# Skill 12 - ASP.NET Core Web Fundamentals

## Core Concepts

- ASP.NET Core apps process HTTP requests through a configured pipeline.
- Middleware order matters.
- Dependency injection is built in.
- Configuration flows from appsettings, environment variables, command line, user secrets, and other providers.
- Logging should be structured and environment-appropriate.

## Project Rules

- Keep `Program.cs` readable by extracting configuration into extension methods when it grows.
- Keep domain/business logic out of controllers, endpoints, and components.
- Use options classes for grouped configuration.
- Use environment-specific configuration safely.
- Do not leak development exception pages in production.

## HTTP Rules

- Use correct status codes.
- Validate request bodies, route values, and query strings.
- Return clear problem details for client errors.
- Avoid exposing internal exception details.
- Support cancellation using `HttpContext.RequestAborted` for long-running operations.

## Static Assets

- Use the framework static asset pipeline when available.
- Cache static assets appropriately.
- Rebuild after static asset changes when build-time optimization is used.

## Security Defaults

- Use HTTPS.
- Configure authentication and authorization explicitly.
- Use anti-forgery protection for browser form posts where applicable.
- Configure CORS narrowly.
- Add security headers where appropriate.