Master technical and career interviews with structured answers—short definition, real examples, pitfalls, and how to answer in 60–90 seconds.
PI versioning enables multiple versions of your API to coexist, allowing clients to migrate gradually. Common ways to version APIs in ASP.NET Core: URL versioning (e.g., /api/v1/products) Query string versioning (e.g., /…
api-version=1.0) Header versioning (custom header like api-version: 1.0) Media type versioning (via Accept header, e.g., application/json;v=1) Use the Microsoft.AspNetCore.Mvc.Versioning NuGet package: services.AddApiVer…
Semantic versioning (semver) uses MAJOR.MINOR.PATCH format, e.g., 1.2.0. MAJOR version changes break backward compatibility. MINOR versions add functionality in a backward-compatible manner. PATCH versions are for backwa…
Mark old versions as deprecated via documentation and HTTP response headers. Return warning headers or custom fields indicating version deprecation. Gradually phase out old versions, allowing clients to migrate. Consider…
CORS (Cross-Origin Resource Sharing) is a browser security feature that restricts web pages from making requests to a different domain than the one that served the web page, to prevent cross-site attacks. CORS defines a…
pp.UseCors("AllowSpecificOrigin"); What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core projects Trade-offs (performance, maintainability, security, cost) When you would and would not use it i…
Configure in Startup.cs or Program.cs: services.AddCors(options => options.AddPolicy("AllowSpecificOrigin", builder => builder.WithOrigins(" .AllowAnyHeader() .AllowAnyMethod(); }); }); Enable middleware: app.UseCo…
For certain CORS requests (e.g., methods other than GET/POST or custom headers), browsers send an OPTIONS request first, called a preflight. The server must respond with allowed methods, headers, and origins. Properly co…
Global CORS: Apply a policy for all endpoints by adding middleware early in the pipeline with app.UseCors(...). Per-endpoint CORS: Apply CORS policies selectively using the [EnableCors("PolicyName")] or [DisableCors] att…
To allow cookies or credentials in cross-origin requests, configure: builder.WithOrigins(" .AllowCredentials() .AllowAnyHeader() .AllowAnyMethod(); Clients must send requests with credentials: 'include'. Note: Allowing c…
Improperly configured CORS can expose your API to CSRF and data theft. Avoid using AllowAnyOrigin with AllowCredentials as browsers block it. Restrict origins to trusted domains. Validate CORS headers and avoid overly pe…
Kestrel is the default cross-platform web server for ASP.NET Core, lightweight and fast. IIS acts as a reverse proxy on Windows, forwarding requests to Kestrel. Reverse proxies improve security, manage SSL, handle load b…
InProcess hosting runs ASP.NET Core app inside the IIS worker process (w3wp.exe), better performance. OutOfProcess hosting runs the app in a separate process, IIS proxies requests to it. InProcess is default in ASP.NET C…
Answer: Services must expose health check endpoints. These are periodically checked by service discovery systems (like Consul, Eureka, or Kubernetes) to ensure that only healthy services are available for discovery. What…
Answer: ASP.NET Core has built-in logging with providers (Console, Debug, EventSource). Third-party libs like Serilog and NLog offer rich sinks, structured logging. Configure logging via appsettings.json or code. What in…
Answer: compression In-memory caching stores data on server memory for fast retrieval. Distributed caching uses external stores (Redis, SQL) for multiple servers. Response compression reduces payload size using gzip, Bro…
Answer: Avoid blocking calls in async code to prevent deadlocks. Use async/await properly. Protect shared data with locks or concurrent collections. Avoid thread starvation with thread pool tuning. What interviewers expe…
Answer: Memory leaks can occur if IDisposable objects aren’t disposed. Use dependency injection lifetimes properly. Be cautious with static references and events holding objects. Use tools like dotMemory, PerfView. What…
Answer: Design apps to be stateless so any server instance can handle requests. Use distributed caches or external session stores. Load balancers distribute traffic to multiple instances. What interviewers expect A clear…
Answer: Containerize apps with Docker for consistent deployments. Use Azure App Services, Azure Kubernetes Service for cloud hosting. Set up CI/CD pipelines (GitHub Actions, Azure DevOps) for automated builds and deploym…
Answer: Monitor app health, request metrics, errors. Use OpenTelemetry for distributed tracing. Integrate with Application Insights, Prometheus, Grafana. What interviewers expect A clear definition tied to ASP.NET Core i…
Answer: Enforce HTTPS. Use Anti-forgery tokens to prevent CSRF. Sanitize input to prevent XSS. Follow OWASP guidelines to secure apps. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core proj…
Answer: Use Response Compression Middleware to compress responses. Use Response Caching Middleware to cache GET responses. Middleware can be composed for layered processing. What interviewers expect A clear definition ti…
Answer: Response caching caches HTTP responses based on headers. Output caching (new in ASP.NET Core 7) caches entire output of endpoints. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NET Core…
Answer: Use Redis or SQL Server for distributed cache/session in multi-server environments. Helps maintain session state without sticky sessions. What interviewers expect A clear definition tied to ASP.NET Core in ASP.NE…
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
PI versioning enables multiple versions of your API to coexist, allowing clients to migrate
gradually.
Common ways to version APIs in ASP.NET Core:
● Media type versioning (via Accept header, e.g., application/json;v=1)
Use the Microsoft.AspNetCore.Mvc.Versioning NuGet package:
services.AddApiVersioning(options => {
options.AssumeDefaultVersionWhenUnspecified = true;
options.DefaultApiVersion = new ApiVersion(1, 0);
options.ReportApiVersions = true;
});
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
api-version=1.0)
Use the Microsoft.AspNetCore.Mvc.Versioning NuGet package:
services.AddApiVersioning(options => {
options.AssumeDefaultVersionWhenUnspecified = true;
options.DefaultApiVersion = new ApiVersion(1, 0);
options.ReportApiVersions = true;
});
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Semantic versioning (semver) uses MAJOR.MINOR.PATCH format, e.g., 1.2.0.
Version negotiation allows clients and servers to agree on an API version via headers or
URL. Servers should support multiple versions and respond with supported version info.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
CORS (Cross-Origin Resource Sharing) is a browser security feature that restricts web
pages from making requests to a different domain than the one that served the web page, to
prevent cross-site attacks.
CORS defines a way for servers to allow controlled access to resources from a different
origin.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
pp.UseCors("AllowSpecificOrigin");
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Configure in Startup.cs or Program.cs:
services.AddCors(options =>
options.AddPolicy("AllowSpecificOrigin",
builder =>
builder.WithOrigins("
.AllowAnyHeader()
.AllowAnyMethod();
});
});
Enable middleware:
app.UseCors("AllowSpecificOrigin");
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
headers), browsers send an OPTIONS request first, called a preflight.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
pipeline with app.UseCors(...).
[EnableCors("PolicyName")] or [DisableCors] attributes on controllers or
actions.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
builder.WithOrigins("
.AllowCredentials()
.AllowAnyHeader()
.AllowAnyMethod();
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Cross‑Cutting / Advanced / “Miscellaneous”
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
fast.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
(w3wp.exe), better performance.
it.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Services must expose health check endpoints. These are periodically checked by service discovery systems (like Consul, Eureka, or Kubernetes) to ensure that only healthy services are available for discovery.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: ASP.NET Core has built-in logging with providers (Console, Debug, EventSource). Third-party libs like Serilog and NLog offer rich sinks, structured logging. Configure logging via appsettings.json or code.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: compression In-memory caching stores data on server memory for fast retrieval. Distributed caching uses external stores (Redis, SQL) for multiple servers. Response compression reduces payload size using gzip, Brotli middleware.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Avoid blocking calls in async code to prevent deadlocks. Use async/await properly. Protect shared data with locks or concurrent collections. Avoid thread starvation with thread pool tuning.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Memory leaks can occur if IDisposable objects aren’t disposed. Use dependency injection lifetimes properly. Be cautious with static references and events holding objects. Use tools like dotMemory, PerfView.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Design apps to be stateless so any server instance can handle requests. Use distributed caches or external session stores. Load balancers distribute traffic to multiple instances.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Containerize apps with Docker for consistent deployments. Use Azure App Services, Azure Kubernetes Service for cloud hosting. Set up CI/CD pipelines (GitHub Actions, Azure DevOps) for automated builds and deployments.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Monitor app health, request metrics, errors. Use OpenTelemetry for distributed tracing. Integrate with Application Insights, Prometheus, Grafana.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Enforce HTTPS. Use Anti-forgery tokens to prevent CSRF. Sanitize input to prevent XSS. Follow OWASP guidelines to secure apps.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Use Response Compression Middleware to compress responses. Use Response Caching Middleware to cache GET responses. Middleware can be composed for layered processing.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Response caching caches HTTP responses based on headers. Output caching (new in ASP.NET Core 7) caches entire output of endpoints.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
ASP.NET Core ASP.NET Core Tutorial · ASP.NET Core
Answer: Use Redis or SQL Server for distributed cache/session in multi-server environments. Helps maintain session state without sticky sessions.
In a production ASP.NET Core application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.