ASP.NET Core Web API – Advanced (51–75)

51. What is Model Validation in ASP.NET Core?

Answer: Ensures API request data is valid before processing. Automatically triggered using Data Annotations.

Code Example:

public class Product
{
    [Required] public string Name { get; set; }
    [Range(1, 10000)] public decimal Price { get; set; }
}

[HttpPost]
public IActionResult Create(Product product)
{
    if(!ModelState.IsValid) return BadRequest(ModelState);
    return Ok(product);
}
    

52. What is IActionResult vs ActionResult<T>?

Answer:

• IActionResult → flexible, can return multiple result types.
• ActionResult<T> → strongly typed with automatic 200 response.

public ActionResult<Product> Get(int id)
{
    var product = _context.Products.Find(id);
    if(product == null) return NotFound();
    return product;
}
    

53. What are Filters?

Answer: Filters run before/after controller actions for cross-cutting concerns like logging or authorization.

public class LogActionFilter : IActionFilter
{
    public void OnActionExecuting(ActionExecutingContext context)
        => Console.WriteLine("Before Action");

    public void OnActionExecuted(ActionExecutedContext context)
        => Console.WriteLine("After Action");
}
    

54. Difference between Use vs Run in Middleware?

Answer:

• Use → calls next middleware (await next())
• Run → terminates pipeline (no next)

app.Use(async (ctx, next) => { await next(); });
app.Run(async ctx => { await ctx.Response.WriteAsync("End"); });
    

55. How do you secure sensitive data in appsettings.json?

Answer: Use User Secrets, environment variables, or Azure Key Vault.

dotnet user-secrets set "JWT:Secret" "supersecretkey"
var key = builder.Configuration["JWT:Secret"];
    

56. What is Health Check in ASP.NET Core?

Answer: Provides endpoint to monitor API health.

builder.Services.AddHealthChecks();
app.MapHealthChecks("/health");
    

57. What is OpenAPI / Swagger?

Answer: Auto-generates API docs with UI to test endpoints.

builder.Services.AddSwaggerGen();
app.UseSwagger();
app.UseSwaggerUI();
    

58. What are Status Codes in Web API?

Answer:

• 200 → OK
• 201 → Created
• 400 → Bad Request
• 401 → Unauthorized
• 404 → Not Found
• 500 → Internal Server Error

return Ok(); 
return CreatedAtAction(...); 
return BadRequest(); 
return NotFound();
    

59. What is IActionResult vs JSON?

Answer:

• IActionResult → flexible result (status + content)
• JSON → format of response data

return Ok(new { Id=1, Name="Laptop" });
    

60. Difference between ASP.NET Core versions?

Answer:

• 2.x → Initial Core
• 3.x → Endpoint Routing
• 5.x/6.x → Minimal APIs
• 7.x → Performance improvements

61. How do you implement versioning for API?

[ApiVersion("1.0")]
[Route("api/v{version:apiVersion}/products")]
public class ProductsV1Controller : ControllerBase {}
    

62. How to handle large file uploads?

[HttpPost("upload")]
public async Task Upload(IFormFile file)
{
    using var stream = new FileStream($"uploads/{file.FileName}", FileMode.Create);
    await file.CopyToAsync(stream);
    return Ok();
}
    

63. Filtering + Sorting + Paging

var data = _context.Products
    .Where(p => p.Price > minPrice)
    .OrderBy(p => p.Name)
    .Skip((page-1)*size)
    .Take(size)
    .ToList();
    

64. What is IHttpClientFactory?

builder.Services.AddHttpClient();
var client = _httpClientFactory.CreateClient();
    

65. How to implement caching?

var products = _cache.GetOrCreate("products", e=>_context.Products.ToList());
    

66. What is SignalR?

app.MapHub<ChatHub>("/chat");
    

67. Logging

_logger.LogInformation("Fetched {Count} products", products.Count);
    

68. Rate Limiting

builder.Services.AddRateLimiter(...);
    

69. Concurrency in EF Core

[Timestamp] public byte[] RowVersion { get; set; }
    

70. What is HATEOAS?

return Ok(new { Id=1, Name="Laptop", Links=new[]{ "/products/1" } });
    

71. Minimal API vs Controller API

app.MapGet("/products", () => _context.Products.ToList());
    

72. API Testing

[Fact] public void Get_ReturnsOk() 
{ 
    Assert.IsType<OkObjectResult>(controller.Get()); 
}
    

73. Global Exception Handling

app.UseExceptionHandler("/error");
    

74. Authentication

[Authorize]
public IActionResult GetSecureData() => Ok("Secure");
    

75. Deployment

• IIS
• Nginx
• Docker
• Azure App Service / AWS