Core Code
Core Code Modern Dev Handbook
DOTNET Contents
Foundations (Hosting, DI, Config)
Hosting Model & Kestrel Reality DI Lifetimes (This Will Leak/Break) Options Pattern & Config Binding Env Config & Secrets (Don't Bake) Logging Basics with ILogger Health Checks: Readiness vs Liveness Graceful Shutdown Basics
Web Services Basics (ASP.NET Core)
Controllers vs Minimal APIs (Tradeoffs in Prod) Middleware Pipeline Order (Bugs You Deserve) Routing Basics (Endpoints That Bite) Endpoint Filters Basics Request/Response Streaming (Backpressure Matters) Static Files (Security Foot-guns) Shutdown Draining (Don't Drop In-Flight)
Routing, Binding & Validation
Model Binding Gotchas Validation with FluentValidation (Basics) Input Validation: What to Validate Where File Upload Basics & Hardening Querystring Filtering & Limits Multipart Size Limits (Stop Zip Bombs)
Errors & Problem Details (RFC 7807)
Exception Handling Middleware (Correctly) Problem Details (RFC 7807) Done Right Validation Errors as Problem Details Error Codes & API Contracts Global JSON Settings (Safe Defaults) 404 vs Validation (Client UX & Semantics)
Authentication & Authorization
Cookie vs Bearer Auth (Don't Mix Blindly) JWT Validation Basics (What Actually Matters) JWT Key Rotation & kid Handling AuthZ Policies, Roles, Claims Resource-Based Authorization ASP.NET Identity: When to Use It mTLS Client Certs (Basics)
Security Basics (Production)
CORS Misconfigurations (Real Impact) Security Headers (Baseline) CSRF: SameSite vs Token Defenses XSS: Output Encoding & HTML Safety Deserialization Hardening SSRF & Egress Controls Rate Limiting Basics (Server-Side) Request Size Limits (Abuse Prevention) Secrets Management for .NET Apps Dependency Vulnerability Scanning
Data Access (EF Core in Prod)
DbContext Lifetime & Pooling (Prod-Safe) Migrations Safe Rollout (No Downtime) Transactions & Isolation Levels N+1 Detection & Fix Query Performance & Index Reality Optimistic Concurrency Tokens Outbox Pattern (Basics) Soft Delete & Global Query Filters Connection Resiliency (Retries Without Lies)
HTTP Clients & Integrations
HttpClientFactory: Pooling & DNS Reality Timeouts & Deadlines (Stop Hanging Threads) Retries & Backoff Policies (When It's Okay) Circuit Breakers (Basics That Matter) Idempotency Keys for Outbound Calls Headers/Auth Forwarding (Don't Leak) HTTP/2 and HTTP/3 Considerations
Reliability Patterns
Timeouts & CancellationTokens (Correct Wiring) Retries: When NOT To (Thundering Herd) Idempotency for APIs (You Need This) Server-Side Rate Limiting (Fairness & Abuse) Bulkheads & Concurrency Limits Backpressure in Streaming (Don't OOM) Graceful Degradation & Fallbacks Saga & Compensation (Basics)
Background Jobs & Hosting
HostedService Basics (The Safe Way) Background Queue with Channels Cron Scheduling: Hangfire vs Built-in Worker Service Deploy Patterns Message Consumers & Idempotency Shutdown: Cancellation & Job Draining
Observability (Logs, Metrics, Traces)
Structured Logging with Serilog Correlation IDs & Trace Context OpenTelemetry Tracing (ASP.NET Core) OpenTelemetry Metrics (SLI-first) Health Checks Deep Dive (Readiness Done Right) Log PII Redaction (Don't Get Sued) Alerting & SLO Basics (Actionable Only) Debugging in Prod (Dumps, Traces)
Performance & Tuning
ThreadPool Starvation (Symptoms & Fix) Async Pitfalls (Deadlocks, Fire-and-Forget) Allocations & GC (What Actually Hurts) Kestrel Tuning & Limits JSON Serialization Performance EF Core Perf Hotspots (How to See Them) Caching: Response/Output Strategies
Testing & Quality Gates
Unit Testing with xUnit (Basics) Integration Tests with WebApplicationFactory Contract Tests (Basics) Mocking HTTP and Time Safely Testcontainers Basics (Real Dependencies) Coverage & Quality Gates (No Theatre) Load Testing with k6 (Basics)
Build, Release & Deploy
Build/Publish, Trimming, AOT (Basics) Dockerizing ASP.NET Core (Production) Config & Secrets in Deploy (No Baking) Blue/Green & Canary (Basics) Migrations & Deploy Order (Avoid Locking) Rollbacks vs Forward-Fix (When Each Wins) Versioning & SemVer (APIs Included) CI/CD Basics (Build, Test, Scan, Ship)
Production Runbooks
Incident Triage Playbook (First 15 Minutes) Dependency Outage Playbook (Third-Party Down) DB Latency Playbook (EF Core Included) Memory Leak Playbook (OOM Hunting) CPU Saturation Playbook (Hot Paths) Timeout Storm Playbook (Cascading Failure) Deploy Failure Playbook (Rollback Safely) Production Readiness Checklist

Health Checks: Readiness vs Liveness

Health checks are a traffic and restart control plane. Learn readiness vs liveness, avoid restart loops, and design checks that prevent cascading failures in Kubernetes and reverse proxies.
On this page

Health Checks Are Not “Is the App Running?”

In production, health checks decide two critical things: - Should this instance receive traffic? - Should this instance be restarted? If you confuse readiness and liveness, you will create: - restart loops - cascading failures - traffic black holes - incident noise that hides the real issue Health checks are a control plane. Treat them like one.

Real Production Incident

Symptoms: - Deployment rolls out, then pods start flapping. - Kubernetes keeps restarting pods. - Error rate spikes because capacity keeps dropping. - Team blames the database because logs show DB timeouts. Root cause: - Liveness check called a database dependency. - Database had a brief latency spike. - Liveness failed, pods restarted, causing reconnect storms. - The reconnect storms amplified DB load, making the outage worse. This is a self-inflicted wound.

Readiness vs Liveness (Burn This Into Your Brain)

Readiness: “Can I safely receive traffic right now?” - If readiness fails, remove instance from load balancer. - Do not restart the process. Liveness: “Is the process fundamentally broken and needs restart?” - If liveness fails, restart the process. - Should be cheap and local. Production rule: External dependencies belong in readiness, not liveness.

Symptom → Cause → Diagnosis → Fix

Symptom: - Frequent restarts after deploy - Instances removed from rotation constantly - Spiky latency and error rate Cause: - Liveness check depends on DB/Redis/HTTP calls - Health endpoint requires auth - Health endpoint is slow or allocates heavily - Wrong timeouts and thresholds Diagnosis: - Check Kubernetes events: probe failures and restart counts. - Hit health endpoints directly (inside cluster). - Measure health endpoint latency. - Verify probes do not require auth headers. Fix: - Make liveness local-only. - Make readiness reflect ability to serve traffic. - Make both fast and non-allocating. - Separate deep dependency checks from the main probes.

Anti-Pattern: Liveness Calls Dependencies

This will create restart loops: 
builder.Services.AddHealthChecks()
    .AddNpgSql(builder.Configuration.GetConnectionString("Main"));
If you expose that as liveness, you restart when DB is slow. That is insane.

Correct Pattern: Separate Checks

Use multiple endpoints: - /health/live for liveness (local only) - /health/ready for readiness (can include critical dependencies) Example: 
builder.Services.AddHealthChecks()
    .AddCheck("self", () => HealthCheckResult.Healthy())
    .AddNpgSql(builder.Configuration.GetConnectionString("Main"), name: "db", tags: new[] { "ready" });
Map endpoints: 
app.MapHealthChecks("/health/live", new HealthCheckOptions
{
    Predicate = r => r.Name == "self"
});

app.MapHealthChecks("/health/ready", new HealthCheckOptions
{
    Predicate = r => r.Tags.Contains("ready")
});
Now: - /health/live never depends on DB. - /health/ready can fail to remove traffic when DB is not usable.

Health Endpoints Must Be Unauthenticated

If you protect health endpoints with auth, you will: - break probes - get false negatives - restart healthy instances Production rule: Health endpoints must be accessible to the platform (cluster, proxy) without user auth. If you need protection: - restrict by network policy / IP allowlist - run on internal port Do not add JWT to probes.

Timeouts and Thresholds Matter

If your readiness probe times out too aggressively, you will eject pods during minor hiccups. If it is too lenient, you will route traffic to broken instances. Tune based on reality: - probe interval - failure threshold - timeout seconds Never copy-paste defaults blindly.

Deep Checks vs Traffic Readiness

You may want deep checks (DB connectivity, downstream services), but do not put everything into readiness. If you tie readiness to every dependency, one flaky downstream can remove all pods from rotation. Strategy: - readiness includes only dependencies required to serve core traffic safely - deep checks exist for dashboards and alerts, not for routing decisions

Operational Notes

Monitoring: - Track readiness failures as a rate. - Track restart count and probe failure reasons. - Alert on rising restart loops (it is usually misconfigured probes). Rollout: - Canary deploy and monitor probe failure patterns. - Validate that new pods become Ready quickly and stay Ready under load. Rollback: - If a new probe configuration causes flapping, revert probe config immediately. - Probe changes should be treated as production changes with the same rigor as code. Risk management: - Avoid “dependency checks in liveness”. - Avoid readiness checks that are slow or lock resources. - Keep health endpoints lightweight.

Checklist

- Liveness is local-only and fast (no network dependencies). - Readiness represents ability to serve traffic, not overall system health. - Health endpoints do not require auth. - Probe timeouts and thresholds are tuned to production reality. - Dependency checks are tagged and separated (live vs ready). - Deep checks exist but do not control traffic unless necessary. - Monitoring alerts on probe failures and restart loops. - Probe changes are versioned and rollbackable.
Graceful Shutdown Basics →