Master technical and career interviews with structured answers—short definition, real examples, pitfalls, and how to answer in 60–90 seconds.
Answer: It can enforce rate limiting to prevent abuse and throttling to limit the number of requests a client can make. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs…
Answer: pp.UseSwagger(); pp.UseSwaggerUI(); Supports: Auto-generated OpenAPI docs Try it out interface Versioning support What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-of…
Answer: Use Swashbuckle.AspNetCore or NSwag for generating Swagger docs. services.AddSwaggerGen(); app.UseSwagger(); app.UseSwaggerUI(); Supports: Auto-generated OpenAPI docs Try it out interface Versioning support What…
Unit testing: Mock services/repositories using Moq or FakeItEasy. Integration testing: Use WebApplicationFactory<T> + TestServer + HttpClient. var client = _factory.CreateClient(); var response = await client.GetAs…
Use JWT Bearer Tokens for stateless auth: services.AddAuthentication(JwtBearerDefaults.AuthenticationSch eme) .AddJwtBearer(options => { ... }); Secure endpoints with: [Authorize(Roles = "Admin")] OAuth supported via…
Answer: HTTPS: Enforced via UseHttpsRedirection() CORS: Limit origins using policies Anti-forgery: Usually not needed for APIs unless using cookies (use ValidateAntiForgeryToken) Use authentication + authorization checks…
Answer: DTOs decouple internal models from API contracts. Use AutoMapper for mapping: CreateMap&lt;Product, ProductDto&gt;(); var dto = _mapper.Map&lt;ProductDto&gt;(product); What interviewers expect A c…
Answer: Avoid breaking changes to existing endpoints. Use new versions for changes in contracts. Maintain old versions as long as needed. Ensure documentation and clients are updated accordingly. What interviewers expect…
Use RowVersion / ETag to detect concurrent edits. Example with EF Core: modelBuilder.Entity<Product>() .Property(p => p.RowVersion).IsRowVersion(); Return 409 Conflict if concurrency exception is caught. Model B…
Answer: SP.NET Core automatically binds data based on parameter types and attributes ([FromBody], [FromQuery], etc.). What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (…
Model binding in ASP.NET Core maps incoming HTTP data to C# parameters or model properties. 🔍 Sources considered: Route data Query string Form data Headers JSON body (application/json) Uploaded files Services (via [From…
Simple types (int, string, bool, DateTime, etc.): Bound from route, query string, or form fields. Complex types (custom classes): Bound from multiple sources like query/form fields or JSON body. public IActionResult Crea…
Use a custom model binder when default binding doesn’t work (e.g., custom formats, headers). public class CustomBinder : IModelBinder { public Task BindModelAsync(ModelBindingContext context) { // Custom logic here } } R…
[FromQuery], etc.) You cannot bind multiple [FromBody] parameters in a single action. Common sources: [FromBody] — for JSON/XML payloads [FromQuery] — query string [FromRoute] — route values [FromForm] — form fields and…
Answer: Decorate models with attributes: public class User { [Required] [StringLength(50)] [EmailAddress] public string Email { get; set; } } Used in both MVC and API for validation. What interviewers expect A clear defi…
Answer: Server-side: Always performed on the server; use ModelState.IsValid. Client-side: HTML5 + jQuery Unobtrusive Validation (for MVC/Razor Pages). Client-side validation improves UX, but server-side is essential for…
Create custom rules by inheriting ValidationAttribute: public class MustBeEvenAttribute : ValidationAttribute { public override bool IsValid(object value) { return (int)value % 2 == 0; } } Use like: [MustBeEven] public i…
Use for cross-field validation within a model: public class Product : IValidatableObject { public string Name { get; set; } public decimal Price { get; set; } public IEnumerable<ValidationResult> Validate(Validatio…
Install FluentValidation.AspNetCore Create a validator class: public class UserValidator : AbstractValidator<User> { public UserValidator() { RuleFor(x => x.Email).NotEmpty().EmailAddress(); } } Register with: s…
[ApiController] handles automatic validation: Returns 400 BadRequest with ValidationProblemDetails if ModelState.IsInvalid. In MVC (without [ApiController]), you need to manually check ModelState.IsValid. if (!ModelState…
Answer: Used to check if bound model passed validation: if (!ModelState.IsValid) { return BadRequest(ModelState); } MVC automatically adds errors to ModelState based on validation attributes. What interviewers expect A c…
Answer: SP.NET Core supports binding nested properties: public class Order { public Customer Customer { get; set; } public List&lt;Product&gt; Products { get; set; } } Works seamlessly from JSON or form data if p…
Answer: Use [Required] for non-nullable fields. For optional values, use nullable types. Use ModelState to report and handle missing/invalid fields. Return custom error messages if needed. What interviewers expect A clea…
Answer: Model binding does not sanitize input — it binds raw data. 🛡 To prevent attacks (XSS, injection), sanitize: Strings: HTML encode output (@Html.Encode) Manually clean input before use Use antivirus/malware scanne…
Used for file uploads from forms (not [FromBody]): public IActionResult Upload(IFormFile file) { var path = Path.Combine("uploads", file.FileName); using var stream = new FileStream(path, FileMode.Create); file.CopyTo(st…
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: It can enforce rate limiting to prevent abuse and throttling to limit the number of requests a client can make.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: pp.UseSwagger(); pp.UseSwaggerUI(); Supports: Auto-generated OpenAPI docs Try it out interface Versioning support
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Use Swashbuckle.AspNetCore or NSwag for generating Swagger docs. services.AddSwaggerGen(); app.UseSwagger(); app.UseSwaggerUI(); Supports: Auto-generated OpenAPI docs Try it out interface Versioning support
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
+ HttpClient.
var client = _factory.CreateClient();
var response = await client.GetAsync("/api/products");ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
services.AddAuthentication(JwtBearerDefaults.AuthenticationSch
eme)
.AddJwtBearer(options => { ... });
[Authorize(Roles = "Admin")]
providers.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: HTTPS: Enforced via UseHttpsRedirection() CORS: Limit origins using policies Anti-forgery: Usually not needed for APIs unless using cookies (use ValidateAntiForgeryToken) Use authentication + authorization checks for all endpoints
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: DTOs decouple internal models from API contracts. Use AutoMapper for mapping: CreateMap<Product, ProductDto>(); var dto = _mapper.Map<ProductDto>(product);
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Avoid breaking changes to existing endpoints. Use new versions for changes in contracts. Maintain old versions as long as needed. Ensure documentation and clients are updated accordingly.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Example with EF Core:
modelBuilder.Entity<Product>()
.Property(p => p.RowVersion).IsRowVersion();
Return 409 Conflict if concurrency exception is caught.
Model Binding & Validation
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: SP.NET Core automatically binds data based on parameter types and attributes ([FromBody], [FromQuery], etc.).
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Model binding in ASP.NET Core maps incoming HTTP data to C# parameters or model
properties.
🔍 Sources considered:
ASP.NET Core automatically binds data based on parameter types and attributes
([FromBody], [FromQuery], etc.).
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
form fields.
or JSON body.
public IActionResult Create([FromBody] Product product)ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Use a custom model binder when default binding doesn’t work (e.g., custom formats,
headers).
public class CustomBinder : IModelBinder {
public Task BindModelAsync(ModelBindingContext context) {
// Custom logic here
}
}
Register with [ModelBinder] or globally in Startup.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
[FromQuery], etc.)
You cannot bind multiple [FromBody] parameters in a single action.
Common sources:
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Decorate models with attributes: public class User { [Required] [StringLength(50)] [EmailAddress] public string Email { get; set; } } Used in both MVC and API for validation.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Server-side: Always performed on the server; use ModelState.IsValid. Client-side: HTML5 + jQuery Unobtrusive Validation (for MVC/Razor Pages). Client-side validation improves UX, but server-side is essential for security.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Create custom rules by inheriting ValidationAttribute:
public class MustBeEvenAttribute : ValidationAttribute {
public override bool IsValid(object value) {
return (int)value % 2 == 0;
}
}
Use like:
[MustBeEven]
public int Number { get; set; }ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Use for cross-field validation within a model:
public class Product : IValidatableObject {
public string Name { get; set; }
public decimal Price { get; set; }
public IEnumerable<ValidationResult> Validate(ValidationContext
context) {
if (Price < 0) {
yield return new ValidationResult("Price must be
positive");
}
}
}ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
public class UserValidator : AbstractValidator<User> {
public UserValidator() {
RuleFor(x => x.Email).NotEmpty().EmailAddress();
}
}
Register with:
services.AddFluentValidationAutoValidation();
✅ Offers more readable and testable validation logic than data annotations.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
ModelState.IsInvalid.
ModelState.IsValid.
if (!ModelState.IsValid) return View(model);ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Used to check if bound model passed validation: if (!ModelState.IsValid) { return BadRequest(ModelState); } MVC automatically adds errors to ModelState based on validation attributes.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: SP.NET Core supports binding nested properties: public class Order { public Customer Customer { get; set; } public List<Product> Products { get; set; } } Works seamlessly from JSON or form data if property names match.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Use [Required] for non-nullable fields. For optional values, use nullable types. Use ModelState to report and handle missing/invalid fields. Return custom error messages if needed.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Model binding does not sanitize input — it binds raw data. 🛡 To prevent attacks (XSS, injection), sanitize: Strings: HTML encode output (@Html.Encode) Manually clean input before use Use antivirus/malware scanners for uploaded files
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Used for file uploads from forms (not [FromBody]):
public IActionResult Upload(IFormFile file)
{
var path = Path.Combine("uploads", file.FileName);
using var stream = new FileStream(path, FileMode.Create);
file.CopyTo(stream);
}
📝 For multiple files:
List<IFormFile> files
Configuration & AppSettings