Core Code
Core Code Modern Dev Handbook
DOTNET Contents
Foundations (Hosting, DI, Config)
Hosting Model & Kestrel Reality DI Lifetimes (This Will Leak/Break) Options Pattern & Config Binding Env Config & Secrets (Don't Bake) Logging Basics with ILogger Health Checks: Readiness vs Liveness Graceful Shutdown Basics
Web Services Basics (ASP.NET Core)
Controllers vs Minimal APIs (Tradeoffs in Prod) Middleware Pipeline Order (Bugs You Deserve) Routing Basics (Endpoints That Bite) Endpoint Filters Basics Request/Response Streaming (Backpressure Matters) Static Files (Security Foot-guns) Shutdown Draining (Don't Drop In-Flight)
Routing, Binding & Validation
Model Binding Gotchas Validation with FluentValidation (Basics) Input Validation: What to Validate Where File Upload Basics & Hardening Querystring Filtering & Limits Multipart Size Limits (Stop Zip Bombs)
Errors & Problem Details (RFC 7807)
Exception Handling Middleware (Correctly) Problem Details (RFC 7807) Done Right Validation Errors as Problem Details Error Codes & API Contracts Global JSON Settings (Safe Defaults) 404 vs Validation (Client UX & Semantics)
Authentication & Authorization
Cookie vs Bearer Auth (Don't Mix Blindly) JWT Validation Basics (What Actually Matters) JWT Key Rotation & kid Handling AuthZ Policies, Roles, Claims Resource-Based Authorization ASP.NET Identity: When to Use It mTLS Client Certs (Basics)
Security Basics (Production)
CORS Misconfigurations (Real Impact) Security Headers (Baseline) CSRF: SameSite vs Token Defenses XSS: Output Encoding & HTML Safety Deserialization Hardening SSRF & Egress Controls Rate Limiting Basics (Server-Side) Request Size Limits (Abuse Prevention) Secrets Management for .NET Apps Dependency Vulnerability Scanning
Data Access (EF Core in Prod)
DbContext Lifetime & Pooling (Prod-Safe) Migrations Safe Rollout (No Downtime) Transactions & Isolation Levels N+1 Detection & Fix Query Performance & Index Reality Optimistic Concurrency Tokens Outbox Pattern (Basics) Soft Delete & Global Query Filters Connection Resiliency (Retries Without Lies)
HTTP Clients & Integrations
HttpClientFactory: Pooling & DNS Reality Timeouts & Deadlines (Stop Hanging Threads) Retries & Backoff Policies (When It's Okay) Circuit Breakers (Basics That Matter) Idempotency Keys for Outbound Calls Headers/Auth Forwarding (Don't Leak) HTTP/2 and HTTP/3 Considerations
Reliability Patterns
Timeouts & CancellationTokens (Correct Wiring) Retries: When NOT To (Thundering Herd) Idempotency for APIs (You Need This) Server-Side Rate Limiting (Fairness & Abuse) Bulkheads & Concurrency Limits Backpressure in Streaming (Don't OOM) Graceful Degradation & Fallbacks Saga & Compensation (Basics)
Background Jobs & Hosting
HostedService Basics (The Safe Way) Background Queue with Channels Cron Scheduling: Hangfire vs Built-in Worker Service Deploy Patterns Message Consumers & Idempotency Shutdown: Cancellation & Job Draining
Observability (Logs, Metrics, Traces)
Structured Logging with Serilog Correlation IDs & Trace Context OpenTelemetry Tracing (ASP.NET Core) OpenTelemetry Metrics (SLI-first) Health Checks Deep Dive (Readiness Done Right) Log PII Redaction (Don't Get Sued) Alerting & SLO Basics (Actionable Only) Debugging in Prod (Dumps, Traces)
Performance & Tuning
ThreadPool Starvation (Symptoms & Fix) Async Pitfalls (Deadlocks, Fire-and-Forget) Allocations & GC (What Actually Hurts) Kestrel Tuning & Limits JSON Serialization Performance EF Core Perf Hotspots (How to See Them) Caching: Response/Output Strategies
Testing & Quality Gates
Unit Testing with xUnit (Basics) Integration Tests with WebApplicationFactory Contract Tests (Basics) Mocking HTTP and Time Safely Testcontainers Basics (Real Dependencies) Coverage & Quality Gates (No Theatre) Load Testing with k6 (Basics)
Build, Release & Deploy
Build/Publish, Trimming, AOT (Basics) Dockerizing ASP.NET Core (Production) Config & Secrets in Deploy (No Baking) Blue/Green & Canary (Basics) Migrations & Deploy Order (Avoid Locking) Rollbacks vs Forward-Fix (When Each Wins) Versioning & SemVer (APIs Included) CI/CD Basics (Build, Test, Scan, Ship)
Production Runbooks
Incident Triage Playbook (First 15 Minutes) Dependency Outage Playbook (Third-Party Down) DB Latency Playbook (EF Core Included) Memory Leak Playbook (OOM Hunting) CPU Saturation Playbook (Hot Paths) Timeout Storm Playbook (Cascading Failure) Deploy Failure Playbook (Rollback Safely) Production Readiness Checklist

Outbox Pattern (Basics)

If you publish events from the same DB write, you need the outbox. Otherwise you will lose messages, double-send, or ship inconsistent state. This is the minimal outbox for EF Core.
On this page

Production incident

Order is created in the database and then a message is published to the broker. A transient network failure happens after DB commit but before publish. The order exists but downstream never sees the event. Customers see paid orders that never ship. You built a distributed transaction by accident and it failed as expected.

Symptom

  • Downstream systems miss events for records that exist in the DB.
  • Manual replays create duplicates because you do not have idempotency.
  • Incidents are "data mismatch" between services.

Cause

  • DB commit and message publish are not atomic.
  • Retries publish duplicates or skip publishes depending on failure timing.
  • No durable event store with retryable delivery.

Diagnosis

// Look for patterns: SaveChanges then broker publish in the same request
grep -R "SaveChangesAsync" -n .
grep -R "Publish" -n . | head

// Incident signal: orders exist but no downstream processing record

Anti-pattern

await db.SaveChangesAsync();
await broker.PublishAsync(new OrderCreated { OrderId = order.Id });
// If this fails after commit, you are inconsistent

Correct pattern

Write the event to an Outbox table in the same transaction, then deliver asynchronously with retries and idempotency.

// Outbox entity
public class OutboxMessage
{
    public Guid Id { get; set; }
    public DateTime CreatedAtUtc { get; set; }
    public string Type { get; set; } = "";
    public string PayloadJson { get; set; } = "";
    public DateTime? ProcessedAtUtc { get; set; }
    public int AttemptCount { get; set; }
    public string? LastError { get; set; }
}

// In the same transaction as your business write
await using var tx = await db.Database.BeginTransactionAsync();

db.Orders.Add(order);

db.Outbox.Add(new OutboxMessage
{
    Id = Guid.NewGuid(),
    CreatedAtUtc = DateTime.UtcNow,
    Type = "OrderCreated",
    PayloadJson = Serialize(new { order.Id, order.CreatedAtUtc })
});

await db.SaveChangesAsync();
await tx.CommitAsync();

// Separate background worker delivers outbox messages

Delivery worker rules

  • Batch fetch unprocessed messages with a limit.
  • Mark processed only after broker ack.
  • Retry with backoff and a max attempt policy.
  • Use idempotency keys on consumer side (message Id).
// Worker sketch
var batch = await db.Outbox
    .Where(m => m.ProcessedAtUtc == null)
    .OrderBy(m => m.CreatedAtUtc)
    .Take(100)
    .ToListAsync();

foreach (var msg in batch)
{
    try
    {
        await broker.PublishAsync(msg.Type, msg.PayloadJson, msg.Id);
        msg.ProcessedAtUtc = DateTime.UtcNow;
        msg.LastError = null;
    }
    catch (Exception ex)
    {
        msg.AttemptCount++;
        msg.LastError = ex.Message;
        // Backoff policy handled by scheduling or next run
    }
}

await db.SaveChangesAsync();

Security and performance impact

  • Performance: async delivery decouples request latency from broker latency.
  • Security: outbox payloads must avoid sensitive data. Treat payload as potentially logged and replicated.

Operational notes

  • Monitoring: outbox backlog size, oldest unprocessed age, publish failure rate, attempts distribution.
  • Rollout: start writing outbox first, then enable worker, then switch consumers if needed.
  • Rollback: you can stop the worker to halt propagation while preserving durability. You can reprocess later.

Checklist

  • Business write and outbox insert are in the same transaction.
  • Delivery is async with retries and backoff.
  • Consumers are idempotent using message Id.
  • Outbox backlog and age are monitored with alerts.
  • Payload avoids secrets and PII where possible.
Soft Delete & Global Query Filters →