Interview Q&A

Master technical and career interviews with structured answers—short definition, real examples, pitfalls, and how to answer in 60–90 seconds.

4616 total questions 4516 technical 100 career & HR 4346 from PDF library

Showing 176–200 of 260

Popular tracks

Mid PDF
Using Claims Claims are user attributes (e.g., email, role, permissions). Add claims when creating identity: var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim("Permission", "Edit") }; Access in code: var claim = User.FindFirst("Permission")?

.Value; What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (performance, maintainability, security, cost) When you would and would not use it in production Real-world exa…

ASP.NET Core Read answer
Mid PDF
Cookie-based authentication Used in traditional MVC apps for session-based auth. services.AddAuthentication(CookieAuthenticationDefaults.Authenticati onScheme) .AddCookie(options => { options.LoginPath = "/Account/Login"; }); On login:

Answer: wait HttpContext.SignInAsync(principal); Cookies are stored in the browser and sent with each request. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (perform…

ASP.NET Core Read answer
Mid PDF
Cookie-based authentication?

Used in traditional MVC apps for session-based auth. services.AddAuthentication(CookieAuthenticationDefaults.Authenticati onScheme) .AddCookie(options =&gt; { options.LoginPath = "/Account/Login"; }); On login: await Htt…

ASP.NET Core Read answer
Mid PDF
External logins (OAuth, OpenID Connect) Use built-in providers: services.AddAuthentication() .AddGoogle(options => { options.ClientId = "..."; options.ClientSecret = "..."; });

Answer: lso supports: Facebook Microsoft Twitter OpenID Connect Azure AD Use RemoteAuthenticationHandler&amp;lt;T&amp;gt; or Identity scaffolding. What interviewers expect A clear definition tied to ASP.NET Core in ASP.N…

ASP.NET Core Read answer
Mid PDF
External logins (OAuth, OpenID Connect)?

Use built-in providers: services.AddAuthentication() .AddGoogle(options =&gt; { options.ClientId = "..."; options.ClientSecret = "..."; }); Also supports: Facebook Microsoft Twitter OpenID Connect Azure AD Use RemoteAuth…

ASP.NET Core Read answer
Mid PDF
Refresh tokens?

Used with JWT to renew access tokens after expiration without logging in again. Issue refresh token along with access token. Store securely (DB or secure HTTP-only cookie). On access token expiration, send refresh token…

ASP.NET Core Read answer
Mid PDF
Token expiration, token revocation?

JWTs typically expire in 5–30 minutes. Expired tokens cannot be used. Revocation requires token blacklisting (e.g., database of revoked tokens). ✅ Configure expiration: Expires = DateTime.UtcNow.AddMinutes(30) ✅ Use refr…

ASP.NET Core Read answer
Mid PDF
Securing routes with [Authorize] and [AllowAnonymous]?

Answer: [Authorize]: Requires authenticated user [Authorize(Roles = "Admin")]: Requires role [AllowAnonymous]: Allows access without login Example: [Authorize] public IActionResult Dashboard() { } [AllowAnonymous] public…

ASP.NET Core Read answer
Junior PDF
Custom authorization policies and handlers Define complex authorization rules using IAuthorizationHandler: public class MinimumAgeRequirement : IAuthorizationRequirement { public int Age { get; } public MinimumAgeRequirement(int age) => Age = age; } public class MinimumAgeHandler :

Answer: uthorizationHandler&amp;lt;MinimumAgeRequirement&amp;gt; { protected override Task HandleRequirementAsync(...) { // logic } } Register in DI and use with [Authorize(Policy = "...")]. What interviewers expect A cl…

ASP.NET Core Read answer
Mid PDF
Custom authorization policies and handlers?

Define complex authorization rules using IAuthorizationHandler: public class MinimumAgeRequirement : IAuthorizationRequirement { public int Age { get; } public MinimumAgeRequirement(int age) =&gt; Age = age; public class…

ASP.NET Core Read answer
Mid PDF
Data protection (for cookies, tokens)?

SP.NET Core uses Data Protection API to: Encrypt authentication cookies Protect tokens (e.g., password reset tokens) Configure: services.AddDataProtection() .PersistKeysToFileSystem(new DirectoryInfo("path")) .SetApplica…

ASP.NET Core Read answer
Mid PDF
Multi-tenant auth scenarios?

Multi-tenancy can involve: Per-tenant databases Per-tenant user stores Per-tenant roles/policies Strategies: Use claims to store tenant ID Filter data per tenant Custom middleware for tenant resolution Can integrate with…

ASP.NET Core Read answer
Mid PDF
Securing password storage?

SP.NET Core Identity uses PBKDF2 hashing by default. Best practices: Never store plaintext passwords Use salted + hashed storage Use PasswordHasher&lt;T&gt; or Identity defaults Use: PasswordHasher&lt;T&gt;.HashPassword(…

ASP.NET Core Read answer
Mid PDF
Two‐factor authentication (2FA)?

Supported out of the box in ASP.NET Core Identity. Options: SMS (via provider) Email Authenticator app (TOTP) Enable via Identity configuration: services.Configure&lt;IdentityOptions&gt;(options =&gt; { options.SignIn.Re…

ASP.NET Core Read answer
Mid PDF
What are filters in ASP.NET Core?

Filters are components that run code before or after certain stages in the request pipeline within MVC or Razor Pages. Types of filters include: Authorization filters: Run before any other filter to check user authorizat…

ASP.NET Core Read answer
Mid PDF
How do filters differ from middleware?

Middleware is part of the global HTTP request pipeline and executes for every request. Filters only run within MVC/Razor pipeline, for controller actions or Razor Pages handlers. Middleware runs earlier and can short-cir…

ASP.NET Core Read answer
Junior PDF
What is the order of filters?

Filters run in a specific order depending on their type: Authorization filters run first. Resource filters run next. Model binding happens after resource filters. Action filters run around the action execution. Exception…

ASP.NET Core Read answer
Mid PDF
How to create and use custom filters?

Create a custom filter by implementing one of the filter interfaces like: public class CustomActionFilter : IActionFilter { public void OnActionExecuting(ActionExecutingContext context) { // Before action executes } publ…

ASP.NET Core Read answer
Mid PDF
Global filters vs per-controller/action filters ● Global filters apply to all MVC actions, registered via AddControllers or AddMvc options. ● Controller or action filters are applied via attributes directly on controllers or

Answer: ctions. Global filters are best for cross-cutting concerns like logging, exception handling. Controller/action filters are best for behavior specific to particular routes or endpoints. What interviewers expect A…

ASP.NET Core Read answer
Mid PDF
Global filters vs per-controller/action filters?

Global filters apply to all MVC actions, registered via AddControllers or AddMvc options. Controller or action filters are applied via attributes directly on controllers or actions. Global filters are best for cross-cutt…

ASP.NET Core Read answer
Junior PDF
What is filter context and what can filters do?

Filters receive context objects (e.g., ActionExecutingContext) providing: HTTP context and request data. Access to action parameters. Ability to modify or cancel execution (e.g., short-circuit). Access to the result or e…

ASP.NET Core Read answer
Junior PDF
What is short-circuiting in filters?

Filters can short-circuit by setting the result early, preventing further execution: public void OnActionExecuting(ActionExecutingContext context) { if (!IsAuthorized()) { context.Result = new UnauthorizedResult(); // st…

ASP.NET Core Read answer
Mid PDF
Filter attributes vs service-based filters?

Filter attributes are instantiated per request and support parameters, but have limited DI capabilities. Service-based filters (using ServiceFilter or TypeFilter) allow filters to be resolved from DI container, enabling…

ASP.NET Core Read answer
Mid PDF
Combining filters with middleware for cross-cutting concerns ● Use middleware for concerns that affect all requests (logging, CORS,

uthentication). Use filters for MVC-specific concerns tied to action execution (authorization, validation, caching). Filters can complement middleware for granular control within MVC. Example: Use middleware for global e…

ASP.NET Core Read answer
Mid PDF
Combining filters with middleware for cross-cutting concerns?

Use middleware for concerns that affect all requests (logging, CORS, authentication). Use filters for MVC-specific concerns tied to action execution (authorization, validation, caching). Filters can complement middleware…

ASP.NET Core Read answer

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

.Value;

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: wait HttpContext.SignInAsync(principal); Cookies are stored in the browser and sent with each request.

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Used in traditional MVC apps for session-based auth.

services.AddAuthentication(CookieAuthenticationDefaults.Authenticati

onScheme)

.AddCookie(options => {

options.LoginPath = "/Account/Login";

});

On login:

await HttpContext.SignInAsync(principal);

Cookies are stored in the browser and sent with each request.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: lso supports: Facebook Microsoft Twitter OpenID Connect Azure AD Use RemoteAuthenticationHandler&lt;T&gt; or Identity scaffolding.

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Use built-in providers:

services.AddAuthentication()

.AddGoogle(options => {

options.ClientId = "...";

options.ClientSecret = "...";

});

Also supports:

  • Facebook
  • Microsoft
  • Twitter
  • OpenID Connect
  • Azure AD

Use RemoteAuthenticationHandler<T> or Identity scaffolding.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Used with JWT to renew access tokens after expiration without logging in again.

  • Issue refresh token along with access token.
  • Store securely (DB or secure HTTP-only cookie).
  • On access token expiration, send refresh token to get a new one.

You must manually implement refresh token logic (not built-in to Identity).

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • JWTs typically expire in 5–30 minutes.
  • Expired tokens cannot be used.
  • Revocation requires token blacklisting (e.g., database of revoked tokens).

✅ Configure expiration:

Expires = DateTime.UtcNow.AddMinutes(30)

✅ Use refresh tokens to handle expiration.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: [Authorize]: Requires authenticated user [Authorize(Roles = "Admin")]: Requires role [AllowAnonymous]: Allows access without login Example: [Authorize] public IActionResult Dashboard() { } [AllowAnonymous] public IActionResult Login() { }

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: uthorizationHandler&lt;MinimumAgeRequirement&gt; { protected override Task HandleRequirementAsync(...) { // logic } } Register in DI and use with [Authorize(Policy = "...")].

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Define complex authorization rules using IAuthorizationHandler:

public class MinimumAgeRequirement : IAuthorizationRequirement {

public int Age { get; }

public MinimumAgeRequirement(int age) => Age = age;

public class MinimumAgeHandler :

AuthorizationHandler<MinimumAgeRequirement> {

protected override Task HandleRequirementAsync(...) {

// logic

Register in DI and use with [Authorize(Policy = "...")].

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

SP.NET Core uses Data Protection API to:

  • Encrypt authentication cookies
  • Protect tokens (e.g., password reset tokens)

Configure:

services.AddDataProtection()

.PersistKeysToFileSystem(new DirectoryInfo("path"))

.SetApplicationName("AppName");

Used internally by Identity and cookie middleware.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Multi-tenancy can involve:

  • Per-tenant databases
  • Per-tenant user stores
  • Per-tenant roles/policies

Strategies:

  • Use claims to store tenant ID
  • Filter data per tenant
  • Custom middleware for tenant resolution

Can integrate with IdentityServer4 or Azure AD B2C for federated auth.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

SP.NET Core Identity uses PBKDF2 hashing by default.

Best practices:

  • Never store plaintext passwords
  • Use salted + hashed storage
  • Use PasswordHasher<T> or Identity defaults

Use:

PasswordHasher<T>.HashPassword(user, password)

Can switch to Argon2, Bcrypt via custom password hasher.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Supported out of the box in ASP.NET Core Identity.

Options:

  • SMS (via provider)
  • Email
  • Authenticator app (TOTP)

Enable via Identity configuration:

services.Configure<IdentityOptions>(options => {

options.SignIn.RequireConfirmedEmail = true;

});

Use SignInManager<T> to handle verification and token generation.

Filters & Middleware Overlaps

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Filters are components that run code before or after certain stages in the request pipeline

within MVC or Razor Pages. Types of filters include:

  • Authorization filters: Run before any other filter to check user authorization.
  • Resource filters: Run after authorization and before model binding.
  • Action filters: Run before and after the execution of action methods.
  • Exception filters: Handle unhandled exceptions thrown by actions.
  • Result filters: Run before and after action results are executed.

Filters allow you to inject logic at these specific points.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • Middleware is part of the global HTTP request pipeline and executes for every

request.

  • Filters only run within MVC/Razor pipeline, for controller actions or Razor Pages

handlers.

  • Middleware runs earlier and can short-circuit the entire pipeline; filters run later,

scoped to MVC processing.

  • Middleware is good for cross-cutting concerns affecting all requests, filters are better
for concerns around controller/action execution.
Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Filters run in a specific order depending on their type:

  • Authorization filters run first.
  • Resource filters run next.
  • Model binding happens after resource filters.
  • Action filters run around the action execution.
  • Exception filters handle exceptions thrown during action or result execution.
  • Result filters run around result execution.

Within each type, filters can be ordered by their Order property and whether they are global,

controller-level, or action-level.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Create a custom filter by implementing one of the filter interfaces like:

public class CustomActionFilter : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{

// Before action executes

}
public void OnActionExecuted(ActionExecutedContext context)
{

// After action executes

}
}

Register globally in Startup:

services.AddControllersWithViews(options =>

{

options.Filters.Add<CustomActionFilter>();

});

Or decorate controllers/actions:

[ServiceFilter(typeof(CustomActionFilter))]

public class HomeController : Controller { ... }
Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Answer: ctions. Global filters are best for cross-cutting concerns like logging, exception handling. Controller/action filters are best for behavior specific to particular routes or endpoints.

What interviewers expect

  • A clear definition tied to ASP.NET Core in ASP.NET Core projects
  • Trade-offs (performance, maintainability, security, cost)
  • When you would and would not use it in production

Real-world example

In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.

How to explain in the interview

  1. Define the concept in one or two sentences.
  2. Context — where it fits in ASP.NET Core architecture.
  3. Example — a specific project, bug, or performance win.
  4. Trade-off — what you gain vs what you sacrifice.

Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • Global filters apply to all MVC actions, registered via AddControllers or AddMvc

options.

  • Controller or action filters are applied via attributes directly on controllers or

actions.

  • Global filters are best for cross-cutting concerns like logging, exception handling.
  • Controller/action filters are best for behavior specific to particular routes or endpoints.
Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Filters receive context objects (e.g., ActionExecutingContext) providing:

  • HTTP context and request data.
  • Access to action parameters.
  • Ability to modify or cancel execution (e.g., short-circuit).
  • Access to the result or exceptions.
  • Ability to set result or modify response.

This allows filters to inspect, modify, or block processing at their stage.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

Filters can short-circuit by setting the result early, preventing further execution:

public void OnActionExecuting(ActionExecutingContext context)
{
if (!IsAuthorized())
{
context.Result = new UnauthorizedResult(); // stops pipeline

here

}
}

This prevents action execution and later filters from running.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • Filter attributes are instantiated per request and support parameters, but have

limited DI capabilities.

  • Service-based filters (using ServiceFilter or TypeFilter) allow filters to be

resolved from DI container, enabling constructor injection.

Use service-based filters when you need dependencies injected.

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

uthentication).

  • Use filters for MVC-specific concerns tied to action execution (authorization,

validation, caching).

  • Filters can complement middleware for granular control within MVC.
  • Example: Use middleware for global exception logging, filters for handling

MVC-specific exceptions and returning appropriate views or API responses.

Versioning, CORS

Permalink & share

ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core

  • Use middleware for concerns that affect all requests (logging, CORS,

authentication).

  • Use filters for MVC-specific concerns tied to action execution (authorization,

validation, caching).

  • Filters can complement middleware for granular control within MVC.
  • Example: Use middleware for global exception logging, filters for handling

MVC-specific exceptions and returning appropriate views or API responses.

Versioning, CORS

Permalink & share
Toolliyo Assistant
Ask about tutorials, ebooks, training, pricing, mentor services, and support. I use public site content only—not admin or internal tools.

care@toolliyo.com

Need callback? Share your details