Master technical and career interviews with structured answers—short definition, real examples, pitfalls, and how to answer in 60–90 seconds.
Use for cross-field validation within a model: public class Product : IValidatableObject { public string Name { get; set; } public decimal Price { get; set; } public IEnumerable<ValidationResult> Validate(Validatio…
Install FluentValidation.AspNetCore Create a validator class: public class UserValidator : AbstractValidator<User> { public UserValidator() { RuleFor(x => x.Email).NotEmpty().EmailAddress(); } } Register with: s…
[ApiController] handles automatic validation: Returns 400 BadRequest with ValidationProblemDetails if ModelState.IsInvalid. In MVC (without [ApiController]), you need to manually check ModelState.IsValid. if (!ModelState…
Answer: Used to check if bound model passed validation: if (!ModelState.IsValid) { return BadRequest(ModelState); } MVC automatically adds errors to ModelState based on validation attributes. What interviewers expect A c…
Answer: SP.NET Core supports binding nested properties: public class Order { public Customer Customer { get; set; } public List&lt;Product&gt; Products { get; set; } } Works seamlessly from JSON or form data if p…
Answer: Use [Required] for non-nullable fields. For optional values, use nullable types. Use ModelState to report and handle missing/invalid fields. Return custom error messages if needed. What interviewers expect A clea…
Answer: Model binding does not sanitize input — it binds raw data. 🛡 To prevent attacks (XSS, injection), sanitize: Strings: HTML encode output (@Html.Encode) Manually clean input before use Use antivirus/malware scanne…
Used for file uploads from forms (not [FromBody]): public IActionResult Upload(IFormFile file) { var path = Path.Combine("uploads", file.FileName); using var stream = new FileStream(path, FileMode.Create); file.CopyTo(st…
Answer: SPNETCORE_ENVIRONMENT=Development ✅ Loaded in order of precedence, where later files override earlier ones. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (pe…
appsettings.json: Base configuration file used across all environments. appsettings.{Environment}.json: Environment-specific overrides (e.g., Development, Production). 🔧 ASP.NET Core loads them automatically based on th…
SP.NET Core uses the ASPNETCORE_ENVIRONMENT variable to determine the runtime environment. Supported environments (by convention): Development Staging Production Environment-specific logic can be applied: if (env.IsDevel…
Production) ASP.NET Core uses the ASPNETCORE_ENVIRONMENT variable to determine the runtime environment. Supported environments (by convention): Development Staging Production Environment-specific logic can be applied: if…
✅ ASP.NET Core supports hierarchical override of config sources: Environment variables override appsettings.json: MyApp__Logging__LogLevel__Default=Warning Command line arguments override everything: dotnet run --Logging…
Inject IConfiguration anywhere: public class MyService { private readonly string _apiKey; public MyService(IConfiguration config) { _apiKey = config["MySettings:ApiKey"]; } } You can also access nested settings via confi…
Bind config to strongly typed objects: public class MySettings { public string ApiKey { get; set; } public int Timeout { get; set; } } services.Configure<MySettings>(config.GetSection("MySettings")); Use via IOptio…
IOptionsMonitor<T>) IOptions<T>: Reads settings once at startup. IOptionsSnapshot<T>: Gets updated settings per request (for scoped services). IOptionsMonitor<T>: Supports change notifications and…
Answer: User Secrets (for local dev): dotnet user-secrets init dotnet user-secrets set "MySettings:ApiKey" "secret" Azure Key Vault: builder.Configuration.AddAzureKeyVault(...); ✅ Secure sensitive data like API keys, con…
In appsettings.json: "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } } Supports built-in providers: Console, Debug, EventSource, Azure, etc. Cust…
Stored under "ConnectionStrings" section in appsettings.json: "ConnectionStrings": { "DefaultConnection": "Server=.;Database=AppDb;Trusted_Connection=True;" } Read via: var conn = config.GetConnectionString("DefaultConne…
JSON files support live reload: builder.Configuration.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true); IOptionsMonitor<T> automatically updates bound values when config changes. 🔁 Does not w…
Answer: Using POCOs and Options pattern allows type-safe config: services.Configure&lt;MySettings&gt;(config.GetSection("MySettings")); Use [Required], [Range], etc., to add validation. What interviewers expect A…
You can validate bound config using IValidateOptions<T>: public class MySettingsValidator : IValidateOptions<MySettings> { public ValidateOptionsResult Validate(string name, MySettings options) { if (string.I…
Answer: SP.NET Core supports multiple configuration providers: JSON (default) Environment Variables Command Line Args INI files XML files In-memory Azure App Configuration Azure Key Vault Secrets Manager Each can be chai…
Answer: Use default values in POCOs or fallback logic: public class MySettings { public string ApiKey { get; set; } = "default-api-key"; } Or: var apiKey = config["MySettings:ApiKey"] ?? "fallback"; What interviewers exp…
? "fallback"; What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (performance, maintainability, security, cost) When you would and would not use it in production Real-wor…
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Use for cross-field validation within a model:
public class Product : IValidatableObject {
public string Name { get; set; }
public decimal Price { get; set; }
public IEnumerable<ValidationResult> Validate(ValidationContext
context) {
if (Price < 0) {
yield return new ValidationResult("Price must be
positive");
}
}
}ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
public class UserValidator : AbstractValidator<User> {
public UserValidator() {
RuleFor(x => x.Email).NotEmpty().EmailAddress();
}
}
Register with:
services.AddFluentValidationAutoValidation();
✅ Offers more readable and testable validation logic than data annotations.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
ModelState.IsInvalid.
ModelState.IsValid.
if (!ModelState.IsValid) return View(model);ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Used to check if bound model passed validation: if (!ModelState.IsValid) { return BadRequest(ModelState); } MVC automatically adds errors to ModelState based on validation attributes.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: SP.NET Core supports binding nested properties: public class Order { public Customer Customer { get; set; } public List<Product> Products { get; set; } } Works seamlessly from JSON or form data if property names match.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Use [Required] for non-nullable fields. For optional values, use nullable types. Use ModelState to report and handle missing/invalid fields. Return custom error messages if needed.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Model binding does not sanitize input — it binds raw data. 🛡 To prevent attacks (XSS, injection), sanitize: Strings: HTML encode output (@Html.Encode) Manually clean input before use Use antivirus/malware scanners for uploaded files
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Used for file uploads from forms (not [FromBody]):
public IActionResult Upload(IFormFile file)
{
var path = Path.Combine("uploads", file.FileName);
using var stream = new FileStream(path, FileMode.Create);
file.CopyTo(stream);
}
📝 For multiple files:
List<IFormFile> files
Configuration & AppSettings
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: SPNETCORE_ENVIRONMENT=Development ✅ Loaded in order of precedence, where later files override earlier ones.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Development, Production).
🔧 ASP.NET Core loads them automatically based on the environment:
ASPNETCORE_ENVIRONMENT=Development
✅ Loaded in order of precedence, where later files override earlier ones.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
SP.NET Core uses the ASPNETCORE_ENVIRONMENT variable to determine the runtime
environment.
Supported environments (by convention):
Environment-specific logic can be applied:
if (env.IsDevelopment()) { ... }
lso used to load:
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Production)
ASP.NET Core uses the ASPNETCORE_ENVIRONMENT variable to determine the runtime
environment.
Supported environments (by convention):
Environment-specific logic can be applied:
if (env.IsDevelopment()) { ... }
Also used to load:
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
✅ ASP.NET Core supports hierarchical override of config sources:
MyApp__Logging__LogLevel__Default=Warning
dotnet run --Logging:LogLevel:Default=Debug
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Inject IConfiguration anywhere:
public class MyService {
private readonly string _apiKey;
public MyService(IConfiguration config) {
_apiKey = config["MySettings:ApiKey"];
}
}
You can also access nested settings via config.GetSection("MySettings").
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Bind config to strongly typed objects:
public class MySettings {
public string ApiKey { get; set; }
public int Timeout { get; set; }
}
services.Configure<MySettings>(config.GetSection("MySettings"));
Use via IOptions<MySettings>.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
IOptionsMonitor<T>)
services.
public MyService(IOptions<MySettings> options) {
var settings = options.Value;
}ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: User Secrets (for local dev): dotnet user-secrets init dotnet user-secrets set "MySettings:ApiKey" "secret" Azure Key Vault: builder.Configuration.AddAzureKeyVault(...); ✅ Secure sensitive data like API keys, connection strings, tokens.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
In appsettings.json:
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
}
Supports built-in providers: Console, Debug, EventSource, Azure, etc.
Custom configuration through ILogger<T>.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Stored under "ConnectionStrings" section in appsettings.json:
"ConnectionStrings": {
"DefaultConnection":
"Server=.;Database=AppDb;Trusted_Connection=True;"
}
Read via:
var conn = config.GetConnectionString("DefaultConnection");
Or inject via Options pattern.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
JSON files support live reload:
builder.Configuration.AddJsonFile("appsettings.json", optional:
false, reloadOnChange: true);
IOptionsMonitor<T> automatically updates bound values when config changes.
🔁 Does not work with all sources (e.g., env vars, command line).
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Using POCOs and Options pattern allows type-safe config: services.Configure<MySettings>(config.GetSection("MySettings")); Use [Required], [Range], etc., to add validation.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
You can validate bound config using IValidateOptions<T>:
public class MySettingsValidator : IValidateOptions<MySettings> {
public ValidateOptionsResult Validate(string name, MySettings
options) {
if (string.IsNullOrWhiteSpace(options.ApiKey)) {
return ValidateOptionsResult.Fail("ApiKey is
required.");
}
return ValidateOptionsResult.Success;
}
}
Register with DI:
services.AddSingleton<IValidateOptions<MySettings>,
MySettingsValidator>();
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: SP.NET Core supports multiple configuration providers: JSON (default) Environment Variables Command Line Args INI files XML files In-memory Azure App Configuration Azure Key Vault Secrets Manager Each can be chained with priority.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Use default values in POCOs or fallback logic: public class MySettings { public string ApiKey { get; set; } = "default-api-key"; } Or: var apiKey = config["MySettings:ApiKey"] ?? "fallback";
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
? "fallback";
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.