Master technical and career interviews with structured answers—short definition, real examples, pitfalls, and how to answer in 60–90 seconds.
Answer: SPNETCORE_ENVIRONMENT=Development ✅ Loaded in order of precedence, where later files override earlier ones. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (pe…
appsettings.json: Base configuration file used across all environments. appsettings.{Environment}.json: Environment-specific overrides (e.g., Development, Production). 🔧 ASP.NET Core loads them automatically based on th…
SP.NET Core uses the ASPNETCORE_ENVIRONMENT variable to determine the runtime environment. Supported environments (by convention): Development Staging Production Environment-specific logic can be applied: if (env.IsDevel…
Production) ASP.NET Core uses the ASPNETCORE_ENVIRONMENT variable to determine the runtime environment. Supported environments (by convention): Development Staging Production Environment-specific logic can be applied: if…
✅ ASP.NET Core supports hierarchical override of config sources: Environment variables override appsettings.json: MyApp__Logging__LogLevel__Default=Warning Command line arguments override everything: dotnet run --Logging…
Inject IConfiguration anywhere: public class MyService { private readonly string _apiKey; public MyService(IConfiguration config) { _apiKey = config["MySettings:ApiKey"]; } } You can also access nested settings via confi…
Bind config to strongly typed objects: public class MySettings { public string ApiKey { get; set; } public int Timeout { get; set; } } services.Configure<MySettings>(config.GetSection("MySettings")); Use via IOptio…
IOptionsMonitor<T>) IOptions<T>: Reads settings once at startup. IOptionsSnapshot<T>: Gets updated settings per request (for scoped services). IOptionsMonitor<T>: Supports change notifications and…
Answer: User Secrets (for local dev): dotnet user-secrets init dotnet user-secrets set "MySettings:ApiKey" "secret" Azure Key Vault: builder.Configuration.AddAzureKeyVault(...); ✅ Secure sensitive data like API keys, con…
In appsettings.json: "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } } Supports built-in providers: Console, Debug, EventSource, Azure, etc. Cust…
Stored under "ConnectionStrings" section in appsettings.json: "ConnectionStrings": { "DefaultConnection": "Server=.;Database=AppDb;Trusted_Connection=True;" } Read via: var conn = config.GetConnectionString("DefaultConne…
JSON files support live reload: builder.Configuration.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true); IOptionsMonitor<T> automatically updates bound values when config changes. 🔁 Does not w…
Answer: Using POCOs and Options pattern allows type-safe config: services.Configure&lt;MySettings&gt;(config.GetSection("MySettings")); Use [Required], [Range], etc., to add validation. What interviewers expect A…
You can validate bound config using IValidateOptions<T>: public class MySettingsValidator : IValidateOptions<MySettings> { public ValidateOptionsResult Validate(string name, MySettings options) { if (string.I…
Answer: SP.NET Core supports multiple configuration providers: JSON (default) Environment Variables Command Line Args INI files XML files In-memory Azure App Configuration Azure Key Vault Secrets Manager Each can be chai…
Answer: Use default values in POCOs or fallback logic: public class MySettings { public string ApiKey { get; set; } = "default-api-key"; } Or: var apiKey = config["MySettings:ApiKey"] ?? "fallback"; What interviewers exp…
? "fallback"; What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (performance, maintainability, security, cost) When you would and would not use it in production Real-wor…
uthentication &amp; Authorization (JWT, Identity) What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (performance, maintainability, security, cost) When you would and…
✅ Best practices: Don't log sensitive values Use [JsonIgnore] or remove values before logging Mask in logs manually: _logger.LogInformation("Token: {Token}", Mask(token)); Never store secrets in source-controlled files (…
Answer: ction (What are you allowed to do?) In ASP.NET Core, both are handled via middleware and attributes like [Authorize], roles, nd policies. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NE…
Authentication: Verifying the identity of a user (Who are you?) Authorization: Determining if the authenticated user has permission to perform an action (What are you allowed to do?) In ASP.NET Core, both are handled via…
SP.NET Core Identity provides a complete solution for: User registration & login Roles, claims, tokens Password hashing Two-factor authentication ✅ Setup: dotnet add package Microsoft.AspNetCore.Identity.EntityFramew…
JWT (JSON Web Token) is a compact, URL-safe token format used for authentication. ✅ Configure JWT auth: services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValida…
✅ Role-based: [Authorize(Roles = "Admin")] ✅ Policy-based: services.AddAuthorization(options => { options.AddPolicy("CanEdit", policy => policy.RequireClaim("EditPermission")); }); Then use: [Authorize(Policy = "Ca…
Answer: dd claims when creating identity: var claims = new List&lt;Claim&gt; { new Claim(ClaimTypes.Name, user.UserName), new Claim("Permission", "Edit") }; ccess in code: var claim = User.FindFirst("Permission")…
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: SPNETCORE_ENVIRONMENT=Development ✅ Loaded in order of precedence, where later files override earlier ones.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Development, Production).
🔧 ASP.NET Core loads them automatically based on the environment:
ASPNETCORE_ENVIRONMENT=Development
✅ Loaded in order of precedence, where later files override earlier ones.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
SP.NET Core uses the ASPNETCORE_ENVIRONMENT variable to determine the runtime
environment.
Supported environments (by convention):
Environment-specific logic can be applied:
if (env.IsDevelopment()) { ... }
lso used to load:
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Production)
ASP.NET Core uses the ASPNETCORE_ENVIRONMENT variable to determine the runtime
environment.
Supported environments (by convention):
Environment-specific logic can be applied:
if (env.IsDevelopment()) { ... }
Also used to load:
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
✅ ASP.NET Core supports hierarchical override of config sources:
MyApp__Logging__LogLevel__Default=Warning
dotnet run --Logging:LogLevel:Default=Debug
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Inject IConfiguration anywhere:
public class MyService {
private readonly string _apiKey;
public MyService(IConfiguration config) {
_apiKey = config["MySettings:ApiKey"];
}
}
You can also access nested settings via config.GetSection("MySettings").
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Bind config to strongly typed objects:
public class MySettings {
public string ApiKey { get; set; }
public int Timeout { get; set; }
}
services.Configure<MySettings>(config.GetSection("MySettings"));
Use via IOptions<MySettings>.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
IOptionsMonitor<T>)
services.
public MyService(IOptions<MySettings> options) {
var settings = options.Value;
}ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: User Secrets (for local dev): dotnet user-secrets init dotnet user-secrets set "MySettings:ApiKey" "secret" Azure Key Vault: builder.Configuration.AddAzureKeyVault(...); ✅ Secure sensitive data like API keys, connection strings, tokens.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
In appsettings.json:
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
}
Supports built-in providers: Console, Debug, EventSource, Azure, etc.
Custom configuration through ILogger<T>.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Stored under "ConnectionStrings" section in appsettings.json:
"ConnectionStrings": {
"DefaultConnection":
"Server=.;Database=AppDb;Trusted_Connection=True;"
}
Read via:
var conn = config.GetConnectionString("DefaultConnection");
Or inject via Options pattern.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
JSON files support live reload:
builder.Configuration.AddJsonFile("appsettings.json", optional:
false, reloadOnChange: true);
IOptionsMonitor<T> automatically updates bound values when config changes.
🔁 Does not work with all sources (e.g., env vars, command line).
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Using POCOs and Options pattern allows type-safe config: services.Configure<MySettings>(config.GetSection("MySettings")); Use [Required], [Range], etc., to add validation.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
You can validate bound config using IValidateOptions<T>:
public class MySettingsValidator : IValidateOptions<MySettings> {
public ValidateOptionsResult Validate(string name, MySettings
options) {
if (string.IsNullOrWhiteSpace(options.ApiKey)) {
return ValidateOptionsResult.Fail("ApiKey is
required.");
}
return ValidateOptionsResult.Success;
}
}
Register with DI:
services.AddSingleton<IValidateOptions<MySettings>,
MySettingsValidator>();
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: SP.NET Core supports multiple configuration providers: JSON (default) Environment Variables Command Line Args INI files XML files In-memory Azure App Configuration Azure Key Vault Secrets Manager Each can be chained with priority.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Use default values in POCOs or fallback logic: public class MySettings { public string ApiKey { get; set; } = "default-api-key"; } Or: var apiKey = config["MySettings:ApiKey"] ?? "fallback";
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
? "fallback";
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
uthentication & Authorization (JWT, Identity)
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
✅ Best practices:
_logger.LogInformation("Token: {Token}", Mask(token));
Authentication & Authorization
(JWT, Identity)
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: ction (What are you allowed to do?) In ASP.NET Core, both are handled via middleware and attributes like [Authorize], roles, nd policies.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
action (What are you allowed to do?)
In ASP.NET Core, both are handled via middleware and attributes like [Authorize], roles,
and policies.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
SP.NET Core Identity provides a complete solution for:
✅ Setup:
dotnet add package Microsoft.AspNetCore.Identity.EntityFrameworkCore
In Startup or Program.cs:
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
JWT (JSON Web Token) is a compact, URL-safe token format used for authentication.
✅ Configure JWT auth:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => {
options.TokenValidationParameters = new
TokenValidationParameters {
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new
SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-secret"))
};
});
Use [Authorize] to secure endpoints.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
✅ Role-based:
[Authorize(Roles = "Admin")]
✅ Policy-based:
services.AddAuthorization(options => {
options.AddPolicy("CanEdit", policy =>
policy.RequireClaim("EditPermission"));
});
Then use:
[Authorize(Policy = "CanEdit")]
Policy-based gives more flexibility (custom requirements, claims, logic).
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: dd claims when creating identity: var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim("Permission", "Edit") }; ccess in code: var claim = User.FindFirst("Permission")?.Value;
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.