1. What is asp .net core web api ?

Answer : ASP.NET Core Web API is used to build RESTful backend services that are optimized for performance, scalability, and cloud deployment. In real projects, it is mainly used to expose business functionality to web, mobile, or third-party clients using JSON over HTTP, with built-in support for dependency injection, middleware, security, and logging.

2. Describe the process of creating and consuming custom Middleware in ASP.NET Core Web API.

Answer :  Middleware is used when you need logic to run for every request, such as logging, exception handling, authentication, or request transformation.

• You create a middleware class with InvokeAsync

• You inject required services through constructor

• You register it early or late in the pipeline based on behavior

Ordering matters a lot. For example, exception middleware should be placed at the top, while authentication must run before authorization.

3. How do you implement custom validation in ASP.NET Core Web API?

Answer : 

• Basic validation using data annotations

• Business validation using FluentValidation or service-level checks

• Complex rules handled inside the domain or service layer

4. Explain the Role of Action Filters in ASP.NET Core Web API.

Answer :

Action filters are mainly used for cross-cutting concerns such as logging, auditing, input validation, and performance monitoring.

In real applications, filters are preferred over controller logic when the same behavior needs to be reused across multiple endpoints.

5. How does the ASP.NET Core Web API Routing Engine Work?

Answer : Routing matches incoming requests based on route templates and HTTP verbs.

6. What are the best practices for logging in ASP.NET Core Web API?

Answer : 

• Log meaningful business events, not everything

• Use structured logging

• Correlate logs using request IDs

7. What are Web API filters?

Answer : Filters allow execution of logic at different stages of request processing. They are commonly used for authorization, validation, logging, and exception handling.

8. What is HSTS in asp . Net ?

Answer : HSTS forces browsers to communicate only over HTTPS. In production, this is enabled to prevent downgrade attacks and ensure secure communication.

9. How do you return custom error message from an api ?

Answer : Errors are handled using global exception middleware. APIs return consistent error structures with proper HTTP status codes, making it easier for frontend teams to consume and debug.

10. What is developer exception page ?

Answer : It provides detailed exception information during development. It is disabled in production to avoid leaking sensitive details.

11. How do you prevent CSRF attack in asp .net core?

Answer :  For APIs using cookies, CSRF is handled using anti-forgery tokens and SameSite cookies. For token-based APIs (JWT), CSRF is usually not a concern when tokens are sent via headers.

12. How do you implement jwt authentication in asp .net core ?

Answer : JWT is implemented using authentication middleware. Tokens are issued after login and validated on each request. In real systems, token expiration, refresh tokens, and secure storage are critical considerations.

13. How do you protect API endpoint in asp .net core ?

Answer : Endpoints are protected using authorization policies, roles, and claims. Business-critical endpoints often use policy-based authorization instead of simple role checks.

14. How do you return json in web api ?

Answer : JSON is returned by default. In experienced projects, serialization settings are carefully configured for performance, naming conventions, and backward compatibility.

15. Explain the differences between Singleton, Scoped, and Transient lifetimes in ASP.NET Core Web API.

Answer : 

• Singleton is used for stateless services like configuration or caching

• Scoped is used for request-based services like database contexts

• Transient is used for lightweight, short-lived services

16. How do you define controller in asp .net core web api ?

Answer : Controllers inherit from ControllerBase and focus only on handling HTTP concerns. Business logic is delegated to services, following clean architecture principles.

17. How do you manage configuration settings in ASP.NET Core Web API?

Answer : Configuration is environment-based using appsettings.json, environment variables, and secure stores like Azure Key Vault in production.

18. How do you implement health checks in ASP.NET Core Web API?

Answer : Health checks are exposed as endpoints and monitored by load balancers or orchestration tools. They check application health and external dependencies like databases.

19. Difference between ASP.NET Web API and ASP.NET Core Web API?

Answer : ASP.NET Core Web API is cross-platform, faster, modular, and designed for microservices and cloud-native architectures.

20. What is REST?

Answer : REST is an architectural style that emphasizes statelessness, resource-based URLs, and standard HTTP methods, making APIs scalable and easy to consume.

21. What is [ApiController] attribute?

Answer : It improves developer productivity by enforcing best practices like automatic model validation and consistent error responses.

22. Difference between IActionResult and ActionResult?

Answer : ActionResult<T> is preferred in modern APIs because it provides strong typing along with flexible HTTP responses.

23. What is Asynchronous Programming?

Answer :  Async programming allows the server to handle more concurrent requests efficiently by freeing threads during I/O operations.

24. How do you host ASP.NET Core Web API?

Answer : Experienced teams host APIs using containers, cloud services, or load-balanced environments to ensure scalability and availability.

25. How does Web API connect to a database?

Answer : APIs interact with databases through repository or service layers using ORM tools like Entity Framework Core or micro-ORMs like Dapper.

26. Why async programming is important in Web API? 

Answer :  Async programming is critical for high-traffic APIs to maintain responsiveness and optimal resource usage.

27. How do you enable CORS in Web API?

Answer :  CORS policies are carefully configured to allow only trusted domains and avoid security risks.

28. How do you enable HTTPS in Web API?

Answer : HTTPS is enforced using SSL certificates and middleware. In production, HSTS is also enabled.

29. What are filters in Web API?

Answer : Filters help centralize logic such as validation, authorization, and logging, reducing duplication across controllers.

30. What media types are supported by Web API ?

Answer : Most production APIs primarily use JSON, with support for XML or other formats when required.