You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.4KB
1.4KB
Skill 12 - ASP.NET Core Web Fundamentals
Core Concepts
- ASP.NET Core apps process HTTP requests through a configured pipeline.
- Middleware order matters.
- Dependency injection is built in.
- Configuration flows from appsettings, environment variables, command line, user secrets, and other providers.
- Logging should be structured and environment-appropriate.
Project Rules
- Keep
Program.csreadable by extracting configuration into extension methods when it grows. - Keep domain/business logic out of controllers, endpoints, and components.
- Use options classes for grouped configuration.
- Use environment-specific configuration safely.
- Do not leak development exception pages in production.
HTTP Rules
- Use correct status codes.
- Validate request bodies, route values, and query strings.
- Return clear problem details for client errors.
- Avoid exposing internal exception details.
- Support cancellation using
HttpContext.RequestAbortedfor long-running operations.
Static Assets
- Use the framework static asset pipeline when available.
- Cache static assets appropriately.
- Rebuild after static asset changes when build-time optimization is used.
Security Defaults
- Use HTTPS.
- Configure authentication and authorization explicitly.
- Use anti-forgery protection for browser form posts where applicable.
- Configure CORS narrowly.
- Add security headers where appropriate.