Id { get; set; }
public string Name { get; set; }
public decimal Price { get; set; }
}
Create an API controller with a PATCH endpoint.
using Microsoft.AspNetCore.JsonPatch;
using Microsoft.AspNetCore.Mvc;
[ApiController]
[Route("api/products")]
public class ProductsController : ControllerBase
{
private static List<Product> Products = new()
{
new Product { Id = 1, Name = "Laptop", Price = 1000 },
new Product { Id = 2, Name = "Phone", Price = 500 }
};
[HttpPatch("{id}")]
public IActionResult Patch(int id, [FromBody] JsonPatchDocument<Product> patchDoc)
{
if (patchDoc == null)
{
return BadRequest();
}
var product = Products.FirstOrDefault(p => p.Id == id);
if (product == null)
{
return NotFound();
}
patchDoc.ApplyTo(product, ModelState);
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
return Ok(product);
}
}
Configure JSON Patch Support in Program.cs or Startup.cs:
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllers()
.AddNewtonsoftJson(); // Enable JSON Patch support
var app = builder.Build();
app.MapControllers();
app.Run();
Using tool like Postman send a JSON Patch Request.
Request Type: PATCH
URL: https://localhost:5001/api/products/1
In Body (application/json-patch+json),
[
{ "op": "replace", "path": "/price", "value": 1200 },
{ "op": "add", "path": "/description", "value": "Updated Laptop" }
]
In startup.cs (or in program.cs) add
builder.Services.AddControllers()
.AddXmlSerializerFormatters(); // Enable XML serialization
After this configuration, your API can return XML-formatted responses when the client requests application/xml through the Accept header.
The IExceptionHandlerPathFeature in ASP.NET Core MVC is an interface that provides details about an exception that occurred during request processing. It's typically used in custom error handling logic, especially in error pages or middleware.
Main properties
Error: The actual Exception that occurred.
Path: The request path where the exception occurred.
RouteValues: The route values associated with the request (if available).
How to Implement:
In configure method of startup.cs,
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
In Controller,
using Microsoft.AspNetCore.Diagnostics;
using Microsoft.AspNetCore.Mvc;
public class HomeController : Controller
{
[Route("Home/Error")]
public IActionResult Error()
{
var exceptionFeature = HttpContext.Features.Get<IExceptionHandlerPathFeature>();
if (exceptionFeature != null)
{
ViewData["Path"] = exceptionFeature.Path;
ViewData["ErrorMessage"] = exceptionFeature.Error.Message;
ViewData["StackTrace"] = exceptionFeature.Error.StackTrace;
}
return View();
}
}
Create the Error View (Error.cshtml):
<h1>Error Occurred</h1>
<p><strong>Path:</strong> @ViewData["Path"]</p>
<p><strong>Error Message:</strong> @ViewData["ErrorMessage"]</p>
<pre>@ViewData["StackTrace"]</pre>
What is gRPC?
In an ASP.NET Core MVC application, you can integrate gRPC for efficient communication between services. gRPC (Google Remote Procedure Call) is a high-performance, open-source framework that uses HTTP/2 and Protocol Buffers to define service contracts and enable fast communication between client and server.
benefits of gRPC
The main benefits of gRPC are:
Modern, high-performance, lightweight RPC framework.
Contract-first API development, using Protocol Buffers by default,allowing for languageagnostic
implementations.
Tooling availablefor many languages to generatestrongly-typed servers and clients.
Supports client, server,and bi-directional streaming calls.
Reduced network usage with Protobuf binary serialization.
These benefits make gRPC ideal for:
Lightweight microservices whereefficiency is critical.
Polyglot systems where multiplelanguages arerequired for development.
Point-to-point real-timeservices that need to handlestreaming requests or responses.
gRPC uses a contract-first approach to API development.Services and messages are defined in *.proto file
If launchBrowser is set to false, the application will not open a web browser automatically when you run it using Visual Studio, dotnet run, or any IDE. This is mainly used in Web API projects where we dont to use the browser, instead we want to use softwares like postman etc. Also if we want to use a background service project, we can disable it.
If you checked 'Configure for HTTPS' checkbox earlier in the setup
phase while creating the project, you will get 2 application urls - ie
one for HTTPS (localhost:5001), and one for HTTP (localhost:5000).
This file contains environment-specific settings such as application URLs, environment variables, and profiles for launching the application.
This property determines which URL will the application navigate to initially.
For launchUrl property to work, we need to set the launchBrowser property to true.
If you are using VS 2022, by default, launchurl will be swagger.
Onion Architecture is a software design approach that emphasizes maintainability, scalability, and testability by organizing code into layers with clear separation of concerns.
Main Layers of Onion Architecture
Core/Domain Layer (Innermost Layer):
Contains domain entities, value objects, and interfaces (abstractions).
Free from any external dependencies.
Example: Customer, Order, IRepository.
Application Layer:
Contains business logic and service interfaces.
Orchestrates application tasks and enforces business rules.
Example: CustomerService, OrderHandler.
Infrastructure Layer:
Contains implementations of interfaces, such as data access, email sending, and logging.
Example: EfCoreRepository, EmailService.
Presentation Layer (UI) (Outermost Layer):
Deals with the user interface, such as ASP.NET Core MVC controllers, views, and APIs.
Example: CustomerController, OrderView.
Benefits of Onion Architecture
Separation of Concerns: Each layer has a distinct responsibility.
Testability: Business logic can be tested independently.
Flexibility: Swappable infrastructure components like databases or APIs.
Maintainability: Well-organized and easy-to-understand structure.
TryValidateModel is a method in ASP.NET Core MVC used to manually trigger model validation. This method checks if a model meets the validation criteria defined by data annotations or custom validation logic. It is commonly used when model binding doesn't automatically trigger validation, such as when updating models in non-standard scenarios.
When to Use
When updating models in a custom action method.
In scenarios where automatic model binding is bypassed.
When partial model validation is needed.
Sample Code
[HttpPost]
public IActionResult UpdateProduct(int id, [FromBody] ProductDto productDto)
{
var product = _context.Products.Find(id);
if (product == null)
{
return NotFound();
}
// Update properties manually
product.Name = productDto.Name;
product.Price = productDto.Price;
// Validate the updated model
if (!TryValidateModel(product))
{
return BadRequest(ModelState);
}
_context.SaveChanges();
return Ok(product);
}
An ExpandoObject in ASP.NET Core MVC is a flexible data structure that allows you to create dynamic objects at runtime. It is part of the System.Dynamic namespace and is commonly used in scenarios where the structure of an object isn't known until runtime.
It Add properties to an object at runtime.
It is used to easily create dynamic JSON responses in APIs.
Implementation.
In Controller,
dynamic data = new ExpandoObject();
data.Title = "Welcome to ASP.NET Core MVC";
data.Message = "This message is dynamically created.";
data.Date = DateTime.Now;
return View(data);
In View
@model dynamic
<h1>@Model.Title</h1>
<p>@Model.Message</p>
<p>Current Date: @Model.Date</p>
A HEAD request is similar to a GET request but only retrieves the headers, not the body of the response. This is useful for checking resource availability or content length.
By default, ASP.NET Core automatically supports HEAD requests if a corresponding GET method exists. You don’t need to create a separate action unless you want custom behavior.
[HttpHead("resource")]
public IActionResult HeadResource()
{
// Return headers only
Response.Headers.Add("Custom-Header", "HeaderValue");
return Ok(); // No body will be returned
}
Now Run and test in browser.
In Asp.net core, What are the methods to create a link ?
Url.Action - .
Url.RouteUrl .
LinkGenerator
What is Url.RouteUrl ?
Generates a URL based on a route.
Example
In View,
@{
var url = Url.RouteUrl("Default", new { controller = "Home", action = "Index" });
}
<a href="@url">Home</a>
It is used to create a link.
Implementation
In controller
using Microsoft.AspNetCore.Routing;
public class HomeController : Controller
{
private readonly LinkGenerator _linkGenerator;
public HomeController(LinkGenerator linkGenerator)
{
_linkGenerator = linkGenerator;
}
public IActionResult GenerateLink()
{
var link = _linkGenerator.GetPathByAction(
action: "Index",
controller: "Home",
values: new { id = 1 }
);
ViewBag.Link = link;
return View();
}
}
In View,
<a href="@ViewBag.Link">Generated Link</a>
Response Caching in ASP.NET Core Web API improves performance by caching HTTP responses, reducing the need for repetitive data fetching. This feature stores responses and reuses them for identical requests, minimizing server load.
Implementation
Add the middleware in Startup.cs or Program.cs depending on your project template:
app.UseResponseCaching();
In Controller,
[HttpGet]
[ResponseCache(Duration = 60, Location = ResponseCacheLocation.Client, NoStore = false)]
public IActionResult Get()
{
var data = new { Forecast = "Sunny", Date = DateTime.Now };
return Ok(data);
}
ResponseCache Attribute Parameters
Duration: Cache duration in seconds.
Location: Where to store the cache (Any, Client, or None).
NoStore: Prevents caching when set to true.
The Options request can be used to request information on the
communication options available upon a certain URI. It allows consumers
to determine the options or different requirements associated with a
resource.
It is part of the Hypertext Transfer Protocol (HTTP), which is the foundation of data communication on the World Wide Web. The OPTIONS method requests permitted communication options for a given URL or server. This can be useful for discovering allowed methods and other options without initiating resource retrieval or other operations.
Implementation :
In Controller action method,
[HttpOptions]
public IActionResult Options()
{
Response.Headers.Add("Allow", "GET, POST, OPTIONS");
return Ok();
}
Data Annotations attributes are used to configure the model by decorating entity classes and their properties.
Common attributes are
[Key] - Marks a property as the primary key.
[Required] - It should be non-nullable
[MaxLength] - Maximum length
[MinLength] - Minimum length
[StringLenth] - Combines MaxLength and MinLength for strings.
[Column] - It Customizes the database column name, type.
[Table] - Sets the database table name.
[ForeignKey)] - Defines a foreign key relationship.
[NotMapped] - It Excludes a property from the database mapping.
[ConcurrencyCheck] - It's a way to handle conflicts to database changes when multiple users are updating entities at the same time.
[Timestamp] - Used for concurrency tracking with a binary timestamp.
The Data Protection API is used by ASP.NET Core to provide cookie encryption.
Here there are 2 methods - Protect & UnProtect - for securing cookies or any other sensitive data.
Steps involved
Create a service class (for eg, CookieService.cs) , here using 2 methods you can encrypt cookie.
Add in startup.cs
builder.Services.AddSingleton<CookieService>();
In Controller method, using dependency injection, implement CookieService class
Create the cookie and protect using Protect method of Data Protection Api methods used in servcice class (CookieService)
What is persistant cookie & How to create it ?
Persistent cookies in ASP.NET Core MVC are used to store data on the client’s browser for an extended period, even after the browser is closed.
Key Properties of CookieOptions
Expires: Sets the expiration date of the cookie.
MaxAge: Specifies the maximum age of the cookie (alternative to Expires).
Secure: If true, the cookie will be sent only over secure HTTPS connections.
HttpOnly: If true, the cookie cannot be accessed through JavaScript.
SameSite: Defines the SameSite behavior, such as SameSiteMode.Strict, SameSiteMode.Lax, or SameSiteMode.None.
Path: Defines the path scope of the cookie. If set to /, the cookie will be available to the entire site.
Domain: Specifies the domain for which the cookie is valid.
IsEssential: If set to true, the cookie is considered essential for the operation of the site (especially for GDPR compliance).
In controller method, you can directly create a cookie with an expiration period.
Sample code
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = true, // Use in production
SameSite = SameSiteMode.Strict,
IsEssential = true,
Expires = DateTimeOffset.UtcNow.AddDays(30),
};
Response.Cookies.Append("MyPersistentCookie", "CookieValue", cookieOptions);
In Html.ActionLink
It generates an HTML anchor (<a>) element.
In Url.Action,
Generates only the URL as a string. It is useful when you need a URL as a string, such as in JavaScript, redirections, or custom HTML elements.
Generally 4 types
- Response-editing middleware - for editing the response
- Request-editing middleware - for editing requests
- Short-circuiting middleware - stops the execution and it is not going to other middlewares
- Content-generating middleware - It creates the content to the client.
It is used to process the incoming request and produce a result for the end user.
Sample Code
Here, we are checking url contains a particular path, we are creating a content for the client.
public class ContentExampleMiddleware
{
private RequestDelegate _next;
public ContentMiddleware(RequestDelegate next) { _next = next; }
public async Task InvokeAsync(HttpContext context)
{
if (context.Request.Path.ToString().ToLower().Contains("Home/Index"))
await context.Response.WriteAsync(" A content generator example middleware!");
else
await _next(context);
}
}
Then Register the middleware in the startup.cs
Register it in startup.cs file
app.UseMiddleware<ContentExampleMiddleware>();
It refers to terminating the request pipeline early, preventing subsequent middleware from executing. This is useful when certain conditions are met, and further processing is unnecessary.
In the sample code, we are checking if request contains a particular string, we want the stop the execution.
Create a custom class
public class ShortCircuitMiddleware
{
private readonly RequestDelegate _next;
public ShortCircuitMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
if (context.Request.Path == "/short-circuit")
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
await context.Response.WriteAsync("Request was short-circuited.");
return; // Prevents further middleware execution
}
await _next(context); // Calls the next middleware in the pipeline
}
}
Register it in startup.cs file
app.UseMiddleware<ShortCircuitMiddleware>();
This is to to change the structure of the incoming request before it reaches the next components (middlewares) in the chain.
Sample code
public class RequestEditMiddleware
{
private readonly RequestDelegate _next;
public CustomMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
// Custom logic before the next middleware
Console.WriteLine("Handling request: " + context.Request.Path);
// Call the next middleware in the pipeline
await _next(context);
// Custom logic after the next middleware
Console.WriteLine("Finished handling request.");
}
}
Register the Middleware in startup.cs
app.UseMiddleware<RequestEditMiddleware>();
It allows you to modify the HTTP response before it is sent to the client. This can be useful for tasks like adding custom headers, compressing output, or altering the response body.
In the sample code, we are replace a string with a new string in the response.
public class ResponseEditingMiddleware
{
private readonly RequestDelegate _next;
public ResponseEditingMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
// Capture the original response body
var originalBodyStream = context.Response.Body;
using (var memoryStream = new MemoryStream())
{
context.Response.Body = memoryStream;
// Call the next middleware in the pipeline
await _next(context);
// Reset the stream position to read the response
memoryStream.Seek(0, SeekOrigin.Begin);
var responseBody = await new StreamReader(memoryStream).ReadToEndAsync();
// Modify the response if needed
var modifiedBody = responseBody.Replace("old city", "new city");
// Write the modified response to the original stream
context.Response.Body = originalBodyStream;
await context.Response.WriteAsync(modifiedBody);
}
}
}
Register the middleware in the startup.cs
app.UseMiddleware<ResponseEditingMiddleware>();
1. Using object as the Parameter Type
Sample code
[HttpPost("dynamic")]
public IActionResult DynamicParameter([FromBody] object data)
{
if (data is JsonElement jsonElement)
{
// Handle JSON data
var value = jsonElement.GetProperty("key").GetString();
return Ok(value);
}
else if (data is int)
{
// Handle integer data
return Ok(data);
}
// Add more type checks as needed
return BadRequest("Unsupported data type");
}
2. Using JObject or JsonElement for JSON Data
Sample code
[HttpPost("json")]
public IActionResult JsonParameter([FromBody] JsonElement jsonData)
{
if (jsonData.TryGetProperty("key", out var value))
{
return Ok(value.GetString());
}
return BadRequest("Invalid JSON");
}
3. Using dynamic Type
Sample code
[HttpPost("dynamic")]
public IActionResult DynamicParameter([FromBody] dynamic data)
{
string value = data?.key; // Access properties dynamically
return Ok(value);
}
Here we are not createing db or any db object directly in Sql Server Management Studio. We have to create db and all its objects in c# in our Core Web API project.
First install the following packages for db connection
Microsoft.EntityFrameworkCore
Microsoft.EntityFrameworkCore.SqlServer
Microsoft.EntityFrameworkCore.Toolsdotnet add package
Microsoft.EntityFrameworkCore.Design
Create a Models folder for entities.
Create a class file in Models folder - Products.cs
public class Product
{
[Key]
[DatabaseGenerated(DatabaseGeneratedOption.Identity)]
public int Id { get; set; }
public string Name { get; set; }
public decimal Price { get; set; }
}
Create a folder DBContextStore for our Dbcontext file for db connection
Add a class file inside DBContextStore folder -
ApplicationDbContext.cs
using CRUD_CodeFirst.Models;
using Microsoft.Data.SqlClient;
using Microsoft.EntityFrameworkCore;
using System.Xml.Linq;
namespace CRUD_CodeFirst.DbContextStore
{
public class ApplicationDbContext : DbContext
{
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : base(options)
{
}
public DbSet<Product> Products { get; set; }
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
}
public int CreateProduct(string name, decimal price)
{
var param1 = new SqlParameter("@Name", name);
param1.Value = name;
var param2 = new SqlParameter("@Price", price);
param2.Value = price;
return this.Database.ExecuteSqlRaw("EXEC CreateProduct @Name, @Price", param1, param2);
}
public Product GetProductById(int id)
{
var param1 = new SqlParameter("@Id", id);
return this.Products.FromSqlRaw("EXEC GetProductById @Id", param1).AsEnumerable().FirstOrDefault();
}
public int UpdateProduct(int id, string name, decimal price)
{
var param1 = new SqlParameter("@Id", id);
param1.Value = id;
var param2 = new SqlParameter("@Name", name);
param2.Value = name;
var param3 = new SqlParameter("@Price", price);
param3.Value = price;
return this.Database.ExecuteSqlRaw("EXEC UpdateProduct @Id, @Name, @Price", param1, param2, param3);
}
public int DeleteProduct(int id)
{
var param1 = new SqlParameter("@Id", id);
param1.Value = id;
return this.Database.ExecuteSqlRaw("EXEC DeleteProduct @Id", param1);
}
}
}
Add connection string to appsettings.json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"ConnectionStrings": {
"DefaultConnection": "Server=DESKTOP-N7DJEG4\SQLEXPRESS;Database=MyDatabase;Trusted_Connection=True;MultipleActiveResultSets=true"
},
"AllowedHosts": "*"
}
Update Program.cs file for registering dbcontext.
using CRUD_CodeFirst.DbContextStore;
using Microsoft.EntityFrameworkCore;
namespace CRUD_CodeFirst
{
public class Program
{
public static void Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseAuthorization();
app.MapControllers();
app.Run();
}
}
}
Now Run NPM command
Add-Migration First
Update_Database
Now our Database and table are created.
Now We have to add stored procedure for CRUD operation
Again Add the command
Add-Migration Second
Now We have to add all 4 stored procedures for CRUD in Up method of the newly created Migration file. (ie Second)
public partial class second : Migration
{
protected override void Up(MigrationBuilder migrationBuilder)
{
var sp1 = @"CREATE PROCEDURE CreateProduct
@Name NVARCHAR(100),
@Price DECIMAL(18, 2)
AS
BEGIN
INSERT INTO Products (Name, Price)
VALUES (@Name, @Price);
SELECT SCOPE_IDENTITY();
END";
var sp2 = @"CREATE PROCEDURE GetProductById
@Id INT
AS
BEGIN
SELECT * FROM Products WHERE Id = @Id;
END";
var sp3 = @"CREATE PROCEDURE UpdateProduct
@Id INT,
@Name NVARCHAR(100),
@Price DECIMAL(18, 2)
AS
BEGIN
UPDATE Products
SET Name = @Name, Price = @Price
WHERE Id = @Id;
END";
var sp4 = @"CREATE PROCEDURE DeleteProduct
@Id INT
AS
BEGIN
DELETE FROM Products WHERE Id = @Id;
END";
migrationBuilder.Sql(sp1);
migrationBuilder.Sql(sp2);
migrationBuilder.Sql(sp3);
migrationBuilder.Sql(sp4);
}
protected override void Down(MigrationBuilder migrationBuilder)
{
}
}
Now Execute the command update-database. Now you can see all 4 stoeed procedure have created in Database.
Now Create a controller for CRUD operations - Products Controller
ProductsController.cs
using CRUD_CodeFirst.DbContextStore;
using CRUD_CodeFirst.Models;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace CRUD_CodeFirst.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class ProductsController : ControllerBase
{
private readonly ApplicationDbContext _context;
public ProductsController(ApplicationDbContext context)
{
_context = context;
}
[HttpPost]
public IActionResult Create(Product product)
{
var id = _context.CreateProduct(product.Name, product.Price);
return Ok(id);
}
[HttpGet]
[Route("GetById")]
public IActionResult GetById(int id)
{
var product = _context.GetProductById(id);
if (product == null)
{
return NotFound();
}
return Ok(product);
}
[HttpPost]
[Route("UpdateProduct")]
public IActionResult UpdateProduct(Product product)
{
_context.UpdateProduct(product.Id, product.Name, product.Price);
return NoContent();
}
[HttpPost]
[Route("DeleteProduct")]
public IActionResult DeleteProduct(int id)
{
_context.DeleteProduct(id);
return NoContent();
}
}
}
Now Test all 4 API methods in Postman.