C_SHARP_SKILLS/.ai/skills/12-aspnetcore-web-fundamentals.md

Skill 12 - ASP.NET Core Web Fundamentals

Core Concepts

• ASP.NET Core apps process HTTP requests through a configured pipeline.
• Middleware order matters.
• Dependency injection is built in.
• Configuration flows from appsettings, environment variables, command line, user secrets, and other providers.
• Logging should be structured and environment-appropriate.

Project Rules

• Keep Program.cs readable by extracting configuration into extension methods when it grows.
• Keep domain/business logic out of controllers, endpoints, and components.
• Use options classes for grouped configuration.
• Use environment-specific configuration safely.
• Do not leak development exception pages in production.

HTTP Rules

• Use correct status codes.
• Validate request bodies, route values, and query strings.
• Return clear problem details for client errors.
• Avoid exposing internal exception details.
• Support cancellation using HttpContext.RequestAborted for long-running operations.

Static Assets

• Use the framework static asset pipeline when available.
• Cache static assets appropriately.
• Rebuild after static asset changes when build-time optimization is used.

Security Defaults

• Use HTTPS.
• Configure authentication and authorization explicitly.
• Use anti-forgery protection for browser form posts where applicable.
• Configure CORS narrowly.
• Add security headers where appropriate.