.

NET Core API Interview Questions and Answers

Author: Adit Sheth

.NET CORE BASICS

1. What is .NET Core?
NET Core is a free, open-source, cross-platform framework developed by Microsoft for
building modern, scalable, high-performance applications. It supports Windows, Linux,
and macOS, and can be used to build web apps, APIs, microOservices, console apps, and
more.

2. Difference between .NET Core and .NET Framework

a Platform Support: NET Core is cross-platform, while NET Framework runs

only on Windows.

o Open Sourco: NET Core is open-source, .NET Framework is not fully

open-source.

o Performance: .NET Core is optimized for performance and scalability.

o Deployment: .NET Core allows side-by-side installations.

3. What is Kestrel?
Kestrel is a lightwelght, cross-platform web server used by ASP.NET Core. It is the
default server and sits behind IS or Nginx in production for better security and
performance.

4. What Is Middleware In ASP.NET Core?

Middleware are components that are assembled into an application pipeline to handle
er they reach a
requests and responses. They can process requests before and ater
ontroller.

5 Explain the Startup.cs flle.

Startup.cs contains two main methods:

o ConfigureServlces: Used to register services into the DI conlainer.

o Configure: Dafines the HTTP request pipeline using middleware components.

 What is the Program.cs file?
This is the entry point of an ASP.NET Core application. It creates and configures the
application's host, which is responsible for app startup and lifetime management.

7. What are the advantages of .NET Core?

o Cross-platform

a Open-source

High performance

o Built-in dependency injection

o Supports containerization

8. What is HostBullder In .NET Core?

HostBuilder is used lo create and configure a host for the app. Il sets up dependencies,
configuration, and logging.
9. How do you configure logging in ASP.NET Core?
Use the ILogger<T> interface and configure providers in Program.cs or
appsettings.json (e.g., Console, Debug. Application Insights).

10.What is Dependency lnjection (DI) in ASP.NET Core?

DI is a technique for achieving Inversion of Control (loC) between classes and their
dependencies. ASP.NET Core has built-in support for DI through the service container

WEB API FUNDAMENTALS

11. What is ASP.NET Core Web API?

It is a framework for building RESTÍul services over HTTP. It is ideal for creating APIs
that are used by browsers, mobile apps, or other services.

12. How do you define a controller in Web API?

A controller is a class that inherits from ControllerBase or Controller. It contains
aclion methods decorated with HTTP attributes (e.g.. (HItpGel], [HtlpPost])

13. What are Actlon Methods?

Action methods are public methods in a controller class that respond to HTTP requests.
 14. How do you return JSON in Web API?
By default, ASP.NET Core returns JSON using System.Text. Json or optionally
Newtonsoft.Json.

15. What is Routing in ASP.NET Core?

Routing is the mechanisn that maps incoming HTTP requests to controller actions. I
can be done through attribute rouling or conventional routing.

16. Attribute Routing vs Conventional Routing

Attribute Routing: Uses attributes like [Route("api[controller]")].

Conventional Routing: Uses predefined patterns in Startup.cs or Program. cs.

17.What is Model Binding?

Model binding automatically maps HTTP request data (e.g.. from query strings, lorms)
to action method parameters.
18. What is Model Validation?
Uses data annotations (e.g.. [Required], (Rangel) to validate Incoming data. ASPNET
Core validates automatically before the action is executed.

19. What are lActionResult and ActionResult?

These are return types for action methods

IActionResult alloWs multiple response types.

ActionResult combines T with IActionResult for convenience.

20. How to implement GET, POoST, PUT, DELETE in API?

Use atributes like [HttpGet]. [HttpPost], [HttpPut). [HttpDelela) in your controller
methods. Example:

[HttpGet(id)"))
public ActionResult<Product> Get(int id)

SECURITY & AUTHENTICATION

21. What is Authentlcatlon in ASP.NET Core?

Authentication is the process of identifying who the user is. ASPNET Core supports
various authentication schemes like cookie-based, JWT bearer token, OAuth2, and
 OpenlD Connect.

22. What is Authorlzatlon In ASP.NET Core?

Authorization is the process of determining what actions a user can perform. It ocurs
after authentication and is enforced using roles, policies, or claims.

23. What is the differonce between Authentication and Authorization?

Authentication: Verifies user identity

Authorizatlon: Grants or denies access to resources based on user identity

24. How do you implernent JWT authentication in ASP.NET Core?

You use the Microsoft . AspNetCore . Authentication.JwtBearer package and
configure JWT options in Program.cs or Startup.cs. You also set up token
validation parameters like issuer, audience, and signing key.

25. How do you protect API endpoints in ASP.NET Core?

Use the [Authorize] attribute lo restrict access to authenticated users. You can also
USe role-based or policy-based authorization.

26. What is the AllowÂnonymous] attribute?

It overrides the Authorize]attribute and allows unauthentlcated access to aspecific
action or controller.

27. What are Clalms in ASP.NET Core?

Claims are key-value pairs that represent user data. They aro used in claims-based
authorization to grant or derny access to resources.

28. What is Policy-based Authorization?

Policy-biseo authorizalion
a eallows you to create custom rules that users must meet.
Policies aro configured in Program.cs or Startup.cs and enforced using
| Author ize ( Policy"PolicyName )).

29. How to implemont Role-based Authortzation?

Assign roles users and use [Authorize (Roles=" Admin")]to protect resources
accessibie only to those roles

30. What is OAuth2?

OAuth2 is an aulhorization framework that allows third-party applications to access user
Conn
t exposing credentials, It is commonly used with OpeniD Connect for identity
data without o

management.
MIDDLEWARE, FILTERS & ERROR HANDLING

41. What is Middleware In ASP.NET Core?

Middleware are software components that are executed in sequence in the request
pipeline. Each middleware can handle requests, modify responses, or pass control to the
next middleware.

42. How to creato custom middleware?

Create a class with a constructor accepting RequestDelegate and implement the
Invoke or InvokeAsync method. Register it using
app. UseMiddleware<YourMiddleware>()
43. What is the order of middleware execution?
Middleware is execuled in the order it is added in Progr am.es or Startup.cs. The
order is crucial as it affects request and response handling.

44. What is Uso, Run, and Map In middioware?

Use: Adds middleware that can call the next middleware.

Run: Terminal middleware that doesn't call the next.

"Map: Branches the pipeline based on the request path.

45. What are Filters in ASP.NET Core?

Filters are used to execute code before or after certain stages in the request pipeline.
Examples include Authorizaionfilter, ActionFilter, ExceptionFilter, and ResultFilter,

46. What Is an Action Filter?

An Action Filter executes custom logic before or after an action method runs. You
implement IActionF1lter or IAsVncACtionF1lter roate one.

47. What ls an Excoptlon Flter?

Exception Filters handle unhandled exceptions thrown by actions. Implement
IExcept ionFilter to create a custom exception handler.
48. What is a Global Filter?
Global filters are registered in ConfigureServices and apply to all controllers and
actions.
 49. How to handle oxceptions globally in Web API?
Use UseExceptionHandler() middieware to catch and handle exceptions globally
You can also use custom middleware or Exception Fihers.

50. What is the Developer Exception Page?

It shows detailed exception information during development. Enabled with
app.UseDeve loperExcept ionPage( ).

ADVANCED .NET CORE QUESTIONs

51. What is the ditferance betwean IActionResult and ActionResult <T>?

" IActionResult allows multiple response types.

" ActionResult combines T with IActionResult for convenience.

doa n l v e n i o n i n g In ASP.NET Core

52. Howc Weh ADI
You t APl versioning using the Microsott.AspNotCore. Mvc.Versioning
library It allows you to define versioned routes, query strings, or headers ifferent
API versions.

53. What is Swagger, and how da you use it in ASP.NET Core?

Swagger is a lool used to document and test RESTul APIs. In ASPNET Core. you can
use Swashbuckle to generale and visualize API documentalion

54. How to secure sonsitive data in apPsettingsjson?

Avoid storing secrets directly Use Secret Manager, environrnent variabies, or Aure
Key Vaut for sensitive irnformation.

55. How do you pravent CSRF attacks in ASP.NET Core?

ASPNET Core provides antikorgery tokens ([ Val1dateAnt1Forgery Token ]) to
prevent CSRF attacks APIs, use other strategies like same-origin policies or custom
headers.

56. What is HTTPS redirection middleware7

It automatically redirects HTTP requests to HTTPS. This is added via
app.UseHt tp sRedirect ion() in the pipeline

57. What is HSTS in ASP.NET Core?

HTTP Strict Transport Security (HSTS) is a security feature that tells browsers to only
 use HTTPS. Enabled with app.UseHsts().

58. How do you handle unauthorized requests in Wob API?

Use exception handling middleware or confiqure StatusCodePages to return custom
JSON responses when users are unauthorized (401) or forbidden (403).

59. How do you secure sensitive data in appsetings.json?

Avoid storing secrets directly. Use Secret Manager, environment variables, or Azure Key
Vault for sensilive informalion.

60. How do you Implement CORS In ASP.NET Core?

CORS (Cross-Origin Resource Sharing) allows APis to be accessed from different
domains. Enable it with app.UseCors () and configure policies in
ConfigureServices.