Core Code
Core Code Modern Dev Handbook
DOTNET Contents
Foundations (Hosting, DI, Config)
Hosting Model & Kestrel Reality DI Lifetimes (This Will Leak/Break) Options Pattern & Config Binding Env Config & Secrets (Don't Bake) Logging Basics with ILogger Health Checks: Readiness vs Liveness Graceful Shutdown Basics
Web Services Basics (ASP.NET Core)
Controllers vs Minimal APIs (Tradeoffs in Prod) Middleware Pipeline Order (Bugs You Deserve) Routing Basics (Endpoints That Bite) Endpoint Filters Basics Request/Response Streaming (Backpressure Matters) Static Files (Security Foot-guns) Shutdown Draining (Don't Drop In-Flight)
Routing, Binding & Validation
Model Binding Gotchas Validation with FluentValidation (Basics) Input Validation: What to Validate Where File Upload Basics & Hardening Querystring Filtering & Limits Multipart Size Limits (Stop Zip Bombs)
Errors & Problem Details (RFC 7807)
Exception Handling Middleware (Correctly) Problem Details (RFC 7807) Done Right Validation Errors as Problem Details Error Codes & API Contracts Global JSON Settings (Safe Defaults) 404 vs Validation (Client UX & Semantics)
Authentication & Authorization
Cookie vs Bearer Auth (Don't Mix Blindly) JWT Validation Basics (What Actually Matters) JWT Key Rotation & kid Handling AuthZ Policies, Roles, Claims Resource-Based Authorization ASP.NET Identity: When to Use It mTLS Client Certs (Basics)
Security Basics (Production)
CORS Misconfigurations (Real Impact) Security Headers (Baseline) CSRF: SameSite vs Token Defenses XSS: Output Encoding & HTML Safety Deserialization Hardening SSRF & Egress Controls Rate Limiting Basics (Server-Side) Request Size Limits (Abuse Prevention) Secrets Management for .NET Apps Dependency Vulnerability Scanning
Data Access (EF Core in Prod)
DbContext Lifetime & Pooling (Prod-Safe) Migrations Safe Rollout (No Downtime) Transactions & Isolation Levels N+1 Detection & Fix Query Performance & Index Reality Optimistic Concurrency Tokens Outbox Pattern (Basics) Soft Delete & Global Query Filters Connection Resiliency (Retries Without Lies)
HTTP Clients & Integrations
HttpClientFactory: Pooling & DNS Reality Timeouts & Deadlines (Stop Hanging Threads) Retries & Backoff Policies (When It's Okay) Circuit Breakers (Basics That Matter) Idempotency Keys for Outbound Calls Headers/Auth Forwarding (Don't Leak) HTTP/2 and HTTP/3 Considerations
Reliability Patterns
Timeouts & CancellationTokens (Correct Wiring) Retries: When NOT To (Thundering Herd) Idempotency for APIs (You Need This) Server-Side Rate Limiting (Fairness & Abuse) Bulkheads & Concurrency Limits Backpressure in Streaming (Don't OOM) Graceful Degradation & Fallbacks Saga & Compensation (Basics)
Background Jobs & Hosting
HostedService Basics (The Safe Way) Background Queue with Channels Cron Scheduling: Hangfire vs Built-in Worker Service Deploy Patterns Message Consumers & Idempotency Shutdown: Cancellation & Job Draining
Observability (Logs, Metrics, Traces)
Structured Logging with Serilog Correlation IDs & Trace Context OpenTelemetry Tracing (ASP.NET Core) OpenTelemetry Metrics (SLI-first) Health Checks Deep Dive (Readiness Done Right) Log PII Redaction (Don't Get Sued) Alerting & SLO Basics (Actionable Only) Debugging in Prod (Dumps, Traces)
Performance & Tuning
ThreadPool Starvation (Symptoms & Fix) Async Pitfalls (Deadlocks, Fire-and-Forget) Allocations & GC (What Actually Hurts) Kestrel Tuning & Limits JSON Serialization Performance EF Core Perf Hotspots (How to See Them) Caching: Response/Output Strategies
Testing & Quality Gates
Unit Testing with xUnit (Basics) Integration Tests with WebApplicationFactory Contract Tests (Basics) Mocking HTTP and Time Safely Testcontainers Basics (Real Dependencies) Coverage & Quality Gates (No Theatre) Load Testing with k6 (Basics)
Build, Release & Deploy
Build/Publish, Trimming, AOT (Basics) Dockerizing ASP.NET Core (Production) Config & Secrets in Deploy (No Baking) Blue/Green & Canary (Basics) Migrations & Deploy Order (Avoid Locking) Rollbacks vs Forward-Fix (When Each Wins) Versioning & SemVer (APIs Included) CI/CD Basics (Build, Test, Scan, Ship)
Production Runbooks
Incident Triage Playbook (First 15 Minutes) Dependency Outage Playbook (Third-Party Down) DB Latency Playbook (EF Core Included) Memory Leak Playbook (OOM Hunting) CPU Saturation Playbook (Hot Paths) Timeout Storm Playbook (Cascading Failure) Deploy Failure Playbook (Rollback Safely) Production Readiness Checklist

HttpClientFactory: Pooling & DNS Reality

HttpClientFactory fixes the classic socket exhaustion trap, but it does not magically make outbound HTTP safe. This covers handler pooling, DNS refresh, lifetime tuning, and how to stop stale IPs and connection storms from taking your service down.
On this page

Production incident

You deploy a service that calls an upstream behind a load balancer. Everything looks fine for hours. Then a routine upstream rotation happens and the load balancer changes IPs. Your service keeps calling dead IPs, requests hang, thread pool queues up, and latency explodes. At the same time, you see a spike in ephemeral ports and TIME_WAIT because another team member created new HttpClient instances per request to "avoid stale DNS". You now have two outages: stale DNS and socket exhaustion.

What actually happened

  • Creating HttpClient per request creates new sockets aggressively. Under load, you run out of ephemeral ports and you drown in TIME_WAIT.
  • Keeping a single static HttpClient forever can keep connections pinned to old endpoints if DNS changes and connections are reused indefinitely.
  • IHttpClientFactory solves both by pooling handlers and rotating them on a schedule, but you must configure lifetimes and per-client policies intentionally.

Symptoms

  • Outbound calls start timing out in bursts after upstream IP rotation or failover.
  • Connection-level errors: connection refused, no route to host, name resolution errors, TLS handshake failures under load.
  • App CPU might be moderate, but thread pool queue length grows because requests are waiting on I/O.
  • OS networking shows high socket counts, TIME_WAIT spikes, or SNAT exhaustion in cloud environments.

Root causes

  • Per-request HttpClient: creates too many sockets and defeats pooling.
  • Infinite handler lifetime: DNS changes do not take effect for existing connections; you keep calling dead IPs.
  • Wrong client usage: using the wrong named client, missing base address, missing default headers, or bypassing the factory.

Diagnosis

# App-side: look for incorrect construction
grep -R "new HttpClient" -n .
grep -R "IHttpClientFactory" -n .

# Linux quick checks (if you have node access)
ss -s
ss -tan state time-wait | wc -l
ss -tan state established | wc -l

# Container level (if available)
cat /proc/net/sockstat

In logs and tracing, confirm whether failures correlate with upstream changes, deployment windows, or traffic spikes. If you have distributed tracing, check outbound span counts and duration distributions.

Anti-pattern

// This will blow up in prod under load (socket exhaustion)
public async Task<string> CallUpstream()
{
    using var client = new HttpClient();
    return await client.GetStringAsync("https://upstream/api");
}

// This can blow up later (stale connections forever)
public static readonly HttpClient Client = new HttpClient();
// No handler rotation, no per-service policy boundary

Correct pattern

Use IHttpClientFactory and configure handler lifetimes and connection behavior. Separate clients by upstream and by risk profile.

// Program.cs / Startup.cs
services.AddHttpClient("UpstreamA", client =>
{
    client.BaseAddress = new Uri("https://upstream-a/");
    client.DefaultRequestHeaders.UserAgent.ParseAdd("myservice/1.0");
})
.ConfigurePrimaryHttpMessageHandler(() => new SocketsHttpHandler
{
    // Connection pooling defaults are usually fine, but tune for your environment:
    PooledConnectionIdleTimeout = TimeSpan.FromMinutes(2),
    PooledConnectionLifetime = TimeSpan.FromMinutes(10), // forces rotation
    MaxConnectionsPerServer = 128,
    AutomaticDecompression = System.Net.DecompressionMethods.GZip | System.Net.DecompressionMethods.Deflate
})
.SetHandlerLifetime(TimeSpan.FromMinutes(10)); // handler rotation for DNS refresh

// Usage
public class UpstreamClient
{
    private readonly HttpClient _http;

    public UpstreamClient(IHttpClientFactory factory)
        => _http = factory.CreateClient("UpstreamA");

    public Task<HttpResponseMessage> GetHealthAsync(CancellationToken ct)
        => _http.GetAsync("health", ct);
}

DNS and lifetime guidance

  • Handler lifetime: if you never rotate handlers, you can keep stale connections. If you rotate too aggressively, you lose reuse and increase handshake cost.
  • Start points: 5 to 10 minutes lifetime is a common baseline for services behind load balancers. Adjust based on upstream rotation frequency and connection cost.
  • PooledConnectionLifetime: forces connection recycling even if active, helping spread load and refresh endpoints.

Security and performance impact

  • Performance: correct pooling reduces latency and CPU by reusing connections and TLS sessions.
  • Security: stable client configuration prevents accidental header leakage and supports consistent TLS policy (protocols, cert validation, proxy rules).

Operational notes

  • Monitoring: outbound latency, timeout rate, DNS failures, connection errors, active sockets, and retry volume.
  • Rollout: change lifetimes gradually. A too-short lifetime can spike TLS handshakes and hurt upstream.
  • Rollback: keep configuration behind a feature flag (handler lifetime, max connections). Be able to revert without redeploying code.

Checklist

  • No per-request HttpClient creation on hot paths.
  • Each upstream has a named or typed client with explicit configuration.
  • Handler lifetime and pooled connection lifetime are set intentionally.
  • Connection limits are set to prevent overload (MaxConnectionsPerServer).
  • Dashboards show outbound failures, latency, and socket pressure signals.
Timeouts & Deadlines (Stop Hanging Threads) →