Interview Q&A

Master technical and career interviews with structured answers—short definition, real examples, pitfalls, and how to answer in 60–90 seconds.

4616 total questions 4516 technical 100 career & HR 4346 from PDF library

Showing 151–175 of 226

Popular tracks

Mid PDF
Masking sensitive configuration data ✅ Best practices: ● Don't log sensitive values ● Use [JsonIgnore] or remove values before logging ● Mask in logs manually: _logger.LogInformation("Token: {Token}", Mask(token)); ● Never store secrets in source-controlled files (appsettings.json) ● Use user-secrets, Key Vault, or environment variables instead

uthentication & Authorization (JWT, Identity) What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (performance, maintainability, security, cost) When you would and…

ASP.NET Core Read answer
Mid PDF
Masking sensitive configuration data?

✅ Best practices: Don't log sensitive values Use [JsonIgnore] or remove values before logging Mask in logs manually: _logger.LogInformation("Token: {Token}", Mask(token)); Never store secrets in source-controlled files (…

ASP.NET Core Read answer
Mid PDF
How to configure ASP.NET Core Identity

SP.NET Core Identity provides a complete solution for: User registration & login Roles, claims, tokens Password hashing Two-factor authentication ✅ Setup: dotnet add package Microsoft.AspNetCore.Identity.EntityFramew…

ASP.NET Core Read answer
Mid PDF
JWT Bearer tokens: what it is, how to configure?

JWT (JSON Web Token) is a compact, URL-safe token format used for authentication. ✅ Configure JWT auth: services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValida…

ASP.NET Core Read answer
Mid PDF
Role-based vs policy-based authorization?

✅ Role-based: [Authorize(Roles = "Admin")] ✅ Policy-based: services.AddAuthorization(options => { options.AddPolicy("CanEdit", policy => policy.RequireClaim("EditPermission")); }); Then use: [Authorize(Policy = "Ca…

ASP.NET Core Read answer
Mid PDF
Using Claims Claims are user attributes (e.g., email, role, permissions).?

Answer: dd claims when creating identity: var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim("Permission", "Edit") }; ccess in code: var claim = User.FindFirst("Permission")…

ASP.NET Core Read answer
Mid PDF
Using Claims Claims are user attributes (e.g., email, role, permissions). Add claims when creating identity: var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim("Permission", "Edit") }; Access in code: var claim = User.FindFirst("Permission")?

.Value; What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (performance, maintainability, security, cost) When you would and would not use it in production Real-world exa…

ASP.NET Core Read answer
Mid PDF
Cookie-based authentication Used in traditional MVC apps for session-based auth. services.AddAuthentication(CookieAuthenticationDefaults.Authenticati onScheme) .AddCookie(options => { options.LoginPath = "/Account/Login"; }); On login:

Answer: wait HttpContext.SignInAsync(principal); Cookies are stored in the browser and sent with each request. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (perform…

ASP.NET Core Read answer
Mid PDF
Cookie-based authentication?

Used in traditional MVC apps for session-based auth. services.AddAuthentication(CookieAuthenticationDefaults.Authenticati onScheme) .AddCookie(options =&gt; { options.LoginPath = "/Account/Login"; }); On login: await Htt…

ASP.NET Core Read answer
Mid PDF
External logins (OAuth, OpenID Connect) Use built-in providers: services.AddAuthentication() .AddGoogle(options => { options.ClientId = "..."; options.ClientSecret = "..."; });

Answer: lso supports: Facebook Microsoft Twitter OpenID Connect Azure AD Use RemoteAuthenticationHandler&amp;lt;T&amp;gt; or Identity scaffolding. What interviewers expect A clear definition tied to ASP.NET Core in ASP.N…

ASP.NET Core Read answer
Mid PDF
External logins (OAuth, OpenID Connect)?

Use built-in providers: services.AddAuthentication() .AddGoogle(options =&gt; { options.ClientId = "..."; options.ClientSecret = "..."; }); Also supports: Facebook Microsoft Twitter OpenID Connect Azure AD Use RemoteAuth…

ASP.NET Core Read answer
Mid PDF
Refresh tokens?

Used with JWT to renew access tokens after expiration without logging in again. Issue refresh token along with access token. Store securely (DB or secure HTTP-only cookie). On access token expiration, send refresh token…

ASP.NET Core Read answer
Mid PDF
Token expiration, token revocation?

JWTs typically expire in 5–30 minutes. Expired tokens cannot be used. Revocation requires token blacklisting (e.g., database of revoked tokens). ✅ Configure expiration: Expires = DateTime.UtcNow.AddMinutes(30) ✅ Use refr…

ASP.NET Core Read answer
Mid PDF
Securing routes with [Authorize] and [AllowAnonymous]?

Answer: [Authorize]: Requires authenticated user [Authorize(Roles = "Admin")]: Requires role [AllowAnonymous]: Allows access without login Example: [Authorize] public IActionResult Dashboard() { } [AllowAnonymous] public…

ASP.NET Core Read answer
Mid PDF
Custom authorization policies and handlers?

Define complex authorization rules using IAuthorizationHandler: public class MinimumAgeRequirement : IAuthorizationRequirement { public int Age { get; } public MinimumAgeRequirement(int age) =&gt; Age = age; public class…

ASP.NET Core Read answer
Mid PDF
Data protection (for cookies, tokens)?

SP.NET Core uses Data Protection API to: Encrypt authentication cookies Protect tokens (e.g., password reset tokens) Configure: services.AddDataProtection() .PersistKeysToFileSystem(new DirectoryInfo("path")) .SetApplica…

ASP.NET Core Read answer
Mid PDF
Multi-tenant auth scenarios?

Multi-tenancy can involve: Per-tenant databases Per-tenant user stores Per-tenant roles/policies Strategies: Use claims to store tenant ID Filter data per tenant Custom middleware for tenant resolution Can integrate with…

ASP.NET Core Read answer
Mid PDF
Securing password storage?

SP.NET Core Identity uses PBKDF2 hashing by default. Best practices: Never store plaintext passwords Use salted + hashed storage Use PasswordHasher&lt;T&gt; or Identity defaults Use: PasswordHasher&lt;T&gt;.HashPassword(…

ASP.NET Core Read answer
Mid PDF
Two‐factor authentication (2FA)?

Supported out of the box in ASP.NET Core Identity. Options: SMS (via provider) Email Authenticator app (TOTP) Enable via Identity configuration: services.Configure&lt;IdentityOptions&gt;(options =&gt; { options.SignIn.Re…

ASP.NET Core Read answer
Mid PDF
What are filters in ASP.NET Core?

Filters are components that run code before or after certain stages in the request pipeline within MVC or Razor Pages. Types of filters include: Authorization filters: Run before any other filter to check user authorizat…

ASP.NET Core Read answer
Mid PDF
How do filters differ from middleware?

Middleware is part of the global HTTP request pipeline and executes for every request. Filters only run within MVC/Razor pipeline, for controller actions or Razor Pages handlers. Middleware runs earlier and can short-cir…

ASP.NET Core Read answer
Mid PDF
How to create and use custom filters?

Create a custom filter by implementing one of the filter interfaces like: public class CustomActionFilter : IActionFilter { public void OnActionExecuting(ActionExecutingContext context) { // Before action executes } publ…

ASP.NET Core Read answer
Mid PDF
Global filters vs per-controller/action filters ● Global filters apply to all MVC actions, registered via AddControllers or AddMvc options. ● Controller or action filters are applied via attributes directly on controllers or

Answer: ctions. Global filters are best for cross-cutting concerns like logging, exception handling. Controller/action filters are best for behavior specific to particular routes or endpoints. What interviewers expect A…

ASP.NET Core Read answer
Mid PDF
Global filters vs per-controller/action filters?

Global filters apply to all MVC actions, registered via AddControllers or AddMvc options. Controller or action filters are applied via attributes directly on controllers or actions. Global filters are best for cross-cutt…

ASP.NET Core Read answer
Mid PDF
Filter attributes vs service-based filters?

Filter attributes are instantiated per request and support parameters, but have limited DI capabilities. Service-based filters (using ServiceFilter or TypeFilter) allow filters to be resolved from DI container, enabling…

ASP.NET Core Read answer

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

uthentication &amp; Authorization (JWT, Identity)

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

✅ Best practices:

  • Don't log sensitive values
  • Use [JsonIgnore] or remove values before logging
  • Mask in logs manually:

_logger.LogInformation("Token: {Token}", Mask(token));

  • Never store secrets in source-controlled files (appsettings.json)
  • Use user-secrets, Key Vault, or environment variables instead

Authentication & Authorization

(JWT, Identity)

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

SP.NET Core Identity provides a complete solution for:

  • User registration & login
  • Roles, claims, tokens
  • Password hashing
  • Two-factor authentication

✅ Setup:

dotnet add package Microsoft.AspNetCore.Identity.EntityFrameworkCore

In Startup or Program.cs:

services.AddIdentity<IdentityUser, IdentityRole>()

.AddEntityFrameworkStores<ApplicationDbContext>()

.AddDefaultTokenProviders();

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

JWT (JSON Web Token) is a compact, URL-safe token format used for authentication.

✅ Configure JWT auth:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

.AddJwtBearer(options => {

options.TokenValidationParameters = new

TokenValidationParameters {

ValidateIssuer = true,

ValidateAudience = true,

ValidateLifetime = true,

ValidateIssuerSigningKey = true,

IssuerSigningKey = new

SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-secret"))

};

});

Use [Authorize] to secure endpoints.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

✅ Role-based:

[Authorize(Roles = "Admin")]

✅ Policy-based:

services.AddAuthorization(options => {

options.AddPolicy("CanEdit", policy =>

policy.RequireClaim("EditPermission"));

});

Then use:

[Authorize(Policy = "CanEdit")]

Policy-based gives more flexibility (custom requirements, claims, logic).

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: dd claims when creating identity: var claims = new List&lt;Claim&gt; { new Claim(ClaimTypes.Name, user.UserName), new Claim("Permission", "Edit") }; ccess in code: var claim = User.FindFirst("Permission")?.Value;

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

.Value;

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: wait HttpContext.SignInAsync(principal); Cookies are stored in the browser and sent with each request.

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Used in traditional MVC apps for session-based auth.

services.AddAuthentication(CookieAuthenticationDefaults.Authenticati

onScheme)

.AddCookie(options => {

options.LoginPath = "/Account/Login";

});

On login:

await HttpContext.SignInAsync(principal);

Cookies are stored in the browser and sent with each request.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: lso supports: Facebook Microsoft Twitter OpenID Connect Azure AD Use RemoteAuthenticationHandler&lt;T&gt; or Identity scaffolding.

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Use built-in providers:

services.AddAuthentication()

.AddGoogle(options => {

options.ClientId = "...";

options.ClientSecret = "...";

});

Also supports:

  • Facebook
  • Microsoft
  • Twitter
  • OpenID Connect
  • Azure AD

Use RemoteAuthenticationHandler<T> or Identity scaffolding.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Used with JWT to renew access tokens after expiration without logging in again.

  • Issue refresh token along with access token.
  • Store securely (DB or secure HTTP-only cookie).
  • On access token expiration, send refresh token to get a new one.

You must manually implement refresh token logic (not built-in to Identity).

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • JWTs typically expire in 5–30 minutes.
  • Expired tokens cannot be used.
  • Revocation requires token blacklisting (e.g., database of revoked tokens).

✅ Configure expiration:

Expires = DateTime.UtcNow.AddMinutes(30)

✅ Use refresh tokens to handle expiration.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: [Authorize]: Requires authenticated user [Authorize(Roles = "Admin")]: Requires role [AllowAnonymous]: Allows access without login Example: [Authorize] public IActionResult Dashboard() { } [AllowAnonymous] public IActionResult Login() { }

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Define complex authorization rules using IAuthorizationHandler:

public class MinimumAgeRequirement : IAuthorizationRequirement {

public int Age { get; }

public MinimumAgeRequirement(int age) => Age = age;

public class MinimumAgeHandler :

AuthorizationHandler<MinimumAgeRequirement> {

protected override Task HandleRequirementAsync(...) {

// logic

Register in DI and use with [Authorize(Policy = "...")].

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

SP.NET Core uses Data Protection API to:

  • Encrypt authentication cookies
  • Protect tokens (e.g., password reset tokens)

Configure:

services.AddDataProtection()

.PersistKeysToFileSystem(new DirectoryInfo("path"))

.SetApplicationName("AppName");

Used internally by Identity and cookie middleware.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Multi-tenancy can involve:

  • Per-tenant databases
  • Per-tenant user stores
  • Per-tenant roles/policies

Strategies:

  • Use claims to store tenant ID
  • Filter data per tenant
  • Custom middleware for tenant resolution

Can integrate with IdentityServer4 or Azure AD B2C for federated auth.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

SP.NET Core Identity uses PBKDF2 hashing by default.

Best practices:

  • Never store plaintext passwords
  • Use salted + hashed storage
  • Use PasswordHasher<T> or Identity defaults

Use:

PasswordHasher<T>.HashPassword(user, password)

Can switch to Argon2, Bcrypt via custom password hasher.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Supported out of the box in ASP.NET Core Identity.

Options:

  • SMS (via provider)
  • Email
  • Authenticator app (TOTP)

Enable via Identity configuration:

services.Configure<IdentityOptions>(options => {

options.SignIn.RequireConfirmedEmail = true;

});

Use SignInManager<T> to handle verification and token generation.

Filters & Middleware Overlaps

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Filters are components that run code before or after certain stages in the request pipeline

within MVC or Razor Pages. Types of filters include:

  • Authorization filters: Run before any other filter to check user authorization.
  • Resource filters: Run after authorization and before model binding.
  • Action filters: Run before and after the execution of action methods.
  • Exception filters: Handle unhandled exceptions thrown by actions.
  • Result filters: Run before and after action results are executed.

Filters allow you to inject logic at these specific points.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • Middleware is part of the global HTTP request pipeline and executes for every

request.

  • Filters only run within MVC/Razor pipeline, for controller actions or Razor Pages

handlers.

  • Middleware runs earlier and can short-circuit the entire pipeline; filters run later,

scoped to MVC processing.

  • Middleware is good for cross-cutting concerns affecting all requests, filters are better
for concerns around controller/action execution.
Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Create a custom filter by implementing one of the filter interfaces like:

public class CustomActionFilter : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{

// Before action executes

}
public void OnActionExecuted(ActionExecutedContext context)
{

// After action executes

}
}

Register globally in Startup:

services.AddControllersWithViews(options =>

{

options.Filters.Add<CustomActionFilter>();

});

Or decorate controllers/actions:

[ServiceFilter(typeof(CustomActionFilter))]

public class HomeController : Controller { ... }
Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: ctions. Global filters are best for cross-cutting concerns like logging, exception handling. Controller/action filters are best for behavior specific to particular routes or endpoints.

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • Global filters apply to all MVC actions, registered via AddControllers or AddMvc

options.

  • Controller or action filters are applied via attributes directly on controllers or

actions.

  • Global filters are best for cross-cutting concerns like logging, exception handling.
  • Controller/action filters are best for behavior specific to particular routes or endpoints.
Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • Filter attributes are instantiated per request and support parameters, but have

limited DI capabilities.

  • Service-based filters (using ServiceFilter or TypeFilter) allow filters to be

resolved from DI container, enabling constructor injection.

Use service-based filters when you need dependencies injected.

Permalink & share
Toolliyo Assistant
Ask about tutorials, ebooks, training, pricing, mentor services, and support. I use public site content only—not admin or internal tools.

care@toolliyo.com

Need callback? Share your details