The latest articles on Forem by Adrián Bailador (@adrianbailador). https://forem.com/adrianbailador https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1257287%2F307e3f5d-e99f-4b8f-bc61-55f475e28311.jpeg https://forem.com/adrianbailador en Adrián Bailador Sun, 12 Apr 2026 19:24:04 +0000 https://forem.com/adrianbailador/ive-been-quietly-building-new-features-into-the-coffee-timer-my-pomodoro-productivity-app--1ofd https://forem.com/adrianbailador/ive-been-quietly-building-new-features-into-the-coffee-timer-my-pomodoro-productivity-app--1ofd <p>Here's what just shipped: </p> <p>☕ Focus Stats Dashboard — See your last 7 days of focus time, top tasks by<br><br> pomodoros, and key productivity metrics. (Premium) </p> <p>🗺️ Interactive Onboarding Tour — A step-by-step guided tour with spotlight<br><br> tooltips so new users know exactly what everything does from day one.</p> <p>🌍 Spanish / English toggle — One click to switch the entire UI between EN<br> and ES. Building for a global audience from the start.</p> <p>All of this on top of Spotify integration, ambient sounds, streak tracking, and a beautiful coffee cup that fills as you work. ☕</p> <p>If you're curious, give it a try → <a href="https://thecoffeetimer.com/" rel="noopener noreferrer">https://thecoffeetimer.com/</a></p> <p>Built with React, TypeScript, .NET 8, Supabase &amp; Stripe. Solo project, shipping fast. 🛠️</p> dotnet csharp react productivity Adrián Bailador Sun, 12 Apr 2026 11:09:54 +0000 https://forem.com/adrianbailador/health-checks-in-aspnet-core-beyond-the-basic-health-endpoint-2bpn https://forem.com/adrianbailador/health-checks-in-aspnet-core-beyond-the-basic-health-endpoint-2bpn <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv8phx3drrrxjbrmkexvz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv8phx3drrrxjbrmkexvz.png" alt=" " width="800" height="417"></a></p> <p>A service returning <code>200 OK</code> on <code>/health</code> doesn't mean it's healthy. It means the process is alive and the route handler executed. Your database could be unreachable, your message broker offline, your disk at 99% capacity — and <code>/health</code> would still return green.</p> <p>I've seen this exact situation cause a silent outage. The load balancer was happy, Kubernetes wasn't restarting anything, and the monitoring dashboard showed all services up. Meanwhile, every request that touched the database was failing. The health check was lying.</p> <p>Here's how to make it tell the truth.</p> <h2> The Setup Everyone Has </h2> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs — the version that gives you false confidence</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/health"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="s">"Healthy"</span><span class="p">);</span> </code></pre> </div> <p>Or slightly better, using the built-in middleware:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddHealthChecks</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapHealthChecks</span><span class="p">(</span><span class="s">"/health"</span><span class="p">);</span> </code></pre> </div> <p>Both return <code>200 OK</code> as long as the process is running. Neither checks anything meaningful.</p> <h2> What ASP.NET Core Health Checks Actually Give You </h2> <p>The <code>Microsoft.AspNetCore.Diagnostics.HealthChecks</code> package (included in the ASP.NET Core metapackage) provides an extensible pipeline where each check implements <code>IHealthCheck</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">interface</span> <span class="nc">IHealthCheck</span> <span class="p">{</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">HealthCheckResult</span><span class="p">&gt;</span> <span class="nf">CheckHealthAsync</span><span class="p">(</span> <span class="n">HealthCheckContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>A <code>HealthCheckResult</code> is one of three states:</p> <ul> <li> <code>HealthCheckResult.Healthy()</code> — everything is fine</li> <li> <code>HealthCheckResult.Degraded()</code> — working but not at full capacity</li> <li> <code>HealthCheckResult.Unhealthy()</code> — something is broken</li> </ul> <p>The overall status of the endpoint is the worst status across all registered checks. One <code>Unhealthy</code> check makes the whole endpoint return <code>503 Service Unavailable</code>.</p> <h2> Checking What Actually Matters </h2> <h3> Database Connectivity </h3> <p>The most critical check for most APIs. Install the NuGet package for your database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package AspNetCore.HealthChecks.SqlServer dotnet add package AspNetCore.HealthChecks.NpgSql <span class="c"># PostgreSQL</span> dotnet add package AspNetCore.HealthChecks.MySql <span class="c"># MySQL</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddHealthChecks</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddSqlServer</span><span class="p">(</span> <span class="n">connectionString</span><span class="p">:</span> <span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">.</span><span class="nf">GetConnectionString</span><span class="p">(</span><span class="s">"DefaultConnection"</span><span class="p">)!,</span> <span class="n">healthQuery</span><span class="p">:</span> <span class="s">"SELECT 1"</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="s">"sql-server"</span><span class="p">,</span> <span class="n">failureStatus</span><span class="p">:</span> <span class="n">HealthStatus</span><span class="p">.</span><span class="n">Unhealthy</span><span class="p">,</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"database"</span><span class="p">,</span> <span class="s">"sql"</span><span class="p">])</span> <span class="p">.</span><span class="nf">AddNpgSql</span><span class="p">(</span> <span class="n">connectionString</span><span class="p">:</span> <span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">.</span><span class="nf">GetConnectionString</span><span class="p">(</span><span class="s">"Postgres"</span><span class="p">)!,</span> <span class="n">name</span><span class="p">:</span> <span class="s">"postgresql"</span><span class="p">,</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"database"</span><span class="p">,</span> <span class="s">"postgres"</span><span class="p">]);</span> </code></pre> </div> <blockquote> <p><strong>A note on <code>SELECT 1</code>:</strong> It's the industry standard for this check — fast, universally supported, and harmless. Some purists argue it only verifies the connection, not whether the database is locked or whether the application user has write permissions. They're right. For most services, connectivity is enough. If you need deeper assurance, replace it with a lightweight query against a known table: <code>SELECT TOP 1 1 FROM Orders WITH (NOLOCK)</code>. Just don't go overboard — a health check query that takes 500ms under load is worse than <code>SELECT 1</code>.</p> </blockquote> <h3> Redis Cache </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package AspNetCore.HealthChecks.Redis </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddHealthChecks</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddRedis</span><span class="p">(</span> <span class="n">redisConnectionString</span><span class="p">:</span> <span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">.</span><span class="nf">GetConnectionString</span><span class="p">(</span><span class="s">"Redis"</span><span class="p">)!,</span> <span class="n">name</span><span class="p">:</span> <span class="s">"redis"</span><span class="p">,</span> <span class="n">failureStatus</span><span class="p">:</span> <span class="n">HealthStatus</span><span class="p">.</span><span class="n">Degraded</span><span class="p">,</span> <span class="c1">// degraded, not unhealthy — cache miss is survivable</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"cache"</span><span class="p">]);</span> </code></pre> </div> <p>Notice I'm using <code>Degraded</code> here. If Redis is down, my app still works — it'll be slower, but it won't fail. This distinction matters for Kubernetes probes, as we'll see later.</p> <h3> External HTTP Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package AspNetCore.HealthChecks.Uris </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddHealthChecks</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddUrlGroup</span><span class="p">(</span> <span class="n">uri</span><span class="p">:</span> <span class="k">new</span> <span class="nf">Uri</span><span class="p">(</span><span class="s">"https://api.stripe.com/v1/"</span><span class="p">),</span> <span class="n">name</span><span class="p">:</span> <span class="s">"stripe-api"</span><span class="p">,</span> <span class="n">failureStatus</span><span class="p">:</span> <span class="n">HealthStatus</span><span class="p">.</span><span class="n">Degraded</span><span class="p">,</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"external"</span><span class="p">]);</span> </code></pre> </div> <h3> Writing a Custom Health Check </h3> <p>When a package doesn't exist for your dependency, write your own. It's straightforward:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">OrderServiceHealthCheck</span> <span class="p">:</span> <span class="n">IHealthCheck</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IOrderRepository</span> <span class="n">_orderRepository</span><span class="p">;</span> <span class="k">public</span> <span class="nf">OrderServiceHealthCheck</span><span class="p">(</span><span class="n">IOrderRepository</span> <span class="n">orderRepository</span><span class="p">)</span> <span class="p">{</span> <span class="n">_orderRepository</span> <span class="p">=</span> <span class="n">orderRepository</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">HealthCheckResult</span><span class="p">&gt;</span> <span class="nf">CheckHealthAsync</span><span class="p">(</span> <span class="n">HealthCheckContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">canConnect</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_orderRepository</span><span class="p">.</span><span class="nf">CanConnectAsync</span><span class="p">(</span><span class="n">cancellationToken</span><span class="p">);</span> <span class="k">if</span> <span class="p">(!</span><span class="n">canConnect</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Unhealthy</span><span class="p">(</span><span class="s">"Order repository is unreachable."</span><span class="p">);</span> <span class="p">}</span> <span class="kt">var</span> <span class="n">pendingOrders</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_orderRepository</span><span class="p">.</span><span class="nf">GetPendingCountAsync</span><span class="p">(</span><span class="n">cancellationToken</span><span class="p">);</span> <span class="c1">// Degraded if queue is building up — not broken, but worth knowing</span> <span class="k">if</span> <span class="p">(</span><span class="n">pendingOrders</span> <span class="p">&gt;</span> <span class="m">10_000</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Degraded</span><span class="p">(</span> <span class="s">$"Order queue is growing: </span><span class="p">{</span><span class="n">pendingOrders</span><span class="p">}</span><span class="s"> pending orders."</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="k">new</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">object</span><span class="p">&gt;</span> <span class="p">{</span> <span class="p">[</span><span class="s">"pending_orders"</span><span class="p">]</span> <span class="p">=</span> <span class="n">pendingOrders</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Healthy</span><span class="p">(</span> <span class="n">data</span><span class="p">:</span> <span class="k">new</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">object</span><span class="p">&gt;</span> <span class="p">{</span> <span class="p">[</span><span class="s">"pending_orders"</span><span class="p">]</span> <span class="p">=</span> <span class="n">pendingOrders</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Unhealthy</span><span class="p">(</span> <span class="s">"Order service check threw an exception."</span><span class="p">,</span> <span class="n">exception</span><span class="p">:</span> <span class="n">ex</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Register it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddHealthChecks</span><span class="p">()</span> <span class="p">.</span><span class="n">AddCheck</span><span class="p">&lt;</span><span class="n">OrderServiceHealthCheck</span><span class="p">&gt;(</span> <span class="n">name</span><span class="p">:</span> <span class="s">"order-service"</span><span class="p">,</span> <span class="n">failureStatus</span><span class="p">:</span> <span class="n">HealthStatus</span><span class="p">.</span><span class="n">Unhealthy</span><span class="p">,</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"orders"</span><span class="p">,</span> <span class="s">"database"</span><span class="p">]);</span> </code></pre> </div> <h3> Disk Space </h3> <p>A check that's almost always missing — and that bites you at the worst moment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">DiskSpaceHealthCheck</span> <span class="p">:</span> <span class="n">IHealthCheck</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">long</span> <span class="n">_minimumFreeBytesThreshold</span><span class="p">;</span> <span class="k">public</span> <span class="nf">DiskSpaceHealthCheck</span><span class="p">(</span><span class="kt">long</span> <span class="n">minimumFreeMegabytes</span> <span class="p">=</span> <span class="m">500</span><span class="p">)</span> <span class="p">{</span> <span class="n">_minimumFreeBytesThreshold</span> <span class="p">=</span> <span class="n">minimumFreeMegabytes</span> <span class="p">*</span> <span class="m">1024</span> <span class="p">*</span> <span class="m">1024</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">HealthCheckResult</span><span class="p">&gt;</span> <span class="nf">CheckHealthAsync</span><span class="p">(</span> <span class="n">HealthCheckContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">drive</span> <span class="p">=</span> <span class="n">DriveInfo</span><span class="p">.</span><span class="nf">GetDrives</span><span class="p">()</span> <span class="p">.</span><span class="nf">FirstOrDefault</span><span class="p">(</span><span class="n">d</span> <span class="p">=&gt;</span> <span class="n">d</span><span class="p">.</span><span class="n">IsReady</span> <span class="p">&amp;&amp;</span> <span class="n">d</span><span class="p">.</span><span class="n">Name</span> <span class="p">==</span> <span class="s">"/"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">drive</span> <span class="k">is</span> <span class="k">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">Task</span><span class="p">.</span><span class="nf">FromResult</span><span class="p">(</span><span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Unhealthy</span><span class="p">(</span><span class="s">"Root drive not found."</span><span class="p">));</span> <span class="p">}</span> <span class="kt">var</span> <span class="n">freeBytes</span> <span class="p">=</span> <span class="n">drive</span><span class="p">.</span><span class="n">AvailableFreeSpace</span><span class="p">;</span> <span class="kt">var</span> <span class="n">freeMb</span> <span class="p">=</span> <span class="n">freeBytes</span> <span class="p">/</span> <span class="p">(</span><span class="m">1024</span> <span class="p">*</span> <span class="m">1024</span><span class="p">);</span> <span class="kt">var</span> <span class="n">data</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">object</span><span class="p">&gt;</span> <span class="p">{</span> <span class="p">[</span><span class="s">"free_mb"</span><span class="p">]</span> <span class="p">=</span> <span class="n">freeMb</span><span class="p">,</span> <span class="p">[</span><span class="s">"total_mb"</span><span class="p">]</span> <span class="p">=</span> <span class="n">drive</span><span class="p">.</span><span class="n">TotalSize</span> <span class="p">/</span> <span class="p">(</span><span class="m">1024</span> <span class="p">*</span> <span class="m">1024</span><span class="p">)</span> <span class="p">};</span> <span class="k">if</span> <span class="p">(</span><span class="n">freeBytes</span> <span class="p">&lt;</span> <span class="n">_minimumFreeBytesThreshold</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">Task</span><span class="p">.</span><span class="nf">FromResult</span><span class="p">(</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Unhealthy</span><span class="p">(</span><span class="s">$"Low disk space: </span><span class="p">{</span><span class="n">freeMb</span><span class="p">}</span><span class="s"> MB free."</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">data</span><span class="p">));</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="n">freeBytes</span> <span class="p">&lt;</span> <span class="n">_minimumFreeBytesThreshold</span> <span class="p">*</span> <span class="m">2</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">Task</span><span class="p">.</span><span class="nf">FromResult</span><span class="p">(</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Degraded</span><span class="p">(</span><span class="s">$"Disk space getting low: </span><span class="p">{</span><span class="n">freeMb</span><span class="p">}</span><span class="s"> MB free."</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">data</span><span class="p">));</span> <span class="p">}</span> <span class="k">return</span> <span class="n">Task</span><span class="p">.</span><span class="nf">FromResult</span><span class="p">(</span><span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Healthy</span><span class="p">(</span><span class="n">data</span><span class="p">:</span> <span class="n">data</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Tagging Checks for Kubernetes Probes </h2> <p>This is where health checks go from useful to essential. Kubernetes uses three probes:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Probe</th> <th>Purpose</th> <th>Consequence if failing</th> </tr> </thead> <tbody> <tr> <td><strong>Liveness</strong></td> <td>Is the process alive?</td> <td>Restart the container</td> </tr> <tr> <td><strong>Readiness</strong></td> <td>Can it serve traffic?</td> <td>Remove from load balancer</td> </tr> <tr> <td><strong>Startup</strong></td> <td>Has it finished starting up?</td> <td>Don't check liveness/readiness yet</td> </tr> </tbody> </table></div> <p>You don't want a slow Redis to restart your pod. You want it to stop receiving traffic until Redis recovers. Tags let you route different checks to different endpoints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddHealthChecks</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddSqlServer</span><span class="p">(</span> <span class="n">connectionString</span><span class="p">:</span> <span class="n">connectionString</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="s">"sql-server"</span><span class="p">,</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"ready"</span><span class="p">])</span> <span class="c1">// readiness only</span> <span class="p">.</span><span class="nf">AddRedis</span><span class="p">(</span> <span class="n">redisConnectionString</span><span class="p">:</span> <span class="n">redisConnection</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="s">"redis"</span><span class="p">,</span> <span class="n">failureStatus</span><span class="p">:</span> <span class="n">HealthStatus</span><span class="p">.</span><span class="n">Degraded</span><span class="p">,</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"ready"</span><span class="p">])</span> <span class="c1">// readiness only</span> <span class="p">.</span><span class="n">AddCheck</span><span class="p">&lt;</span><span class="n">DiskSpaceHealthCheck</span><span class="p">&gt;(</span> <span class="n">name</span><span class="p">:</span> <span class="s">"disk-space"</span><span class="p">,</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"live"</span><span class="p">,</span> <span class="s">"ready"</span><span class="p">])</span> <span class="c1">// both</span> <span class="p">.</span><span class="n">AddCheck</span><span class="p">&lt;</span><span class="n">OrderServiceHealthCheck</span><span class="p">&gt;(</span> <span class="n">name</span><span class="p">:</span> <span class="s">"order-service"</span><span class="p">,</span> <span class="n">tags</span><span class="p">:</span> <span class="p">[</span><span class="s">"ready"</span><span class="p">]);</span> <span class="c1">// readiness only</span> </code></pre> </div> <p>Map separate endpoints filtered by tag:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Liveness — only checks the process is alive and has disk space</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapHealthChecks</span><span class="p">(</span><span class="s">"/health/live"</span><span class="p">,</span> <span class="k">new</span> <span class="n">HealthCheckOptions</span> <span class="p">{</span> <span class="n">Predicate</span> <span class="p">=</span> <span class="n">check</span> <span class="p">=&gt;</span> <span class="n">check</span><span class="p">.</span><span class="n">Tags</span><span class="p">.</span><span class="nf">Contains</span><span class="p">(</span><span class="s">"live"</span><span class="p">),</span> <span class="n">ResultStatusCodes</span> <span class="p">=</span> <span class="p">{</span> <span class="p">[</span><span class="n">HealthStatus</span><span class="p">.</span><span class="n">Healthy</span><span class="p">]</span> <span class="p">=</span> <span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status200OK</span><span class="p">,</span> <span class="p">[</span><span class="n">HealthStatus</span><span class="p">.</span><span class="n">Degraded</span><span class="p">]</span> <span class="p">=</span> <span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status200OK</span><span class="p">,</span> <span class="c1">// degraded still alive</span> <span class="p">[</span><span class="n">HealthStatus</span><span class="p">.</span><span class="n">Unhealthy</span><span class="p">]</span> <span class="p">=</span> <span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status503ServiceUnavailable</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Readiness — checks everything needed to serve requests</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapHealthChecks</span><span class="p">(</span><span class="s">"/health/ready"</span><span class="p">,</span> <span class="k">new</span> <span class="n">HealthCheckOptions</span> <span class="p">{</span> <span class="n">Predicate</span> <span class="p">=</span> <span class="n">check</span> <span class="p">=&gt;</span> <span class="n">check</span><span class="p">.</span><span class="n">Tags</span><span class="p">.</span><span class="nf">Contains</span><span class="p">(</span><span class="s">"ready"</span><span class="p">),</span> <span class="n">ResultStatusCodes</span> <span class="p">=</span> <span class="p">{</span> <span class="p">[</span><span class="n">HealthStatus</span><span class="p">.</span><span class="n">Healthy</span><span class="p">]</span> <span class="p">=</span> <span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status200OK</span><span class="p">,</span> <span class="p">[</span><span class="n">HealthStatus</span><span class="p">.</span><span class="n">Degraded</span><span class="p">]</span> <span class="p">=</span> <span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status200OK</span><span class="p">,</span> <span class="c1">// degraded can still serve</span> <span class="p">[</span><span class="n">HealthStatus</span><span class="p">.</span><span class="n">Unhealthy</span><span class="p">]</span> <span class="p">=</span> <span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status503ServiceUnavailable</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>Kubernetes configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">livenessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/health/live</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">15</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">3</span> <span class="na">readinessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/health/ready</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">3</span> <span class="na">startupProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/health/live</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">0</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">30</span> <span class="c1"># 30 * 5s = 150 seconds to start up</span> </code></pre> </div> <h2> Rich JSON Responses </h2> <p>By default, the health endpoint returns plain text (<code>Healthy</code>, <code>Degraded</code>, <code>Unhealthy</code>). For monitoring dashboards and debugging, you want JSON:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">app</span><span class="p">.</span><span class="nf">MapHealthChecks</span><span class="p">(</span><span class="s">"/health"</span><span class="p">,</span> <span class="k">new</span> <span class="n">HealthCheckOptions</span> <span class="p">{</span> <span class="n">ResponseWriter</span> <span class="p">=</span> <span class="n">WriteHealthCheckResponse</span> <span class="p">});</span> <span class="k">static</span> <span class="n">Task</span> <span class="nf">WriteHealthCheckResponse</span><span class="p">(</span><span class="n">HttpContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">HealthReport</span> <span class="n">report</span><span class="p">)</span> <span class="p">{</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">ContentType</span> <span class="p">=</span> <span class="s">"application/json"</span><span class="p">;</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">new</span> <span class="p">{</span> <span class="n">status</span> <span class="p">=</span> <span class="n">report</span><span class="p">.</span><span class="n">Status</span><span class="p">.</span><span class="nf">ToString</span><span class="p">(),</span> <span class="n">duration</span> <span class="p">=</span> <span class="n">report</span><span class="p">.</span><span class="n">TotalDuration</span><span class="p">.</span><span class="n">TotalMilliseconds</span><span class="p">,</span> <span class="n">checks</span> <span class="p">=</span> <span class="n">report</span><span class="p">.</span><span class="n">Entries</span><span class="p">.</span><span class="nf">Select</span><span class="p">(</span><span class="n">e</span> <span class="p">=&gt;</span> <span class="k">new</span> <span class="p">{</span> <span class="n">name</span> <span class="p">=</span> <span class="n">e</span><span class="p">.</span><span class="n">Key</span><span class="p">,</span> <span class="n">status</span> <span class="p">=</span> <span class="n">e</span><span class="p">.</span><span class="n">Value</span><span class="p">.</span><span class="n">Status</span><span class="p">.</span><span class="nf">ToString</span><span class="p">(),</span> <span class="n">description</span> <span class="p">=</span> <span class="n">e</span><span class="p">.</span><span class="n">Value</span><span class="p">.</span><span class="n">Description</span><span class="p">,</span> <span class="n">duration</span> <span class="p">=</span> <span class="n">e</span><span class="p">.</span><span class="n">Value</span><span class="p">.</span><span class="n">Duration</span><span class="p">.</span><span class="n">TotalMilliseconds</span><span class="p">,</span> <span class="n">data</span> <span class="p">=</span> <span class="n">e</span><span class="p">.</span><span class="n">Value</span><span class="p">.</span><span class="n">Data</span><span class="p">,</span> <span class="n">exception</span> <span class="p">=</span> <span class="n">e</span><span class="p">.</span><span class="n">Value</span><span class="p">.</span><span class="n">Exception</span><span class="p">?.</span><span class="n">Message</span> <span class="p">})</span> <span class="p">};</span> <span class="k">return</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="nf">WriteAsync</span><span class="p">(</span> <span class="n">JsonSerializer</span><span class="p">.</span><span class="nf">Serialize</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="k">new</span> <span class="n">JsonSerializerOptions</span> <span class="p">{</span> <span class="n">WriteIndented</span> <span class="p">=</span> <span class="k">true</span><span class="p">,</span> <span class="n">PropertyNamingPolicy</span> <span class="p">=</span> <span class="n">JsonNamingPolicy</span><span class="p">.</span><span class="n">SnakeCaseLower</span> <span class="p">}));</span> <span class="p">}</span> </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Degraded"</span><span class="p">,</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="mf">142.5</span><span class="p">,</span><span class="w"> </span><span class="nl">"checks"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sql-server"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Healthy"</span><span class="p">,</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="mf">12.3</span><span class="p">,</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">{}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"redis"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Degraded"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Redis connection timeout after 5000ms"</span><span class="p">,</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="mf">5001.2</span><span class="p">,</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">{}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"disk-space"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Healthy"</span><span class="p">,</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="mf">0.8</span><span class="p">,</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"free_mb"</span><span class="p">:</span><span class="w"> </span><span class="mi">42301</span><span class="p">,</span><span class="w"> </span><span class="nl">"total_mb"</span><span class="p">:</span><span class="w"> </span><span class="mi">102400</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Adding a Timeout per Check </h2> <p>A health check that hangs is worse than one that fails fast. Add a timeout so a slow dependency doesn't block the entire health endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">ExternalPaymentApiHealthCheck</span> <span class="p">:</span> <span class="n">IHealthCheck</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">HttpClient</span> <span class="n">_httpClient</span><span class="p">;</span> <span class="k">public</span> <span class="nf">ExternalPaymentApiHealthCheck</span><span class="p">(</span><span class="n">IHttpClientFactory</span> <span class="n">factory</span><span class="p">)</span> <span class="p">{</span> <span class="n">_httpClient</span> <span class="p">=</span> <span class="n">factory</span><span class="p">.</span><span class="nf">CreateClient</span><span class="p">(</span><span class="s">"payment-api"</span><span class="p">);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">HealthCheckResult</span><span class="p">&gt;</span> <span class="nf">CheckHealthAsync</span><span class="p">(</span> <span class="n">HealthCheckContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">cts</span> <span class="p">=</span> <span class="n">CancellationTokenSource</span><span class="p">.</span><span class="nf">CreateLinkedTokenSource</span><span class="p">(</span><span class="n">cancellationToken</span><span class="p">);</span> <span class="n">cts</span><span class="p">.</span><span class="nf">CancelAfter</span><span class="p">(</span><span class="n">TimeSpan</span><span class="p">.</span><span class="nf">FromSeconds</span><span class="p">(</span><span class="m">3</span><span class="p">));</span> <span class="c1">// never wait more than 3 seconds</span> <span class="k">try</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_httpClient</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">(</span><span class="s">"/ping"</span><span class="p">,</span> <span class="n">cts</span><span class="p">.</span><span class="n">Token</span><span class="p">);</span> <span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">IsSuccessStatusCode</span> <span class="p">?</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Healthy</span><span class="p">()</span> <span class="p">:</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Degraded</span><span class="p">(</span><span class="s">$"Payment API returned </span><span class="p">{(</span><span class="kt">int</span><span class="p">)</span><span class="n">response</span><span class="p">.</span><span class="n">StatusCode</span><span class="p">}</span><span class="s">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">OperationCanceledException</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Degraded</span><span class="p">(</span><span class="s">"Payment API timed out after 3 seconds."</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Unhealthy</span><span class="p">(</span><span class="s">"Payment API unreachable."</span><span class="p">,</span> <span class="n">ex</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Common Mistakes </h2> <h3> Mistake 1: Exposing health check details publicly </h3> <p>The JSON response with database names, connection info hints, and exception messages shouldn't be public. I've seen exception stack traces leak connection strings through a public <code>/health/detail</code> endpoint. Restrict it.</p> <p>The simplest option is filtering by host:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Public endpoint — minimal response</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapHealthChecks</span><span class="p">(</span><span class="s">"/health"</span><span class="p">,</span> <span class="k">new</span> <span class="n">HealthCheckOptions</span> <span class="p">{</span> <span class="n">ResponseWriter</span> <span class="p">=</span> <span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">report</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">ctx</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">ContentType</span> <span class="p">=</span> <span class="s">"text/plain"</span><span class="p">;</span> <span class="k">return</span> <span class="n">ctx</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="nf">WriteAsync</span><span class="p">(</span><span class="n">report</span><span class="p">.</span><span class="n">Status</span><span class="p">.</span><span class="nf">ToString</span><span class="p">());</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Internal endpoint — full details, restricted by host</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapHealthChecks</span><span class="p">(</span><span class="s">"/health/detail"</span><span class="p">,</span> <span class="k">new</span> <span class="n">HealthCheckOptions</span> <span class="p">{</span> <span class="n">ResponseWriter</span> <span class="p">=</span> <span class="n">WriteHealthCheckResponse</span> <span class="p">}).</span><span class="nf">RequireHost</span><span class="p">(</span><span class="s">"*.internal.mycompany.com"</span><span class="p">);</span> </code></pre> </div> <p>But in corporate environments with a Service Mesh like Istio, filtering by host can be unreliable — the mesh rewrites headers and internal routing makes <code>RequireHost</code> unpredictable. In those cases, a simple API key middleware is more robust:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">app</span><span class="p">.</span><span class="nf">MapHealthChecks</span><span class="p">(</span><span class="s">"/health/detail"</span><span class="p">,</span> <span class="k">new</span> <span class="n">HealthCheckOptions</span> <span class="p">{</span> <span class="n">ResponseWriter</span> <span class="p">=</span> <span class="n">WriteHealthCheckResponse</span> <span class="p">}).</span><span class="nf">AddEndpointFilter</span><span class="p">(</span><span class="k">async</span> <span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">next</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">config</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="n">HttpContext</span><span class="p">.</span><span class="n">RequestServices</span><span class="p">.</span><span class="n">GetRequiredService</span><span class="p">&lt;</span><span class="n">IConfiguration</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">expectedKey</span> <span class="p">=</span> <span class="n">config</span><span class="p">[</span><span class="s">"HealthChecks:ApiKey"</span><span class="p">];</span> <span class="kt">var</span> <span class="n">providedKey</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="n">HttpContext</span><span class="p">.</span><span class="n">Request</span><span class="p">.</span><span class="n">Headers</span><span class="p">[</span><span class="s">"X-Health-Key"</span><span class="p">].</span><span class="nf">FirstOrDefault</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="kt">string</span><span class="p">.</span><span class="nf">IsNullOrEmpty</span><span class="p">(</span><span class="n">expectedKey</span><span class="p">)</span> <span class="p">||</span> <span class="n">providedKey</span> <span class="p">!=</span> <span class="n">expectedKey</span><span class="p">)</span> <span class="p">{</span> <span class="n">context</span><span class="p">.</span><span class="n">HttpContext</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">StatusCode</span> <span class="p">=</span> <span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status401Unauthorized</span><span class="p">;</span> <span class="k">return</span> <span class="n">Results</span><span class="p">.</span><span class="nf">Unauthorized</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">next</span><span class="p">(</span><span class="n">context</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Store the key in your secrets manager, not in <code>appsettings.json</code>. Your monitoring tool sends it as a header. No network topology assumptions needed.</p> <h3> Mistake 2: Running expensive checks too frequently </h3> <p>Kubernetes probes can run every 5-10 seconds. A check that runs a full database query on every probe request adds load you don't need. Cache the result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">CachedDatabaseHealthCheck</span> <span class="p">:</span> <span class="n">IHealthCheck</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IDbConnectionFactory</span> <span class="n">_factory</span><span class="p">;</span> <span class="k">private</span> <span class="n">HealthCheckResult</span> <span class="n">_cachedResult</span> <span class="p">=</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Healthy</span><span class="p">();</span> <span class="k">private</span> <span class="n">DateTime</span> <span class="n">_lastCheck</span> <span class="p">=</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">MinValue</span><span class="p">;</span> <span class="k">private</span> <span class="k">static</span> <span class="k">readonly</span> <span class="n">TimeSpan</span> <span class="n">CacheDuration</span> <span class="p">=</span> <span class="n">TimeSpan</span><span class="p">.</span><span class="nf">FromSeconds</span><span class="p">(</span><span class="m">30</span><span class="p">);</span> <span class="k">public</span> <span class="nf">CachedDatabaseHealthCheck</span><span class="p">(</span><span class="n">IDbConnectionFactory</span> <span class="n">factory</span><span class="p">)</span> <span class="p">{</span> <span class="n">_factory</span> <span class="p">=</span> <span class="n">factory</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">HealthCheckResult</span><span class="p">&gt;</span> <span class="nf">CheckHealthAsync</span><span class="p">(</span> <span class="n">HealthCheckContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span> <span class="p">-</span> <span class="n">_lastCheck</span> <span class="p">&lt;</span> <span class="n">CacheDuration</span><span class="p">)</span> <span class="k">return</span> <span class="n">_cachedResult</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">conn</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_factory</span><span class="p">.</span><span class="nf">CreateConnectionAsync</span><span class="p">(</span><span class="n">cancellationToken</span><span class="p">);</span> <span class="k">await</span> <span class="n">conn</span><span class="p">.</span><span class="nf">ExecuteAsync</span><span class="p">(</span><span class="s">"SELECT 1"</span><span class="p">);</span> <span class="n">_cachedResult</span> <span class="p">=</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Healthy</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="n">_cachedResult</span> <span class="p">=</span> <span class="n">HealthCheckResult</span><span class="p">.</span><span class="nf">Unhealthy</span><span class="p">(</span><span class="s">"Database check failed."</span><span class="p">,</span> <span class="n">ex</span><span class="p">);</span> <span class="p">}</span> <span class="n">_lastCheck</span> <span class="p">=</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span><span class="p">;</span> <span class="k">return</span> <span class="n">_cachedResult</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Mistake 3: Using the same endpoint for liveness and readiness </h3> <p>If your database is down and readiness returns <code>503</code>, Kubernetes will also restart your pod if that same endpoint is used for liveness. You end up in a restart loop for a problem that has nothing to do with your process health. Always separate them.</p> <h3> Mistake 4: Not checking the things that actually fail </h3> <p>A health check that only verifies the process is running adds zero observability. Check the things that have actually caused incidents: the database, the message broker, the external APIs your service depends on, the file system if you write logs or uploads.</p> <h2> Best Practices </h2> <p><strong>Name your checks clearly.</strong> <code>sql-server</code>, <code>redis-cache</code>, <code>stripe-api</code> — names that appear in logs and dashboards should be immediately recognizable.</p> <p><strong>Use <code>Degraded</code> generously.</strong> Not every problem is <code>Unhealthy</code>. A slow cache, a high queue depth, a non-critical external service being down — these deserve <code>Degraded</code>, not a pod restart.</p> <p><strong>Always include data in your results.</strong> Queue depth, free disk space, response times — the data dictionary in <code>HealthCheckResult</code> is your debugging surface when something goes wrong at 2am.</p> <p><strong>Test your health checks in staging.</strong> Deliberately take down your database and verify the readiness probe returns <code>503</code> and pods stop receiving traffic. Don't discover your health check doesn't work during an actual incident.</p> <p><strong>Register health checks as singletons or transient carefully.</strong> If your check holds state (like the cached result above), register it as a singleton. If it takes a scoped dependency like <code>DbContext</code>, register it as transient and resolve dependencies per-check execution.</p> <h2> Bonus: HealthCheck UI in Two Lines </h2> <p>If you want to impress a client or a manager with minimal effort, install the UI package:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package AspNetCore.HealthChecks.UI dotnet add package AspNetCore.HealthChecks.UI.InMemory.Storage </code></pre> </div> <p>Configure it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddHealthChecksUI</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="nf">SetEvaluationTimeInSeconds</span><span class="p">(</span><span class="m">30</span><span class="p">);</span> <span class="c1">// poll every 30 seconds</span> <span class="n">options</span><span class="p">.</span><span class="nf">AddHealthCheckEndpoint</span><span class="p">(</span><span class="s">"API"</span><span class="p">,</span> <span class="s">"/health/detail"</span><span class="p">);</span> <span class="p">}).</span><span class="nf">AddInMemoryStorage</span><span class="p">();</span> <span class="c1">// After app.MapHealthChecks(...)</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapHealthChecksUI</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="n">options</span><span class="p">.</span><span class="n">UIPath</span> <span class="p">=</span> <span class="s">"/health-ui"</span><span class="p">);</span> </code></pre> </div> <p>Navigate to <code>/health-ui</code> and you get a live dashboard showing the status of every check, historical trend, and response times — all generated from the JSON your endpoint already returns.</p> <p>It's not something you'd expose publicly, but for internal dashboards, staging environments, or a demo to stakeholders it's genuinely useful. One caveat: <code>AddInMemoryStorage</code> resets history on restart. For persistent history use <code>AspNetCore.HealthChecks.UI.SqlServer.Storage</code> or the PostgreSQL equivalent.</p> <h2> Conclusion </h2> <p>A health endpoint that always returns <code>200 OK</code> isn't a health check — it's a heartbeat. The difference matters at 2am when your database connection pool is exhausted, your Redis cluster is split-brained, or your disk is 98% full and nobody noticed.</p> <p>The silent outage I described at the start? It cost us two hours of debugging because every signal said "healthy". Once we had real health checks in place, the next incident took ten minutes to diagnose — the Redis check was <code>Degraded</code>, the readiness probe had already removed that pod from rotation, and the logs had the exact connection timeout.</p> <p>The setup takes an hour. The payoff is every incident after that.</p> <ul> <li>One liveness endpoint — is the process worth keeping alive?</li> <li>One readiness endpoint — is it ready to serve traffic right now?</li> <li>Custom checks for every dependency that has caused an incident before</li> <li>Rich JSON so you know <em>why</em>, not just <em>that</em> </li> <li>And if you want bonus points with your team, the UI takes five minutes</li> </ul> <p><em>Questions? Found an issue with the examples? Open an issue on <a href="https://github.com/AdrianBailador/aspnetcore-health-checks-demo" rel="noopener noreferrer">GitHub</a>.</em></p> dotnet csharp kubernetes devops Adrián Bailador Sun, 05 Apr 2026 11:38:54 +0000 https://forem.com/adrianbailador/iasyncenumerable-in-c-streaming-data-without-loading-everything-into-memory-35d4 https://forem.com/adrianbailador/iasyncenumerable-in-c-streaming-data-without-loading-everything-into-memory-35d4 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyw7q5droruqpyjxp784i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyw7q5droruqpyjxp784i.png" alt=" " width="800" height="479"></a></p> <p>My API crashed in production. 500,000 database records, a List, and a server with 8GB RAM. The math didn't work.</p> <p>I spent two hours staring at the logs before I understood what happened. The fix took ten minutes. This is what I learned — and how it will save you the same headache.</p> <h2> The Problem We're Solving </h2> <p>I know, I know. You've written this a hundred times:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ The problem: 1 million records in memory</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">List</span><span class="p">&lt;</span><span class="n">LogEntry</span><span class="p">&gt;&gt;</span> <span class="nf">GetAllLogsAsync</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="n">_context</span><span class="p">.</span><span class="n">LogEntries</span><span class="p">.</span><span class="nf">ToListAsync</span><span class="p">();</span> <span class="c1">// Boom! Memory explosion</span> <span class="p">}</span> </code></pre> </div> <p>For a handful of records? Fine. But the day your dataset grows beyond what fits in RAM, that innocent <code>ToListAsync()</code> becomes a ticking bomb.</p> <h2> What Is IAsyncEnumerable? </h2> <p>Introduced in C# 8.0 (.NET Core 3.0), <code>IAsyncEnumerable&lt;T&gt;</code> lets you <strong>stream data asynchronously</strong> — processing items one by one as they arrive, without ever holding the full collection in memory. Think of it like reading a book page by page instead of photocopying the entire thing before you start.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ✅ The solution: stream as data arrives</span> <span class="k">public</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">LogEntry</span><span class="p">&gt;</span> <span class="nf">StreamLogsAsync</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="n">_context</span><span class="p">.</span><span class="n">LogEntries</span><span class="p">.</span><span class="nf">AsAsyncEnumerable</span><span class="p">();</span> <span class="c1">// Memory-efficient</span> <span class="p">}</span> </code></pre> </div> <h2> Production-Grade Patterns </h2> <p>These are the four patterns I reach for most often. Not theory — things I've actually shipped.</p> <h3> Pattern 1: Entity Framework Core Streaming </h3> <p>This is where most people start, and for good reason. If you have EF Core and a table that grows over time, you need this pattern sooner or later.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">LogRepository</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">AppDbContext</span> <span class="n">_context</span><span class="p">;</span> <span class="k">public</span> <span class="nf">LogRepository</span><span class="p">(</span><span class="n">AppDbContext</span> <span class="n">context</span><span class="p">)</span> <span class="p">{</span> <span class="n">_context</span> <span class="p">=</span> <span class="n">context</span><span class="p">;</span> <span class="p">}</span> <span class="c1">/// &lt;summary&gt;</span> <span class="c1">/// Streams logs matching criteria without loading all into memory.</span> <span class="c1">/// WARNING: Do NOT use with OrderBy/Limit without careful consideration.</span> <span class="c1">/// &lt;/summary&gt;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">LogEntry</span><span class="p">&gt;</span> <span class="nf">StreamLogsAsync</span><span class="p">(</span> <span class="n">DateTime</span> <span class="k">from</span><span class="p">,</span> <span class="n">DateTime</span> <span class="n">to</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">log</span> <span class="k">in</span> <span class="n">_context</span><span class="p">.</span><span class="n">LogEntries</span> <span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">l</span> <span class="p">=&gt;</span> <span class="n">l</span><span class="p">.</span><span class="n">Timestamp</span> <span class="p">&gt;=</span> <span class="k">from</span> <span class="p">&amp;&amp;</span> <span class="n">l</span><span class="p">.</span><span class="n">Timestamp</span> <span class="p">&lt;=</span> <span class="n">to</span><span class="p">)</span> <span class="p">.</span><span class="nf">AsAsyncEnumerable</span><span class="p">()</span> <span class="p">.</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">log</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">/// &lt;summary&gt;</span> <span class="c1">/// Chunks large exports to prevent connection timeouts.</span> <span class="c1">/// &lt;/summary&gt;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">IReadOnlyList</span><span class="p">&lt;</span><span class="n">LogEntry</span><span class="p">&gt;&gt;</span> <span class="nf">StreamBatchedLogsAsync</span><span class="p">(</span> <span class="kt">int</span> <span class="n">batchSize</span> <span class="p">=</span> <span class="m">1000</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">query</span> <span class="p">=</span> <span class="n">_context</span><span class="p">.</span><span class="n">LogEntries</span> <span class="p">.</span><span class="nf">OrderBy</span><span class="p">(</span><span class="n">l</span> <span class="p">=&gt;</span> <span class="n">l</span><span class="p">.</span><span class="n">Id</span><span class="p">)</span> <span class="p">.</span><span class="nf">AsAsyncEnumerable</span><span class="p">();</span> <span class="kt">var</span> <span class="n">batch</span> <span class="p">=</span> <span class="k">new</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">LogEntry</span><span class="p">&gt;(</span><span class="n">batchSize</span><span class="p">);</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">log</span> <span class="k">in</span> <span class="n">query</span><span class="p">.</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="n">batch</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="n">log</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">batch</span><span class="p">.</span><span class="n">Count</span> <span class="p">&gt;=</span> <span class="n">batchSize</span><span class="p">)</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">batch</span><span class="p">.</span><span class="nf">ToList</span><span class="p">();</span> <span class="n">batch</span><span class="p">.</span><span class="nf">Clear</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Don't forget the partial batch</span> <span class="k">if</span> <span class="p">(</span><span class="n">batch</span><span class="p">.</span><span class="n">Count</span> <span class="p">&gt;</span> <span class="m">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">batch</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Pattern 2: HttpClient Streaming with JSON </h3> <p>Third-party APIs that return thousands of records in a single response are surprisingly common. Without streaming, you buffer the entire response before deserializing a single object. <code>HttpCompletionOption.ResponseHeadersRead</code> is the line that changes everything here — don't forget it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">StreamingApiClient</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">HttpClient</span> <span class="n">_httpClient</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">JsonSerializerOptions</span> <span class="n">_jsonOptions</span><span class="p">;</span> <span class="k">public</span> <span class="nf">StreamingApiClient</span><span class="p">(</span><span class="n">HttpClient</span> <span class="n">httpClient</span><span class="p">)</span> <span class="p">{</span> <span class="n">_httpClient</span> <span class="p">=</span> <span class="n">httpClient</span><span class="p">;</span> <span class="n">_jsonOptions</span> <span class="p">=</span> <span class="k">new</span> <span class="n">JsonSerializerOptions</span> <span class="p">{</span> <span class="n">PropertyNameCaseInsensitive</span> <span class="p">=</span> <span class="k">true</span><span class="p">,</span> <span class="n">DefaultBufferSize</span> <span class="p">=</span> <span class="m">4096</span> <span class="c1">// Tune for your payload size</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">/// &lt;summary&gt;</span> <span class="c1">/// Streams items from an NDJSON endpoint.</span> <span class="c1">/// Each line is a separate JSON object.</span> <span class="c1">/// &lt;/summary&gt;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="n">StreamFromNdJsonAsync</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span> <span class="kt">string</span> <span class="n">url</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_httpClient</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">(</span> <span class="n">url</span><span class="p">,</span> <span class="n">HttpCompletionOption</span><span class="p">.</span><span class="n">ResponseHeadersRead</span><span class="p">,</span> <span class="c1">// Critical: stream, don't buffer</span> <span class="n">ct</span><span class="p">);</span> <span class="n">response</span><span class="p">.</span><span class="nf">EnsureSuccessStatusCode</span><span class="p">();</span> <span class="k">await</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">stream</span> <span class="p">=</span> <span class="k">await</span> <span class="n">response</span><span class="p">.</span><span class="n">Content</span><span class="p">.</span><span class="nf">ReadAsStreamAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">reader</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">StreamReader</span><span class="p">(</span><span class="n">stream</span><span class="p">,</span> <span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">);</span> <span class="kt">string</span><span class="p">?</span> <span class="n">line</span><span class="p">;</span> <span class="k">while</span> <span class="p">((</span><span class="n">line</span> <span class="p">=</span> <span class="k">await</span> <span class="n">reader</span><span class="p">.</span><span class="nf">ReadLineAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">!=</span> <span class="k">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="kt">string</span><span class="p">.</span><span class="nf">IsNullOrWhiteSpace</span><span class="p">(</span><span class="n">line</span><span class="p">))</span> <span class="k">continue</span><span class="p">;</span> <span class="c1">// Deserialize each line independently</span> <span class="kt">var</span> <span class="n">item</span> <span class="p">=</span> <span class="n">JsonSerializer</span><span class="p">.</span><span class="n">Deserialize</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span><span class="n">line</span><span class="p">,</span> <span class="n">_jsonOptions</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">item</span> <span class="p">!=</span> <span class="k">null</span><span class="p">)</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">item</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">/// &lt;summary&gt;</span> <span class="c1">/// Streams using System.Text.Json's built-in async deserialization.</span> <span class="c1">/// Requires JSON array format: [{}, {}, {}]</span> <span class="c1">/// &lt;/summary&gt;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="n">StreamJsonArrayAsync</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span> <span class="kt">string</span> <span class="n">url</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_httpClient</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">(</span> <span class="n">url</span><span class="p">,</span> <span class="n">HttpCompletionOption</span><span class="p">.</span><span class="n">ResponseHeadersRead</span><span class="p">,</span> <span class="n">ct</span><span class="p">);</span> <span class="n">response</span><span class="p">.</span><span class="nf">EnsureSuccessStatusCode</span><span class="p">();</span> <span class="k">await</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">stream</span> <span class="p">=</span> <span class="k">await</span> <span class="n">response</span><span class="p">.</span><span class="n">Content</span><span class="p">.</span><span class="nf">ReadAsStreamAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">JsonSerializer</span><span class="p">.</span><span class="n">DeserializeAsyncEnumerable</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span> <span class="n">stream</span><span class="p">,</span> <span class="n">_jsonOptions</span><span class="p">,</span> <span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">item</span> <span class="p">!=</span> <span class="k">null</span><span class="p">)</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">item</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Pattern 3: File Processing Pipeline </h3> <p>CSV imports, log analysis, data migrations — anything that reads a file line by line and does something with each row. The key insight here is that you can chain multiple <code>IAsyncEnumerable&lt;T&gt;</code> methods into a pipeline where memory stays flat regardless of file size.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">LogFileProcessor</span> <span class="p">{</span> <span class="c1">/// &lt;summary&gt;</span> <span class="c1">/// Reads, transforms, and writes logs in a streaming pipeline.</span> <span class="c1">/// Memory usage stays constant regardless of file size.</span> <span class="c1">/// &lt;/summary&gt;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">ProcessedLog</span><span class="p">&gt;</span> <span class="nf">ProcessLogFileAsync</span><span class="p">(</span> <span class="kt">string</span> <span class="n">filePath</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">rawLog</span> <span class="k">in</span> <span class="nf">ReadLinesAsync</span><span class="p">(</span><span class="n">filePath</span><span class="p">,</span> <span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Transform on the fly - no memory buildup</span> <span class="k">if</span> <span class="p">(</span><span class="nf">TryParseLog</span><span class="p">(</span><span class="n">rawLog</span><span class="p">,</span> <span class="k">out</span> <span class="kt">var</span> <span class="n">parsed</span><span class="p">))</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">enriched</span> <span class="p">=</span> <span class="k">await</span> <span class="nf">EnrichLogAsync</span><span class="p">(</span><span class="n">parsed</span><span class="p">,</span> <span class="n">ct</span><span class="p">);</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">enriched</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">private</span> <span class="k">static</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;</span> <span class="nf">ReadLinesAsync</span><span class="p">(</span> <span class="kt">string</span> <span class="n">path</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">reader</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">StreamReader</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">);</span> <span class="kt">string</span><span class="p">?</span> <span class="n">line</span><span class="p">;</span> <span class="k">while</span> <span class="p">((</span><span class="n">line</span> <span class="p">=</span> <span class="k">await</span> <span class="n">reader</span><span class="p">.</span><span class="nf">ReadLineAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">!=</span> <span class="k">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">line</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">private</span> <span class="k">static</span> <span class="kt">bool</span> <span class="nf">TryParseLog</span><span class="p">(</span><span class="kt">string</span> <span class="n">raw</span><span class="p">,</span> <span class="k">out</span> <span class="n">ParsedLog</span> <span class="n">parsed</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Your parsing logic here</span> <span class="n">parsed</span> <span class="p">=</span> <span class="k">default</span><span class="p">!;</span> <span class="k">return</span> <span class="k">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="k">static</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">ProcessedLog</span><span class="p">&gt;</span> <span class="nf">EnrichLogAsync</span><span class="p">(</span> <span class="n">ParsedLog</span> <span class="n">log</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Async enrichment (e.g., lookup user info)</span> <span class="k">await</span> <span class="n">Task</span><span class="p">.</span><span class="nf">Delay</span><span class="p">(</span><span class="m">1</span><span class="p">,</span> <span class="n">ct</span><span class="p">);</span> <span class="c1">// Simulate async work</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">ProcessedLog</span><span class="p">(</span><span class="n">log</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">ParsedLog</span><span class="p">(</span><span class="kt">string</span> <span class="n">Timestamp</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Level</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Message</span><span class="p">);</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">ProcessedLog</span><span class="p">(</span><span class="n">ParsedLog</span> <span class="n">Original</span><span class="p">);</span> </code></pre> </div> <h3> Pattern 4: Controller Action with Streaming Response </h3> <p>ASP.NET Core handles <code>IAsyncEnumerable&lt;T&gt;</code> return types natively — it serializes as NDJSON and starts sending data to the client immediately. The client doesn't wait for the full dataset; it starts receiving records as soon as the first one is ready.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">ApiController</span><span class="p">]</span> <span class="p">[</span><span class="nf">Route</span><span class="p">(</span><span class="s">"api/[controller]"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ReportsController</span> <span class="p">:</span> <span class="n">ControllerBase</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IReportService</span> <span class="n">_reportService</span><span class="p">;</span> <span class="k">public</span> <span class="nf">ReportsController</span><span class="p">(</span><span class="n">IReportService</span> <span class="n">reportService</span><span class="p">)</span> <span class="p">{</span> <span class="n">_reportService</span> <span class="p">=</span> <span class="n">reportService</span><span class="p">;</span> <span class="p">}</span> <span class="c1">/// &lt;summary&gt;</span> <span class="c1">/// Streams CSV data directly to the client.</span> <span class="c1">/// Client starts receiving data immediately, no server buffering.</span> <span class="c1">/// &lt;/summary&gt;</span> <span class="p">[</span><span class="nf">HttpGet</span><span class="p">(</span><span class="s">"export"</span><span class="p">)]</span> <span class="k">public</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">ReportRow</span><span class="p">&gt;</span> <span class="nf">ExportData</span><span class="p">(</span> <span class="p">[</span><span class="n">FromQuery</span><span class="p">]</span> <span class="n">DateTime</span> <span class="k">from</span><span class="p">,</span> <span class="p">[</span><span class="n">FromQuery</span><span class="p">]</span> <span class="n">DateTime</span> <span class="n">to</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ASP.NET Core automatically serializes IAsyncEnumerable as NDJSON</span> <span class="c1">// or use custom formatting for CSV</span> <span class="k">return</span> <span class="n">_reportService</span><span class="p">.</span><span class="nf">StreamReportAsync</span><span class="p">(</span><span class="k">from</span><span class="p">,</span> <span class="n">to</span><span class="p">,</span> <span class="n">ct</span><span class="p">);</span> <span class="p">}</span> <span class="c1">/// &lt;summary&gt;</span> <span class="c1">/// Custom streaming for Server-Sent Events (SSE).</span> <span class="c1">/// &lt;/summary&gt;</span> <span class="p">[</span><span class="nf">HttpGet</span><span class="p">(</span><span class="s">"live-events"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">ServerSentEvent</span><span class="p">&gt;</span> <span class="nf">GetLiveEvents</span><span class="p">(</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">evt</span> <span class="k">in</span> <span class="n">_reportService</span><span class="p">.</span><span class="nf">SubscribeToEventsAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="k">new</span> <span class="n">ServerSentEvent</span> <span class="p">{</span> <span class="n">Id</span> <span class="p">=</span> <span class="n">evt</span><span class="p">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">Event</span> <span class="p">=</span> <span class="n">evt</span><span class="p">.</span><span class="n">Type</span><span class="p">,</span> <span class="n">Data</span> <span class="p">=</span> <span class="n">JsonSerializer</span><span class="p">.</span><span class="nf">Serialize</span><span class="p">(</span><span class="n">evt</span><span class="p">.</span><span class="n">Payload</span><span class="p">)</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">ReportRow</span><span class="p">(</span><span class="kt">string</span> <span class="n">Id</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Name</span><span class="p">,</span> <span class="kt">decimal</span> <span class="n">Value</span><span class="p">);</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">ServerSentEvent</span><span class="p">(</span><span class="kt">string</span> <span class="n">Id</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Event</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Data</span><span class="p">);</span> </code></pre> </div> <h2> Before vs After: Performance Comparison </h2> <p>Let's make it concrete. Same data, same operation, two approaches.</p> <h3> The Old Way: List (Before) </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">List</span><span class="p">&lt;</span><span class="n">LargeRecord</span><span class="p">&gt;&gt;</span> <span class="nf">ProcessAllRecordsAsync</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Memory: O(n) - grows with dataset size</span> <span class="c1">// Time to first result: O(n) - wait for all</span> <span class="kt">var</span> <span class="n">allRecords</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_repository</span><span class="p">.</span><span class="nf">GetAllAsync</span><span class="p">();</span> <span class="kt">var</span> <span class="n">processed</span> <span class="p">=</span> <span class="k">new</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">LargeRecord</span><span class="p">&gt;();</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="k">record</span> <span class="nc">in</span> <span class="n">allRecords</span><span class="p">)</span> <span class="p">{</span> <span class="n">processed</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="k">await</span> <span class="nf">ProcessAsync</span><span class="p">(</span><span class="k">record</span><span class="err">));</span> <span class="err">}</span> <span class="nc">return</span> <span class="n">processed</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Usage - memory spikes here</span> <span class="kt">var</span> <span class="n">results</span> <span class="p">=</span> <span class="k">await</span> <span class="nf">ProcessAllRecordsAsync</span><span class="p">();</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">results</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">WriteToDiskAsync</span><span class="p">(</span><span class="n">item</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>1M records at 100KB each — what actually happens:</strong></p> <ul> <li>Peak Memory: ~95 GB (yes, gigabytes)</li> <li>Time to first output: 45 seconds of waiting</li> <li>Result: <strong>OutOfMemoryException</strong> — your server gives up before you do</li> </ul> <h3> The New Way: IAsyncEnumerable (After) </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">LargeRecord</span><span class="p">&gt;</span> <span class="nf">ProcessAllRecordsAsync</span><span class="p">(</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Memory: O(1) - constant regardless of dataset size</span> <span class="c1">// Time to first result: O(1) - immediate streaming</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="k">record</span> <span class="nc">in</span> <span class="n">_repository</span><span class="p">.</span><span class="nf">StreamAllAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">ProcessAsync</span><span class="p">(</span><span class="k">record</span><span class="err">);</span> <span class="err">}</span> <span class="err">}</span> <span class="c1">// Usage - constant memory footprint</span> <span class="nc">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="nf">ProcessAllRecordsAsync</span><span class="p">().</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">WriteToDiskAsync</span><span class="p">(</span><span class="n">item</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Same 1M records — completely different story:</strong></p> <ul> <li>Peak Memory: ~150 MB (constant, regardless of dataset size)</li> <li>Time to first output: 50ms — the client starts receiving data almost instantly</li> <li>Result: <strong>Smooth streaming, server stays healthy</strong> </li> </ul> <h3> BenchmarkDotNet Results </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faynkktzzkpbcnbzvtx6m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faynkktzzkpbcnbzvtx6m.png" alt=" " width="800" height="366"></a></p> <h2> Common Errors and How to Fix Them </h2> <p>I've made every single one of these. You don't have to.</p> <h3> Error 1: Forgetting CancellationToken </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Bad: No way to cancel mid-stream</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">Item</span><span class="p">&gt;</span> <span class="nf">GetItemsAsync</span><span class="p">()</span> <span class="p">{</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">_source</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">())</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">item</span><span class="p">;</span> <span class="c1">// Can't cancel this!</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// ✅ Good: Always include cancellation support</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">Item</span><span class="p">&gt;</span> <span class="nf">GetItemsAsync</span><span class="p">(</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">_source</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">().</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">item</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Error 2: Buffering with ToListAsync() </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Bad: You just defeated the purpose</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">List</span><span class="p">&lt;</span><span class="n">Item</span><span class="p">&gt;&gt;</span> <span class="nf">GetItemsAsync</span><span class="p">()</span> <span class="c1">// Returns List&lt;T&gt;, not IAsyncEnumerable</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">items</span> <span class="p">=</span> <span class="k">new</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">Item</span><span class="p">&gt;();</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">_source</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">())</span> <span class="p">{</span> <span class="n">items</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="n">item</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="n">items</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// ✅ Good: Return IAsyncEnumerable&lt;T&gt; directly</span> <span class="k">public</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">Item</span><span class="p">&gt;</span> <span class="nf">GetItemsAsync</span><span class="p">(</span><span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">_source</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">();</span> <span class="c1">// Stream through</span> <span class="p">}</span> </code></pre> </div> <h3> Error 3: Disposing Resources Too Early </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Bad: reader disposed before streaming completes</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;</span> <span class="nf">ReadFileAsync</span><span class="p">(</span><span class="kt">string</span> <span class="n">path</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">reader</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">StreamReader</span><span class="p">(</span><span class="n">path</span><span class="p">);</span> <span class="c1">// Disposed on first yield!</span> <span class="k">while</span> <span class="p">(</span><span class="k">await</span> <span class="n">reader</span><span class="p">.</span><span class="nf">ReadLineAsync</span><span class="p">()</span> <span class="k">is</span> <span class="p">{</span> <span class="p">}</span> <span class="n">line</span><span class="p">)</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">line</span><span class="p">;</span> <span class="c1">// reader is already disposed</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// ✅ Good: Keep scope alive</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;</span> <span class="nf">ReadFileAsync</span><span class="p">(</span> <span class="kt">string</span> <span class="n">path</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">reader</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">StreamReader</span><span class="p">(</span><span class="n">path</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="k">while</span> <span class="p">(</span><span class="k">await</span> <span class="n">reader</span><span class="p">.</span><span class="nf">ReadLineAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">)</span> <span class="k">is</span> <span class="p">{</span> <span class="p">}</span> <span class="n">line</span><span class="p">)</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">line</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="c1">// reader disposed when iteration completes or breaks</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Error 4: Not Configuring DbContext Lifetime </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Bad: Scoped DbContext disposed mid-stream in ASP.NET Core</span> <span class="p">[</span><span class="nf">HttpGet</span><span class="p">(</span><span class="s">"stream"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">Order</span><span class="p">&gt;</span> <span class="nf">GetOrders</span><span class="p">()</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">db</span> <span class="p">=</span> <span class="n">_serviceProvider</span><span class="p">.</span><span class="n">GetRequiredService</span><span class="p">&lt;</span><span class="n">OrderDbContext</span><span class="p">&gt;();</span> <span class="c1">// db will be disposed after the action method returns!</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">order</span> <span class="k">in</span> <span class="n">db</span><span class="p">.</span><span class="n">Orders</span><span class="p">.</span><span class="nf">AsAsyncEnumerable</span><span class="p">())</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">order</span><span class="p">;</span> <span class="c1">// DbContext disposed here</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// ✅ Good: Use factory pattern for streaming</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">StreamingOrderService</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IDbContextFactory</span><span class="p">&lt;</span><span class="n">OrderDbContext</span><span class="p">&gt;</span> <span class="n">_contextFactory</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">Order</span><span class="p">&gt;</span> <span class="nf">StreamOrdersAsync</span><span class="p">(</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">db</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_contextFactory</span><span class="p">.</span><span class="nf">CreateDbContextAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">order</span> <span class="k">in</span> <span class="n">db</span><span class="p">.</span><span class="n">Orders</span><span class="p">.</span><span class="nf">AsAsyncEnumerable</span><span class="p">().</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">order</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// DbContext properly disposed when iteration completes</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Error 5: Ignoring Transaction Timeouts </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Bad: Long-running query may timeout</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">Item</span><span class="p">&gt;</span> <span class="nf">GetItemsAsync</span><span class="p">()</span> <span class="p">{</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">_context</span><span class="p">.</span><span class="n">Items</span><span class="p">.</span><span class="nf">AsAsyncEnumerable</span><span class="p">())</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">item</span><span class="p">;</span> <span class="c1">// Connection held open indefinitely</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// ✅ Good: Set explicit command timeout</span> <span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">Item</span><span class="p">&gt;</span> <span class="nf">GetItemsAsync</span><span class="p">(</span><span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="n">_context</span><span class="p">.</span><span class="n">Database</span><span class="p">.</span><span class="nf">SetCommandTimeout</span><span class="p">(</span><span class="n">TimeSpan</span><span class="p">.</span><span class="nf">FromMinutes</span><span class="p">(</span><span class="m">5</span><span class="p">));</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">_context</span><span class="p">.</span><span class="n">Items</span><span class="p">.</span><span class="nf">AsAsyncEnumerable</span><span class="p">().</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">item</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Best Practices </h2> <p>A few rules I now follow without thinking.</p> <h3> 1. Always Accept CancellationToken </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="nf">StreamAsync</span><span class="p">(</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">_source</span><span class="p">.</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="n">ct</span><span class="p">.</span><span class="nf">ThrowIfCancellationRequested</span><span class="p">();</span> <span class="c1">// Optional: check between operations</span> <span class="k">yield</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">TransformAsync</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="n">ct</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Use WithCancellation in Callers </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">service</span><span class="p">.</span><span class="nf">StreamAsync</span><span class="p">().</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Proper cancellation propagation</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Configure JSON Buffer Sizes for HttpClient </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">options</span> <span class="p">=</span> <span class="k">new</span> <span class="n">JsonSerializerOptions</span> <span class="p">{</span> <span class="n">DefaultBufferSize</span> <span class="p">=</span> <span class="m">8192</span> <span class="c1">// Adjust based on average payload size</span> <span class="p">};</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">JsonSerializer</span><span class="p">.</span><span class="n">DeserializeAsyncEnumerable</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span> <span class="n">stream</span><span class="p">,</span> <span class="n">options</span><span class="p">,</span> <span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Optimal memory usage</span> <span class="p">}</span> </code></pre> </div> <h3> 4. Add Backpressure with ConfigureAwait </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">source</span><span class="p">.</span><span class="nf">ConfigureAwait</span><span class="p">(</span><span class="k">false</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// false reduces context switching in high-throughput scenarios</span> <span class="k">await</span> <span class="nf">SlowOperationAsync</span><span class="p">(</span><span class="n">item</span><span class="p">).</span><span class="nf">ConfigureAwait</span><span class="p">(</span><span class="k">false</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 5. Use IAsyncDisposable for Resource Cleanup </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="kt">byte</span><span class="p">[</span><span class="k">]&gt;</span> <span class="nf">StreamFileChunksAsync</span><span class="p">(</span> <span class="kt">string</span> <span class="n">path</span><span class="p">,</span> <span class="kt">int</span> <span class="n">chunkSize</span> <span class="p">=</span> <span class="m">8192</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">fs</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">FileStream</span><span class="p">(</span> <span class="n">path</span><span class="p">,</span> <span class="n">FileMode</span><span class="p">.</span><span class="n">Open</span><span class="p">,</span> <span class="n">FileAccess</span><span class="p">.</span><span class="n">Read</span><span class="p">,</span> <span class="n">FileShare</span><span class="p">.</span><span class="n">Read</span><span class="p">,</span> <span class="n">bufferSize</span><span class="p">:</span> <span class="n">chunkSize</span><span class="p">,</span> <span class="n">useAsync</span><span class="p">:</span> <span class="k">true</span><span class="p">);</span> <span class="kt">var</span> <span class="n">buffer</span> <span class="p">=</span> <span class="k">new</span> <span class="kt">byte</span><span class="p">[</span><span class="n">chunkSize</span><span class="p">];</span> <span class="kt">int</span> <span class="n">bytesRead</span><span class="p">;</span> <span class="k">while</span> <span class="p">((</span><span class="n">bytesRead</span> <span class="p">=</span> <span class="k">await</span> <span class="n">fs</span><span class="p">.</span><span class="nf">ReadAsync</span><span class="p">(</span><span class="n">buffer</span><span class="p">,</span> <span class="n">ct</span><span class="p">))</span> <span class="p">&gt;</span> <span class="m">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">buffer</span><span class="p">.</span><span class="nf">AsSpan</span><span class="p">(</span><span class="m">0</span><span class="p">,</span> <span class="n">bytesRead</span><span class="p">).</span><span class="nf">ToArray</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 6. Batch When Individual Items Are Too Small </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">async</span> <span class="n">IAsyncEnumerable</span><span class="p">&lt;</span><span class="n">IReadOnlyList</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;&gt;</span> <span class="n">StreamBatchesAsync</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span> <span class="kt">int</span> <span class="n">batchSize</span> <span class="p">=</span> <span class="m">100</span><span class="p">,</span> <span class="p">[</span><span class="n">EnumeratorCancellation</span><span class="p">]</span> <span class="n">CancellationToken</span> <span class="n">ct</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="k">where</span> <span class="n">T</span> <span class="p">:</span> <span class="k">class</span> <span class="err">{</span> <span class="nc">var</span> <span class="n">batch</span> <span class="p">=</span> <span class="k">new</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span><span class="n">batchSize</span><span class="p">);</span> <span class="k">await</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">_context</span><span class="p">.</span><span class="n">Set</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;().</span><span class="nf">AsAsyncEnumerable</span><span class="p">().</span><span class="nf">WithCancellation</span><span class="p">(</span><span class="n">ct</span><span class="p">))</span> <span class="p">{</span> <span class="n">batch</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="n">item</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">batch</span><span class="p">.</span><span class="n">Count</span> <span class="p">&gt;=</span> <span class="n">batchSize</span><span class="p">)</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">batch</span><span class="p">;</span> <span class="n">batch</span> <span class="p">=</span> <span class="k">new</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span><span class="n">batchSize</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="n">batch</span><span class="p">.</span><span class="n">Count</span> <span class="p">&gt;</span> <span class="m">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">yield</span> <span class="k">return</span> <span class="n">batch</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Conclusion </h2> <p>The mental shift is simple once it clicks:</p> <ul> <li> <strong>Before</strong>: Load everything → Process everything → Return everything</li> <li> <strong>After</strong>: Stream one item → Process it → Move to the next</li> </ul> <p>That's it. No magic, no complex setup. Just a different way of thinking about data flow.</p> <p><strong>Reach for IAsyncEnumerable when:</strong></p> <ul> <li>✅ You're exporting database records by the thousands</li> <li>✅ You're processing large files (CSV, logs, JSON dumps)</li> <li>✅ You're consuming a streaming API</li> <li>✅ Memory is a real concern on your server</li> </ul> <p><strong>Stick with List when:</strong></p> <ul> <li>❌ Your dataset is small (under ~1,000 items) — the overhead isn't worth it</li> <li>❌ You need random access or multiple iterations</li> <li>❌ You're chaining complex LINQ operations that don't support streaming</li> </ul> <p>The 95% memory reduction I got wasn't theoretical. It was the difference between a service that crashed under load and one that handled the same data without breaking a sweat. Start with your EF Core queries and API clients — that's where you'll feel the impact immediately.</p> dotnet csharp programming webdev Adrián Bailador Mon, 30 Mar 2026 19:00:00 +0000 https://forem.com/adrianbailador/big-update-drop-for-the-coffee-timer-2heb https://forem.com/adrianbailador/big-update-drop-for-the-coffee-timer-2heb <p>I've been heads-down building new features and polishing the experience — Here's what's new:</p> <p>☕ Redesigned coffee cup: A fully SVG-based ceramic mug with realistic porcelain gradients, a 3D handle, crema/foam with latte art details, and smooth steam animations. It even fills up as your The Coffee Timer session progresses.</p> <p>🎵 Spotify integration (Premium) Connect your Spotify account and play playlists, songs, or artists directly inside the app while you focus. Full search + library browsing — no need to switch tabs.</p> <p>🔔 Background push notifications: The timer now sends a system notification even when the tab is closed or minimised. Never miss the end of a session again.</p> <p>📱 Mobile responsiveness overhaul: Bigger touch targets, responsive layouts, no more overflow on small screens. The app now feels at home on any device.</p> <p>⚡ Instant premium status Subscription state loads from cache instantly — no more waiting spinner before the UI unlocks.</p> <p>🔒 Smart feature gating Non-premium users see a teaser of the Spotify player (blurred, with a lock icon) to show what they're missing. Guests get a "Sign in to unlock" CTA, and free users get "Upgrade to Premium".</p> <p>The Coffee Timer is a productivity app built with React + TypeScript, .NET backend, Supabase, and Stripe — designed to make focused work feel a little more enjoyable.</p> <p><a href="https://thecoffeetimer.com/" rel="noopener noreferrer">https://thecoffeetimer.com/</a></p> <p>If you want to try it or give feedback, drop a comment 👇</p> webdev dotnet csharp programming Adrián Bailador Sat, 28 Mar 2026 22:21:30 +0000 https://forem.com/adrianbailador/how-i-fixed-supabase-rate-limiting-in-production-58np https://forem.com/adrianbailador/how-i-fixed-supabase-rate-limiting-in-production-58np <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi665siehq3pq2x61astu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi665siehq3pq2x61astu.png" alt=" " width="800" height="446"></a></p> <p>The Coffee Timer was hitting Supabase's rate limits in production. Here's the exact problem, why it happened, and the four-part fix that solved it.</p> <h2> The Problem: Frontend Calling Supabase Directly </h2> <p>The Coffee Timer is a subscription-based web app. The original architecture was straightforward — the frontend called Supabase directly for everything: authentication, subscription checks, feature flags, and data reads. It worked fine in development and in early production with a small user base.</p> <p>Then it didn't.</p> <p>Under real load, the frontend was making multiple Supabase calls per page render. A logged-in user opening the app would trigger:</p> <ol> <li>A call to fetch the user profile</li> <li>A call to check subscription status</li> <li>A call to load their saved timers</li> <li>A call to fetch feature flags</li> </ol> <p>That's four Supabase requests for a single page load. Multiply that by concurrent users refreshing the app, and you hit HTTP 429 — Too Many Requests — fast.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST https://[project].supabase.co/rest/v1/rpc/check_subscription → 429 Too Many Requests Retry-After: 60 </code></pre> </div> <p>The UI would hang, subscriptions appeared as expired, and users were getting locked out of features they had paid for. Not great.</p> <h2> Understanding Supabase Rate Limits </h2> <p>Supabase rate limits operate at several levels. The ones that matter most for this problem are:</p> <ul> <li> <strong>REST API requests per second</strong> — per project, across all clients</li> <li> <strong>Auth requests per hour</strong> — per IP and per user</li> <li> <strong>Realtime connections</strong> — concurrent subscriptions</li> </ul> <p>The key insight is that Supabase is designed for moderate, server-side usage — not to act as a direct database connection from thousands of browser tabs. When you call Supabase directly from the frontend, every user's browser is a separate client hammering the same rate limit pool.</p> <p>The fix is architectural: <strong>the browser should not be the one talking to Supabase for anything critical.</strong></p> <h2> Fix 1 — Move Critical Operations to the .NET Backend </h2> <p>The most impactful change was moving subscription checks and write operations off the frontend and behind a .NET API. The browser now calls my API, and the API calls Supabase with a service-level key. One server-to-server connection, not hundreds of browser-to-Supabase connections.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// SubscriptionService.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">SubscriptionService</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">SupabaseClient</span> <span class="n">_supabase</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">SubscriptionService</span><span class="p">&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">public</span> <span class="nf">SubscriptionService</span><span class="p">(</span><span class="n">SupabaseClient</span> <span class="n">supabase</span><span class="p">,</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">SubscriptionService</span><span class="p">&gt;</span> <span class="n">logger</span><span class="p">)</span> <span class="p">{</span> <span class="n">_supabase</span> <span class="p">=</span> <span class="n">supabase</span><span class="p">;</span> <span class="n">_logger</span> <span class="p">=</span> <span class="n">logger</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">SubscriptionStatus</span><span class="p">&gt;</span> <span class="nf">GetSubscriptionStatusAsync</span><span class="p">(</span><span class="kt">string</span> <span class="n">userId</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_supabase</span> <span class="p">.</span><span class="n">From</span><span class="p">&lt;</span><span class="n">Subscription</span><span class="p">&gt;()</span> <span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">s</span> <span class="p">=&gt;</span> <span class="n">s</span><span class="p">.</span><span class="n">UserId</span> <span class="p">==</span> <span class="n">userId</span> <span class="p">&amp;&amp;</span> <span class="n">s</span><span class="p">.</span><span class="n">IsActive</span><span class="p">)</span> <span class="p">.</span><span class="nf">Single</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="n">response</span> <span class="k">is</span> <span class="k">null</span><span class="p">)</span> <span class="k">return</span> <span class="n">SubscriptionStatus</span><span class="p">.</span><span class="n">Free</span><span class="p">;</span> <span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">Plan</span> <span class="k">switch</span> <span class="p">{</span> <span class="s">"pro"</span> <span class="p">=&gt;</span> <span class="n">SubscriptionStatus</span><span class="p">.</span><span class="n">Pro</span><span class="p">,</span> <span class="s">"enterprise"</span> <span class="p">=&gt;</span> <span class="n">SubscriptionStatus</span><span class="p">.</span><span class="n">Enterprise</span><span class="p">,</span> <span class="n">_</span> <span class="p">=&gt;</span> <span class="n">SubscriptionStatus</span><span class="p">.</span><span class="n">Free</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The API endpoint the frontend calls:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">ApiController</span><span class="p">]</span> <span class="p">[</span><span class="nf">Route</span><span class="p">(</span><span class="s">"api/[controller]"</span><span class="p">)]</span> <span class="p">[</span><span class="n">Authorize</span><span class="p">]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">SubscriptionController</span> <span class="p">:</span> <span class="n">ControllerBase</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">SubscriptionService</span> <span class="n">_subscriptionService</span><span class="p">;</span> <span class="k">public</span> <span class="nf">SubscriptionController</span><span class="p">(</span><span class="n">SubscriptionService</span> <span class="n">subscriptionService</span><span class="p">)</span> <span class="p">{</span> <span class="n">_subscriptionService</span> <span class="p">=</span> <span class="n">subscriptionService</span><span class="p">;</span> <span class="p">}</span> <span class="p">[</span><span class="nf">HttpGet</span><span class="p">(</span><span class="s">"status"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">GetStatus</span><span class="p">()</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">userId</span> <span class="p">=</span> <span class="n">User</span><span class="p">.</span><span class="nf">FindFirstValue</span><span class="p">(</span><span class="n">ClaimTypes</span><span class="p">.</span><span class="n">NameIdentifier</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">userId</span> <span class="k">is</span> <span class="k">null</span><span class="p">)</span> <span class="k">return</span> <span class="nf">Unauthorized</span><span class="p">();</span> <span class="kt">var</span> <span class="n">status</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_subscriptionService</span><span class="p">.</span><span class="nf">GetSubscriptionStatusAsync</span><span class="p">(</span><span class="n">userId</span><span class="p">);</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">(</span><span class="k">new</span> <span class="p">{</span> <span class="n">status</span> <span class="p">=</span> <span class="n">status</span><span class="p">.</span><span class="nf">ToString</span><span class="p">().</span><span class="nf">ToLower</span><span class="p">()</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The frontend now makes one call to <code>GET /api/subscription/status</code>, which returns a clean response. Supabase never sees the browser again for subscription checks.</p> <blockquote> <p><strong>A note on the Supabase .NET SDK:</strong> The official <code>supabase-csharp</code> SDK works, but it is not as actively maintained as the JavaScript client, and its fluent query API has known edge cases around complex filters and RPC deserialization. For production backends, you may want to fall back to a raw <code>HttpClient</code> against Supabase's REST endpoint — it is more explicit, easier to debug, and not subject to SDK-level bugs. I use the SDK for simple CRUD operations but switch to <code>HttpClient</code> for anything involving RPCs or custom headers.</p> </blockquote> <h2> Fix 2 — Use Supabase RPCs for Batched Operations </h2> <p>Even with the backend in place, there were still cases where a single operation needed to read and write across multiple tables. Doing that as separate sequential calls from the backend still generates N requests to Supabase.</p> <p>The solution is Supabase RPCs — PostgreSQL functions exposed as a single HTTP call. Instead of three reads and a write, one function call handles the entire operation atomically.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Supabase SQL editor: create the function</span> <span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">get_user_dashboard</span><span class="p">(</span><span class="n">p_user_id</span> <span class="n">UUID</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="n">JSON</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="k">result</span> <span class="n">JSON</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="k">SELECT</span> <span class="n">json_build_object</span><span class="p">(</span> <span class="s1">'subscription'</span><span class="p">,</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">row_to_json</span><span class="p">(</span><span class="n">s</span><span class="p">)</span> <span class="k">FROM</span> <span class="n">subscriptions</span> <span class="n">s</span> <span class="k">WHERE</span> <span class="n">s</span><span class="p">.</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">p_user_id</span> <span class="k">AND</span> <span class="n">s</span><span class="p">.</span><span class="n">is_active</span> <span class="o">=</span> <span class="k">true</span> <span class="k">LIMIT</span> <span class="mi">1</span> <span class="p">),</span> <span class="s1">'timers'</span><span class="p">,</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">json_agg</span><span class="p">(</span><span class="n">t</span><span class="p">)</span> <span class="k">FROM</span> <span class="n">timers</span> <span class="n">t</span> <span class="k">WHERE</span> <span class="n">t</span><span class="p">.</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">p_user_id</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">t</span><span class="p">.</span><span class="n">updated_at</span> <span class="k">DESC</span> <span class="k">LIMIT</span> <span class="mi">20</span> <span class="p">),</span> <span class="s1">'feature_flags'</span><span class="p">,</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">json_agg</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">FROM</span> <span class="n">feature_flags</span> <span class="n">f</span> <span class="k">WHERE</span> <span class="n">f</span><span class="p">.</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">p_user_id</span> <span class="k">OR</span> <span class="n">f</span><span class="p">.</span><span class="n">is_global</span> <span class="o">=</span> <span class="k">true</span> <span class="p">)</span> <span class="p">)</span> <span class="k">INTO</span> <span class="k">result</span><span class="p">;</span> <span class="k">RETURN</span> <span class="k">result</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span><span class="p">;</span> </code></pre> </div> <p>Calling the RPC from the .NET backend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">DashboardData</span><span class="p">&gt;</span> <span class="nf">GetDashboardAsync</span><span class="p">(</span><span class="kt">string</span> <span class="n">userId</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_supabase</span> <span class="p">.</span><span class="nf">Rpc</span><span class="p">(</span><span class="s">"get_user_dashboard"</span><span class="p">,</span> <span class="k">new</span> <span class="p">{</span> <span class="n">p_user_id</span> <span class="p">=</span> <span class="n">userId</span> <span class="p">});</span> <span class="k">if</span> <span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">ResponseMessage</span><span class="p">?.</span><span class="n">IsSuccessStatusCode</span> <span class="p">!=</span> <span class="k">true</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="s">"RPC get_user_dashboard failed for user {UserId}"</span><span class="p">,</span> <span class="n">userId</span><span class="p">);</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">InvalidOperationException</span><span class="p">(</span><span class="s">"Failed to load dashboard data."</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="n">JsonSerializer</span><span class="p">.</span><span class="n">Deserialize</span><span class="p">&lt;</span><span class="n">DashboardData</span><span class="p">&gt;(</span><span class="n">response</span><span class="p">.</span><span class="n">Content</span><span class="p">!)</span> <span class="p">??</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">InvalidOperationException</span><span class="p">(</span><span class="s">"Empty response from dashboard RPC."</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>One HTTP call to Supabase replaces three. The function runs inside the database — no network round-trips between tables.</p> <blockquote> <p><strong>Security note:</strong> <code>SECURITY DEFINER</code> means the function runs with the privileges of the function creator, not the caller. This is appropriate here because the backend uses a service-level key and the call never reaches the frontend. However, if you ever expose an RPC directly from the frontend, <code>SECURITY DEFINER</code> bypasses Row Level Security — validate <code>p_user_id</code> against <code>auth.uid()</code> explicitly inside the function body in that case, or switch to <code>SECURITY INVOKER</code> and rely on RLS policies instead.</p> <p><strong>When not to use RPCs:</strong> RPCs are great for batching reads or encapsulating complex transactional logic. They're not ideal for operations that need to be easily unit-tested or debugged in isolation. Use them selectively — one RPC for the dashboard load makes sense; one RPC for every operation in your app creates a maintenance burden.</p> </blockquote> <h2> Fix 3 — Add Server-Side Caching with IMemoryCache </h2> <p>A client-side cache eliminates redundant calls <em>per user</em>. But it doesn't help when many users are doing their first load simultaneously — each of their requests still hits Supabase independently from the backend.</p> <p>The missing layer is a server-side cache using <code>IMemoryCache</code>. Subscription status is the same answer for a given user regardless of which request fetches it. Caching it on the backend means that 50 concurrent logins don't generate 50 Supabase calls — they generate one, and the rest are served from memory.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddMemoryCache</span><span class="p">();</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// SubscriptionService.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">SubscriptionService</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">SupabaseClient</span> <span class="n">_supabase</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IMemoryCache</span> <span class="n">_cache</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">SubscriptionService</span><span class="p">&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">private</span> <span class="k">static</span> <span class="k">readonly</span> <span class="n">TimeSpan</span> <span class="n">CacheTtl</span> <span class="p">=</span> <span class="n">TimeSpan</span><span class="p">.</span><span class="nf">FromMinutes</span><span class="p">(</span><span class="m">1</span><span class="p">);</span> <span class="k">public</span> <span class="nf">SubscriptionService</span><span class="p">(</span> <span class="n">SupabaseClient</span> <span class="n">supabase</span><span class="p">,</span> <span class="n">IMemoryCache</span> <span class="n">cache</span><span class="p">,</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">SubscriptionService</span><span class="p">&gt;</span> <span class="n">logger</span><span class="p">)</span> <span class="p">{</span> <span class="n">_supabase</span> <span class="p">=</span> <span class="n">supabase</span><span class="p">;</span> <span class="n">_cache</span> <span class="p">=</span> <span class="n">cache</span><span class="p">;</span> <span class="n">_logger</span> <span class="p">=</span> <span class="n">logger</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">SubscriptionStatus</span><span class="p">&gt;</span> <span class="nf">GetSubscriptionStatusAsync</span><span class="p">(</span><span class="kt">string</span> <span class="n">userId</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">cacheKey</span> <span class="p">=</span> <span class="s">$"subscription:</span><span class="p">{</span><span class="n">userId</span><span class="p">}</span><span class="s">"</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="n">_cache</span><span class="p">.</span><span class="nf">TryGetValue</span><span class="p">(</span><span class="n">cacheKey</span><span class="p">,</span> <span class="k">out</span> <span class="n">SubscriptionStatus</span> <span class="n">cached</span><span class="p">))</span> <span class="k">return</span> <span class="n">cached</span><span class="p">;</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_supabase</span> <span class="p">.</span><span class="n">From</span><span class="p">&lt;</span><span class="n">Subscription</span><span class="p">&gt;()</span> <span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">s</span> <span class="p">=&gt;</span> <span class="n">s</span><span class="p">.</span><span class="n">UserId</span> <span class="p">==</span> <span class="n">userId</span> <span class="p">&amp;&amp;</span> <span class="n">s</span><span class="p">.</span><span class="n">IsActive</span><span class="p">)</span> <span class="p">.</span><span class="nf">Single</span><span class="p">();</span> <span class="kt">var</span> <span class="n">status</span> <span class="p">=</span> <span class="n">response</span><span class="p">?.</span><span class="n">Plan</span> <span class="k">switch</span> <span class="p">{</span> <span class="s">"pro"</span> <span class="p">=&gt;</span> <span class="n">SubscriptionStatus</span><span class="p">.</span><span class="n">Pro</span><span class="p">,</span> <span class="s">"enterprise"</span> <span class="p">=&gt;</span> <span class="n">SubscriptionStatus</span><span class="p">.</span><span class="n">Enterprise</span><span class="p">,</span> <span class="n">_</span> <span class="p">=&gt;</span> <span class="n">SubscriptionStatus</span><span class="p">.</span><span class="n">Free</span> <span class="p">};</span> <span class="n">_cache</span><span class="p">.</span><span class="nf">Set</span><span class="p">(</span><span class="n">cacheKey</span><span class="p">,</span> <span class="n">status</span><span class="p">,</span> <span class="n">CacheTtl</span><span class="p">);</span> <span class="k">return</span> <span class="n">status</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">void</span> <span class="nf">InvalidateCache</span><span class="p">(</span><span class="kt">string</span> <span class="n">userId</span><span class="p">)</span> <span class="p">{</span> <span class="n">_cache</span><span class="p">.</span><span class="nf">Remove</span><span class="p">(</span><span class="s">$"subscription:</span><span class="p">{</span><span class="n">userId</span><span class="p">}</span><span class="s">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Always get the <code>userId</code> from the authenticated JWT claim — never from the request body — when invalidating the cache. Accepting a <code>userId</code> from the client would allow one user to invalidate another user's cache entry:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ✅ userId comes from the JWT, not from the request body</span> <span class="p">[</span><span class="nf">HttpPost</span><span class="p">(</span><span class="s">"checkout/complete"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">CompleteCheckout</span><span class="p">([</span><span class="n">FromBody</span><span class="p">]</span> <span class="n">CheckoutRequest</span> <span class="n">request</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">userId</span> <span class="p">=</span> <span class="n">User</span><span class="p">.</span><span class="nf">FindFirstValue</span><span class="p">(</span><span class="n">ClaimTypes</span><span class="p">.</span><span class="n">NameIdentifier</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">userId</span> <span class="k">is</span> <span class="k">null</span><span class="p">)</span> <span class="k">return</span> <span class="nf">Unauthorized</span><span class="p">();</span> <span class="k">await</span> <span class="n">_checkoutService</span><span class="p">.</span><span class="nf">ProcessAsync</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">SessionId</span><span class="p">);</span> <span class="n">_subscriptionService</span><span class="p">.</span><span class="nf">InvalidateCache</span><span class="p">(</span><span class="n">userId</span><span class="p">);</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p><strong>IMemoryCache vs IDistributedCache:</strong> <code>IMemoryCache</code> is process-local — if you run multiple backend instances behind a load balancer, each instance has its own cache and a user might hit a stale entry on a different node. For single-instance deployments (like Render's free/starter tier), <code>IMemoryCache</code> is fine. If you scale horizontally, switch to <code>IDistributedCache</code> backed by Redis to share cache state across instances.</p> </blockquote> <h2> Fix 4 — Cache Subscription State in localStorage with a TTL </h2> <p>Even with server-side caching, the browser still makes one API call per page load per user. For a subscription status that doesn't change often, that's unnecessary. A client-side cache in <code>localStorage</code> eliminates redundant calls for users navigating within the app.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// subscriptionCache.ts</span> <span class="kd">const</span> <span class="nx">CACHE_KEY</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">subscription_status</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">TTL_MS</span> <span class="o">=</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">;</span> <span class="c1">// 1 minute</span> <span class="kr">interface</span> <span class="nx">CachedSubscription</span> <span class="p">{</span> <span class="nl">status</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">cachedAt</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">getCachedSubscription</span><span class="p">():</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">raw</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="nx">CACHE_KEY</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">raw</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">const</span> <span class="na">cached</span><span class="p">:</span> <span class="nx">CachedSubscription</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">raw</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">age</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="nx">cached</span><span class="p">.</span><span class="nx">cachedAt</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">age</span> <span class="o">&gt;</span> <span class="nx">TTL_MS</span><span class="p">)</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="nx">CACHE_KEY</span><span class="p">);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">cached</span><span class="p">.</span><span class="nx">status</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="nx">CACHE_KEY</span><span class="p">);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">setCachedSubscription</span><span class="p">(</span><span class="nx">status</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="kd">const</span> <span class="na">entry</span><span class="p">:</span> <span class="nx">CachedSubscription</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">status</span><span class="p">,</span> <span class="na">cachedAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">(),</span> <span class="p">};</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="nx">CACHE_KEY</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">entry</span><span class="p">));</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">invalidateSubscriptionCache</span><span class="p">():</span> <span class="k">void</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="nx">CACHE_KEY</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Using it when loading the app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// useSubscription.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getSubscriptionStatus</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Return cached value if still fresh</span> <span class="kd">const</span> <span class="nx">cached</span> <span class="o">=</span> <span class="nf">getCachedSubscription</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">cached</span><span class="p">)</span> <span class="k">return</span> <span class="nx">cached</span><span class="p">;</span> <span class="c1">// Fetch from backend, not Supabase directly</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/subscription/status</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="k">await</span> <span class="nf">getAuthToken</span><span class="p">()}</span><span class="s2">`</span> <span class="p">},</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Failed to fetch subscription status.</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">status</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nf">setCachedSubscription</span><span class="p">(</span><span class="nx">status</span><span class="p">);</span> <span class="k">return</span> <span class="nx">status</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Invalidate the cache whenever the subscription actually changes — on checkout completion, on plan upgrade, on logout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// After a successful checkout</span> <span class="k">await</span> <span class="nf">completeCheckout</span><span class="p">(</span><span class="nx">sessionId</span><span class="p">);</span> <span class="nf">invalidateSubscriptionCache</span><span class="p">();</span> <span class="c1">// Force fresh fetch on next load</span> </code></pre> </div> <blockquote> <p><strong>Why 1 minute?</strong> The TTL is a balance between freshness and request volume. Too short (&lt; 30s) and you still trigger frequent fetches for users navigating quickly. Too long (&gt; 5min) and a user who just upgraded won't see their new features without a manual refresh. One minute means a subscription change feels near-instant while eliminating redundant calls under normal usage. If your use case needs faster propagation, consider pushing subscription changes to the client via a WebSocket and invalidating the cache explicitly — rather than shortening the TTL.</p> <p><strong>Important caveat:</strong> The localStorage cache means a user who <em>cancels</em> their subscription may continue to see Pro features for up to 1 minute on the client, until the TTL expires. This is an acceptable trade-off for most SaaS apps — the backend enforces the real access control, and client-side UI state catching up within 60 seconds is not a meaningful security gap. However, if you need stricter enforcement (e.g. metered API access or high-value feature gating), shorten the TTL or push subscription changes via WebSocket rather than relying on TTL expiry.</p> </blockquote> <h2> The Result: Before and After </h2> <p><strong>Before:</strong></p> <ul> <li>4 direct Supabase REST calls per page load, from every browser tab</li> <li>~120 Supabase requests/minute at peak with ~30 concurrent active users</li> <li>429 errors appearing consistently above ~25 concurrent users</li> <li>Subscription checks failing 8–12% of requests during busy periods</li> <li>Median time-to-interactive: ~1,400ms (waiting on sequential Supabase calls)</li> </ul> <p><strong>After:</strong></p> <ul> <li>0 direct Supabase calls from the browser</li> <li>Backend makes 1 RPC call to Supabase per cache miss — most page loads served from IMemoryCache</li> <li>Supabase request volume dropped ~85% at equivalent user load</li> <li>429 errors: eliminated</li> <li>Median time-to-interactive: ~310ms (single backend call, mostly cache hits)</li> </ul> <p>The Supabase dashboard's API usage graph made the change visible immediately — the spike pattern on every deployment flattened out the same day the caching layers went live.</p> <h2> Common Mistakes to Avoid </h2> <p><strong>Calling Supabase directly from the frontend for subscription or billing checks</strong><br> Subscription status is both critical and sensitive. It should never be computed or fetched client-side. A user can intercept and modify the response from a direct Supabase call. Route it through your backend where you control validation.</p> <p><strong>Not invalidating the cache after state changes</strong><br> If you cache subscription status but forget to invalidate it after checkout, users will complete a payment and still see themselves on the free plan until the TTL expires. Always call <code>invalidateSubscriptionCache()</code> on any action that changes subscription state.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ Forgot to invalidate — user sees stale Free status after upgrading</span> <span class="k">await</span> <span class="nf">processUpgrade</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="c1">// ✅ Invalidate immediately after the state change</span> <span class="k">await</span> <span class="nf">processUpgrade</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="nf">invalidateSubscriptionCache</span><span class="p">();</span> </code></pre> </div> <p><strong>Caching on the frontend but not on the backend</strong><br> A localStorage cache eliminates redundant calls per user. It does nothing for simultaneous first-time loads. Without <code>IMemoryCache</code> on the backend, 50 users logging in at the same time still generate 50 Supabase calls. Both layers are necessary.</p> <p><strong>Using a short TTL as a substitute for proper cache invalidation</strong><br> A 5-second TTL is not a caching strategy — it's a polling strategy with extra steps. Either cache with a meaningful TTL and invalidate on change, or don't cache at all.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ 5-second TTL — you're just polling Supabase every 5 seconds</span> <span class="kd">const</span> <span class="nx">TTL_MS</span> <span class="o">=</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">;</span> <span class="c1">// ✅ 1-minute TTL + explicit invalidation on subscription change</span> <span class="kd">const</span> <span class="nx">TTL_MS</span> <span class="o">=</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">;</span> </code></pre> </div> <p><strong>Sharing a service-level Supabase key in the frontend</strong><br> The backend uses a service role key that bypasses Row Level Security. This key must never be exposed to the browser. Keep it server-side in environment variables.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// appsettings.json (server-side only)</span> <span class="p">{</span> <span class="s">"Supabase"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"Url"</span><span class="p">:</span> <span class="s">"https://[project].supabase.co"</span><span class="p">,</span> <span class="s">"ServiceKey"</span><span class="p">:</span> <span class="s">"eyJ..."</span> <span class="c1">// Never expose this in frontend code</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Best Practices </h2> <ul> <li> <strong>Never call Supabase directly from the browser for subscription, billing, or access control.</strong> These operations belong in your backend.</li> <li> <strong>Use RPCs to batch related reads into a single HTTP call.</strong> Fewer calls = fewer chances to hit rate limits.</li> <li> <strong>Add server-side caching with <code>IMemoryCache</code></strong> for any data that is expensive to fetch and doesn't change per-request. It protects against burst load, not just steady-state traffic.</li> <li> <strong>Cache on the client too</strong>, but only for non-sensitive UI state like subscription tier. Always enforce real access control on the backend.</li> <li> <strong>Always invalidate both caches on state changes</strong> — the server-side cache and the localStorage cache — not just let the TTL expire.</li> <li> <strong>Always derive <code>userId</code> from the JWT claim on the server</strong>, never from the request body, when performing sensitive operations like cache invalidation.</li> <li> <strong>Use the Supabase service role key only on the backend.</strong> The frontend should use the anonymous key scoped to RLS policies.</li> <li> <strong>Monitor your Supabase project's rate limit usage</strong> in the dashboard. Set up alerts before you hit limits, not after.</li> <li> <strong>If you scale horizontally, switch <code>IMemoryCache</code> to <code>IDistributedCache</code> backed by Redis</strong> to avoid stale cache entries across instances.</li> </ul> <h2> Conclusion </h2> <p>Rate limiting is not a Supabase problem — it's an architecture problem. Supabase is a hosted service with usage boundaries, and calling it directly from every browser tab treats it like a local database. It isn't.</p> <p>The fix for The Coffee Timer came down to four things: move critical operations to the backend, reduce the number of calls using RPCs, cache aggressively on the server with <code>IMemoryCache</code>, and add a client-side TTL cache as a last-mile optimization. None of these are complex changes, but together they eliminated 429 errors entirely, cut Supabase request volume by ~85%, and reduced time-to-interactive by more than 4x.</p> <p>If your frontend is calling Supabase directly for anything that matters — subscription status, access control, billing — move it to your backend. Then cache it. The sooner, the better.</p> dotnet csharp programming architecture Adrián Bailador Fri, 20 Mar 2026 21:08:58 +0000 https://forem.com/adrianbailador/what-your-net-exceptions-are-telling-attackers-and-how-to-stop-it-57ia https://forem.com/adrianbailador/what-your-net-exceptions-are-telling-attackers-and-how-to-stop-it-57ia <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsvvw15ppu8cu1uke8g6x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsvvw15ppu8cu1uke8g6x.png" alt=" "></a></p> <p>How unhandled exceptions leak stack traces, connection strings, and internal architecture — and how to fix it properly in ASP.NET Core.</p> <h2> Introduction: The Exception That Becomes a Roadmap </h2> <p>Imagine you're building an API. A developer forgets to handle an edge case, and a request triggers an unhandled exception. What does the caller see?</p> <p>In a default ASP.NET Core project in development mode, they see something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>System.NullReferenceException: Object reference not set to an instance of an object. at MyApi.Services.OrderService.GetOrderAsync(Int32 id) in /home/runner/work/MyApi/src/Services/OrderService.cs:line 47 at MyApi.Controllers.OrdersController.GetOrder(Int32 id) in /home/runner/work/MyApi/src/Controllers/OrdersController.cs:line 23 at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor... ConnectionString: Server=prod-db.internal;Database=orders;User=sa;Password=Sup3rS3cr3t! </code></pre> </div> <p>That response just told an attacker:</p> <ul> <li>Your internal folder structure and project layout</li> <li>The exact class and method where the error occurred</li> <li>Your database server hostname</li> <li>Your database credentials</li> </ul> <p>This isn't hypothetical. Error responses are one of the most common sources of information disclosure in web APIs — and one of the easiest to fix.</p> <h2> What Attackers Learn from Your Exceptions </h2> <p>Different types of exceptions leak different types of information. Understanding what gets exposed helps prioritise what to fix first.</p> <h3> Stack Traces — Your Internal Architecture </h3> <p>A stack trace reveals the exact call chain inside your application. Attackers use this to understand how your code is structured, what libraries you use, and where to look for known vulnerabilities.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>System.Data.SqlClient.SqlException: Invalid column name 'user_id'. at System.Data.SqlClient.SqlConnection.OnError(...) at MyApi.Repositories.UserRepository.FindByEmailAsync(String email) at MyApi.Services.AuthService.LoginAsync(LoginRequest request) </code></pre> </div> <p>From this single exception, an attacker now knows:</p> <ul> <li>You're using SQL Server (<code>SqlClient</code>)</li> <li>A column is named <code>user_id</code> — useful for SQL injection attempts</li> <li>Your authentication flow goes through <code>AuthService.LoginAsync</code> </li> </ul> <h3> Database Errors — Your Schema </h3> <p>Database exceptions are particularly dangerous because they expose table names, column names, and sometimes the exact query that failed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Microsoft.EntityFrameworkCore.DbUpdateException: An error occurred while saving the entity changes. Table 'orders_db.dbo.CustomerPayments' doesn't exist. </code></pre> </div> <p>Table names and database names are handed to the attacker on a silver platter.</p> <h3> Validation Errors — Your Business Rules </h3> <p>Even seemingly harmless validation errors can expose internal logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>FluentValidation.ValidationException: -- OrderId: Order ID must be between 100000 and 999999. Severity: Error -- CustomerId: Customer must have a verified account with status 'Premium' or 'Enterprise'. </code></pre> </div> <p>Now the attacker knows your ID ranges, your account tiers, and the status values your system uses internally.</p> <h2> The Fix: Global Exception Handling Middleware </h2> <p>The most important step is ensuring that no raw exception ever reaches the client in production. ASP.NET Core provides two clean ways to do this.</p> <h3> Option 1: UseExceptionHandler (Built-in) </h3> <p>For most APIs, the built-in <code>UseExceptionHandler</code> is the right starting point:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs</span> <span class="k">if</span> <span class="p">(</span><span class="n">app</span><span class="p">.</span><span class="n">Environment</span><span class="p">.</span><span class="nf">IsDevelopment</span><span class="p">())</span> <span class="p">{</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseDeveloperExceptionPage</span><span class="p">();</span> <span class="c1">// Full details in development only</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseExceptionHandler</span><span class="p">(</span><span class="s">"/error"</span><span class="p">);</span> <span class="c1">// Safe response in production</span> <span class="p">}</span> </code></pre> </div> <p>Add a dedicated error endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">ApiController</span><span class="p">]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ErrorController</span> <span class="p">:</span> <span class="n">ControllerBase</span> <span class="p">{</span> <span class="p">[</span><span class="nf">Route</span><span class="p">(</span><span class="s">"/error"</span><span class="p">)]</span> <span class="p">[</span><span class="nf">ApiExplorerSettings</span><span class="p">(</span><span class="n">IgnoreApi</span> <span class="p">=</span> <span class="k">true</span><span class="p">)]</span> <span class="k">public</span> <span class="n">IActionResult</span> <span class="nf">HandleError</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">Problem</span><span class="p">(</span> <span class="n">title</span><span class="p">:</span> <span class="s">"An unexpected error occurred."</span><span class="p">,</span> <span class="n">statusCode</span><span class="p">:</span> <span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status500InternalServerError</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This returns a standardised RFC 7807 Problem Details response with no internal information:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://tools.ietf.org/html/rfc7807"</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"An unexpected error occurred."</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="mi">500</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Option 2: Custom Middleware (More Control) </h3> <p>For more control over logging, correlation IDs, and response shaping, write your own middleware:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">ExceptionHandlingMiddleware</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">RequestDelegate</span> <span class="n">_next</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">ExceptionHandlingMiddleware</span><span class="p">&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">public</span> <span class="nf">ExceptionHandlingMiddleware</span><span class="p">(</span> <span class="n">RequestDelegate</span> <span class="n">next</span><span class="p">,</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">ExceptionHandlingMiddleware</span><span class="p">&gt;</span> <span class="n">logger</span><span class="p">)</span> <span class="p">{</span> <span class="n">_next</span> <span class="p">=</span> <span class="n">next</span><span class="p">;</span> <span class="n">_logger</span> <span class="p">=</span> <span class="n">logger</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">InvokeAsync</span><span class="p">(</span><span class="n">HttpContext</span> <span class="n">context</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">_next</span><span class="p">(</span><span class="n">context</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">HandleExceptionAsync</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">ex</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">private</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">HandleExceptionAsync</span><span class="p">(</span><span class="n">HttpContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">Exception</span> <span class="n">exception</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">correlationId</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="n">TraceIdentifier</span><span class="p">;</span> <span class="c1">// Log the full exception internally — never lose observability</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="n">exception</span><span class="p">,</span> <span class="s">"Unhandled exception. CorrelationId: {CorrelationId}, Path: {Path}"</span><span class="p">,</span> <span class="n">correlationId</span><span class="p">,</span> <span class="n">context</span><span class="p">.</span><span class="n">Request</span><span class="p">.</span><span class="n">Path</span><span class="p">);</span> <span class="kt">var</span> <span class="p">(</span><span class="n">statusCode</span><span class="p">,</span> <span class="n">title</span><span class="p">)</span> <span class="p">=</span> <span class="n">exception</span> <span class="k">switch</span> <span class="p">{</span> <span class="n">UnauthorizedAccessException</span> <span class="p">=&gt;</span> <span class="p">(</span><span class="m">401</span><span class="p">,</span> <span class="s">"Unauthorised."</span><span class="p">),</span> <span class="n">KeyNotFoundException</span> <span class="p">=&gt;</span> <span class="p">(</span><span class="m">404</span><span class="p">,</span> <span class="s">"Resource not found."</span><span class="p">),</span> <span class="n">ArgumentException</span> <span class="p">=&gt;</span> <span class="p">(</span><span class="m">400</span><span class="p">,</span> <span class="s">"Invalid request."</span><span class="p">),</span> <span class="n">_</span> <span class="p">=&gt;</span> <span class="p">(</span><span class="m">500</span><span class="p">,</span> <span class="s">"An unexpected error occurred."</span><span class="p">)</span> <span class="p">};</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">StatusCode</span> <span class="p">=</span> <span class="n">statusCode</span><span class="p">;</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">ContentType</span> <span class="p">=</span> <span class="s">"application/problem+json"</span><span class="p">;</span> <span class="c1">// Return safe response — correlation ID allows support to look up the real error</span> <span class="kt">var</span> <span class="n">problem</span> <span class="p">=</span> <span class="k">new</span> <span class="p">{</span> <span class="n">type</span> <span class="p">=</span> <span class="s">"https://httpstatuses.com/"</span> <span class="p">+</span> <span class="n">statusCode</span><span class="p">,</span> <span class="n">title</span> <span class="p">=</span> <span class="n">title</span><span class="p">,</span> <span class="n">status</span> <span class="p">=</span> <span class="n">statusCode</span><span class="p">,</span> <span class="n">traceId</span> <span class="p">=</span> <span class="n">correlationId</span> <span class="c1">// Safe: links to logs without exposing details</span> <span class="p">};</span> <span class="k">await</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="nf">WriteAsJsonAsync</span><span class="p">(</span><span class="n">problem</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Register it in <code>Program.cs</code> — before all other middleware:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">app</span><span class="p">.</span><span class="n">UseMiddleware</span><span class="p">&lt;</span><span class="n">ExceptionHandlingMiddleware</span><span class="p">&gt;();</span> </code></pre> </div> <p>The <code>correlationId</code> in the response is the key insight here: the client gets a reference they can provide to support, while you can look up the full exception in your logs. No information leakage, full observability.</p> <h3> Option 3: IExceptionHandler (ASP.NET Core 8+ — The Modern Approach) </h3> <p>If you're on .NET 8 or later, skip writing middleware from scratch. The <code>IExceptionHandler</code> interface is the clean, officially supported way to handle exceptions globally:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">GlobalExceptionHandler</span> <span class="p">:</span> <span class="n">IExceptionHandler</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">GlobalExceptionHandler</span><span class="p">&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">public</span> <span class="nf">GlobalExceptionHandler</span><span class="p">(</span><span class="n">ILogger</span><span class="p">&lt;</span><span class="n">GlobalExceptionHandler</span><span class="p">&gt;</span> <span class="n">logger</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span> <span class="p">=</span> <span class="n">logger</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span><span class="p">&lt;</span><span class="kt">bool</span><span class="p">&gt;</span> <span class="nf">TryHandleAsync</span><span class="p">(</span> <span class="n">HttpContext</span> <span class="n">httpContext</span><span class="p">,</span> <span class="n">Exception</span> <span class="n">exception</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">correlationId</span> <span class="p">=</span> <span class="n">httpContext</span><span class="p">.</span><span class="n">TraceIdentifier</span><span class="p">;</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="n">exception</span><span class="p">,</span> <span class="s">"Unhandled exception. CorrelationId: {CorrelationId}, Path: {Path}"</span><span class="p">,</span> <span class="n">correlationId</span><span class="p">,</span> <span class="n">httpContext</span><span class="p">.</span><span class="n">Request</span><span class="p">.</span><span class="n">Path</span><span class="p">);</span> <span class="kt">var</span> <span class="p">(</span><span class="n">statusCode</span><span class="p">,</span> <span class="n">title</span><span class="p">)</span> <span class="p">=</span> <span class="n">exception</span> <span class="k">switch</span> <span class="p">{</span> <span class="n">UnauthorizedAccessException</span> <span class="p">=&gt;</span> <span class="p">(</span><span class="m">401</span><span class="p">,</span> <span class="s">"Unauthorised."</span><span class="p">),</span> <span class="n">KeyNotFoundException</span> <span class="p">=&gt;</span> <span class="p">(</span><span class="m">404</span><span class="p">,</span> <span class="s">"Resource not found."</span><span class="p">),</span> <span class="n">ArgumentException</span> <span class="p">=&gt;</span> <span class="p">(</span><span class="m">400</span><span class="p">,</span> <span class="s">"Invalid request."</span><span class="p">),</span> <span class="n">_</span> <span class="p">=&gt;</span> <span class="p">(</span><span class="m">500</span><span class="p">,</span> <span class="s">"An unexpected error occurred."</span><span class="p">)</span> <span class="p">};</span> <span class="n">httpContext</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">StatusCode</span> <span class="p">=</span> <span class="n">statusCode</span><span class="p">;</span> <span class="kt">var</span> <span class="n">problem</span> <span class="p">=</span> <span class="k">new</span> <span class="n">ProblemDetails</span> <span class="p">{</span> <span class="n">Title</span> <span class="p">=</span> <span class="n">title</span><span class="p">,</span> <span class="n">Status</span> <span class="p">=</span> <span class="n">statusCode</span><span class="p">,</span> <span class="n">Extensions</span> <span class="p">=</span> <span class="p">{</span> <span class="p">[</span><span class="s">"traceId"</span><span class="p">]</span> <span class="p">=</span> <span class="n">correlationId</span> <span class="p">}</span> <span class="p">};</span> <span class="k">await</span> <span class="n">httpContext</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="nf">WriteAsJsonAsync</span><span class="p">(</span><span class="n">problem</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="c1">// Return true = exception is handled, pipeline stops here</span> <span class="c1">// Return false = pass to the next handler in the chain</span> <span class="k">return</span> <span class="k">true</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Register it in <code>Program.cs</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddExceptionHandler</span><span class="p">&lt;</span><span class="n">GlobalExceptionHandler</span><span class="p">&gt;();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddProblemDetails</span><span class="p">();</span> <span class="c1">// ...</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseExceptionHandler</span><span class="p">();</span> </code></pre> </div> <p>You can register <strong>multiple handlers</strong> in order — useful when you want different handlers for domain exceptions vs unexpected errors:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddExceptionHandler</span><span class="p">&lt;</span><span class="n">DomainExceptionHandler</span><span class="p">&gt;();</span> <span class="c1">// handles first</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddExceptionHandler</span><span class="p">&lt;</span><span class="n">GlobalExceptionHandler</span><span class="p">&gt;();</span> <span class="c1">// fallback</span> </code></pre> </div> <p>If a handler returns <code>false</code> from <code>TryHandleAsync</code>, the next registered handler gets a chance. This gives you a clean chain of responsibility without messy if/else trees in a single middleware class. For new projects on .NET 8+, this is the approach to use.</p> <h2> Problem Details: The Standard Way to Return Errors </h2> <p>ASP.NET Core 7+ has built-in support for RFC 7807 Problem Details. Use it instead of rolling your own error response format:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddProblemDetails</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">CustomizeProblemDetails</span> <span class="p">=</span> <span class="n">context</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="c1">// Add correlation ID to every problem response</span> <span class="n">context</span><span class="p">.</span><span class="n">ProblemDetails</span><span class="p">.</span><span class="n">Extensions</span><span class="p">[</span><span class="s">"traceId"</span><span class="p">]</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="n">HttpContext</span><span class="p">.</span><span class="n">TraceIdentifier</span><span class="p">;</span> <span class="c1">// Never include exception details in production</span> <span class="n">context</span><span class="p">.</span><span class="n">ProblemDetails</span><span class="p">.</span><span class="n">Extensions</span><span class="p">.</span><span class="nf">Remove</span><span class="p">(</span><span class="s">"exception"</span><span class="p">);</span> <span class="p">};</span> <span class="p">});</span> <span class="c1">// In Program.cs</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseExceptionHandler</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseStatusCodePages</span><span class="p">();</span> </code></pre> </div> <p>For custom domain exceptions, create specific Problem Details responses:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">OrderNotFoundException</span> <span class="p">:</span> <span class="n">Exception</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">OrderId</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="nf">OrderNotFoundException</span><span class="p">(</span><span class="kt">int</span> <span class="n">orderId</span><span class="p">)</span> <span class="p">:</span> <span class="k">base</span><span class="p">(</span><span class="s">$"Order </span><span class="p">{</span><span class="n">orderId</span><span class="p">}</span><span class="s"> was not found."</span><span class="p">)</span> <span class="p">{</span> <span class="n">OrderId</span> <span class="p">=</span> <span class="n">orderId</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// In your exception handler</span> <span class="k">if</span> <span class="p">(</span><span class="n">exception</span> <span class="k">is</span> <span class="n">OrderNotFoundException</span> <span class="n">notFound</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">TypedResults</span><span class="p">.</span><span class="nf">Problem</span><span class="p">(</span> <span class="n">title</span><span class="p">:</span> <span class="s">"Order not found."</span><span class="p">,</span> <span class="n">detail</span><span class="p">:</span> <span class="s">$"No order with ID </span><span class="p">{</span><span class="n">notFound</span><span class="p">.</span><span class="n">OrderId</span><span class="p">}</span><span class="s"> exists."</span><span class="p">,</span> <span class="c1">// Safe — no internal details</span> <span class="n">statusCode</span><span class="p">:</span> <span class="m">404</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> Logging Exceptions Safely </h2> <p>Fixing the response is half the job. The other half is making sure you're not accidentally logging sensitive data.</p> <h3> What NOT to Log </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Logs the full request body — may contain passwords, card numbers, PII</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="s">"Request failed: {Request}"</span><span class="p">,</span> <span class="n">JsonSerializer</span><span class="p">.</span><span class="nf">Serialize</span><span class="p">(</span><span class="n">request</span><span class="p">));</span> <span class="c1">// ❌ Logs the connection string from the exception message</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="s">"DB error: {Message}"</span><span class="p">,</span> <span class="n">exception</span><span class="p">.</span><span class="n">Message</span><span class="p">);</span> <span class="c1">// ❌ Logs authentication tokens</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span><span class="s">"User authenticated with token: {Token}"</span><span class="p">,</span> <span class="n">token</span><span class="p">);</span> <span class="c1">// ❌ String interpolation bypasses structured logging — if user.ToString()</span> <span class="c1">// accidentally includes a password hash or sensitive field, it leaks to your logs</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="s">$"Error processing user </span><span class="p">{</span><span class="n">user</span><span class="p">}</span><span class="s">"</span><span class="p">);</span> </code></pre> </div> <h3> What to Log Instead </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ✅ Log the exception object — structured logging handles it safely</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="n">exception</span><span class="p">,</span> <span class="s">"Order processing failed for OrderId: {OrderId}"</span><span class="p">,</span> <span class="n">orderId</span><span class="p">);</span> <span class="c1">// ✅ Always use message templates, never string interpolation</span> <span class="c1">// This logs the UserId value, not the entire object</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogWarning</span><span class="p">(</span><span class="s">"Authentication failed for UserId: {UserId}"</span><span class="p">,</span> <span class="n">user</span><span class="p">.</span><span class="n">Id</span><span class="p">);</span> <span class="c1">// ✅ Log that sensitive data was present, not its value</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span><span class="s">"Payment processed. CardLastFour: {Last4}"</span><span class="p">,</span> <span class="n">card</span><span class="p">.</span><span class="n">LastFour</span><span class="p">);</span> </code></pre> </div> <blockquote> <p><strong>Why string interpolation is dangerous in logs:</strong> When you write <code>_logger.LogError($"Error for {user}")</code>, the entire <code>user</code> object is serialised via <code>ToString()</code> before the logger ever sees it. If your model's <code>ToString()</code> override (or a default JSON serialiser) includes a password hash, an API key, or a session token, that value ends up in your log store in plain text. Structured logging with message templates (<code>{UserId}</code>) passes the value as a typed parameter — you control exactly what gets captured.</p> </blockquote> <h3> Filtering Sensitive Properties in Serilog </h3> <p>If you're using Serilog, use destructuring policies to automatically redact sensitive fields:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">Log</span><span class="p">.</span><span class="n">Logger</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">LoggerConfiguration</span><span class="p">()</span> <span class="p">.</span><span class="n">Destructure</span><span class="p">.</span><span class="n">ByTransforming</span><span class="p">&lt;</span><span class="n">LoginRequest</span><span class="p">&gt;(</span><span class="n">r</span> <span class="p">=&gt;</span> <span class="k">new</span> <span class="p">{</span> <span class="n">r</span><span class="p">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">Password</span> <span class="p">=</span> <span class="s">"***REDACTED***"</span> <span class="p">})</span> <span class="p">.</span><span class="n">WriteTo</span><span class="p">.</span><span class="nf">Console</span><span class="p">()</span> <span class="p">.</span><span class="nf">CreateLogger</span><span class="p">();</span> </code></pre> </div> <h2> Validating Input Before It Throws </h2> <p>Many exception-based information leaks start with unvalidated input. If you validate properly at the boundary, the dangerous exceptions never get thrown.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Throws SqlException with schema details if input is malicious</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">Order</span><span class="p">&gt;</span> <span class="nf">GetOrderAsync</span><span class="p">(</span><span class="kt">string</span> <span class="n">rawId</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">id</span> <span class="p">=</span> <span class="kt">int</span><span class="p">.</span><span class="nf">Parse</span><span class="p">(</span><span class="n">rawId</span><span class="p">);</span> <span class="c1">// throws FormatException with the raw input</span> <span class="k">return</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="n">Orders</span><span class="p">.</span><span class="nf">FindAsync</span><span class="p">(</span><span class="n">id</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// ✅ Validate at the boundary — exception never reaches the DB layer</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">GetOrder</span><span class="p">([</span><span class="n">FromRoute</span><span class="p">]</span> <span class="kt">int</span> <span class="n">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">id</span> <span class="p">&lt;=</span> <span class="m">0</span><span class="p">)</span> <span class="k">return</span> <span class="nf">BadRequest</span><span class="p">(</span><span class="k">new</span> <span class="p">{</span> <span class="n">error</span> <span class="p">=</span> <span class="s">"Invalid order ID."</span> <span class="p">});</span> <span class="kt">var</span> <span class="n">order</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_orderService</span><span class="p">.</span><span class="nf">GetOrderAsync</span><span class="p">(</span><span class="n">id</span><span class="p">);</span> <span class="k">return</span> <span class="n">order</span> <span class="k">is</span> <span class="k">null</span> <span class="p">?</span> <span class="nf">NotFound</span><span class="p">()</span> <span class="p">:</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">order</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>For complex validation, use FluentValidation and return structured errors without exposing internal rules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">CreateOrderValidator</span> <span class="p">:</span> <span class="n">AbstractValidator</span><span class="p">&lt;</span><span class="n">CreateOrderRequest</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">CreateOrderValidator</span><span class="p">()</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="n">ProductId</span><span class="p">)</span> <span class="p">.</span><span class="nf">GreaterThan</span><span class="p">(</span><span class="m">0</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Invalid product."</span><span class="p">);</span> <span class="c1">// Generic — doesn't reveal ID ranges</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="n">Quantity</span><span class="p">)</span> <span class="p">.</span><span class="nf">InclusiveBetween</span><span class="p">(</span><span class="m">1</span><span class="p">,</span> <span class="m">100</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Quantity must be between 1 and 100."</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Hiding Server and Technology Information </h2> <p>Beyond exceptions, ASP.NET Core leaks information through HTTP response headers by default. Remove them:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs — remove the Server header</span> <span class="n">builder</span><span class="p">.</span><span class="n">WebHost</span><span class="p">.</span><span class="nf">ConfigureKestrel</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">AddServerHeader</span> <span class="p">=</span> <span class="k">false</span><span class="p">;</span> <span class="p">});</span> </code></pre> </div> <p>Also remove the <code>X-Powered-By</code> header if you're behind IIS:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="c">&lt;!-- web.config --&gt;</span> <span class="nt">&lt;system.webServer&gt;</span> <span class="nt">&lt;httpProtocol&gt;</span> <span class="nt">&lt;customHeaders&gt;</span> <span class="nt">&lt;remove</span> <span class="na">name=</span><span class="s">"X-Powered-By"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/customHeaders&gt;</span> <span class="nt">&lt;/httpProtocol&gt;</span> <span class="nt">&lt;/system.webServer&gt;</span> </code></pre> </div> <p>And never expose the ASP.NET Core version in error responses. Verify this with your production error handler:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Reveals framework version</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">Headers</span><span class="p">[</span><span class="s">"X-AspNet-Version"</span><span class="p">]</span> <span class="p">=</span> <span class="n">Environment</span><span class="p">.</span><span class="n">Version</span><span class="p">.</span><span class="nf">ToString</span><span class="p">();</span> <span class="c1">// ✅ Remove it entirely</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">Headers</span><span class="p">.</span><span class="nf">Remove</span><span class="p">(</span><span class="s">"X-AspNet-Version"</span><span class="p">);</span> </code></pre> </div> <h2> Environment-Specific Configuration </h2> <p>The most common mistake is accidentally deploying with <code>ASPNETCORE_ENVIRONMENT=Development</code> in production. This enables the developer exception page, which shows full stack traces.</p> <p>Lock this down explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs — explicit check, not implicit trust</span> <span class="k">if</span> <span class="p">(!</span><span class="n">app</span><span class="p">.</span><span class="n">Environment</span><span class="p">.</span><span class="nf">IsProduction</span><span class="p">())</span> <span class="p">{</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseDeveloperExceptionPage</span><span class="p">();</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseExceptionHandler</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseHsts</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>And verify it in your CI/CD pipeline. In GitHub Actions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Verify production environment</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">if [ "$ASPNETCORE_ENVIRONMENT" = "Development" ]; then</span> <span class="s">echo "ERROR: Cannot deploy with Development environment"</span> <span class="s">exit 1</span> <span class="s">fi</span> <span class="na">env</span><span class="pi">:</span> <span class="na">ASPNETCORE_ENVIRONMENT</span><span class="pi">:</span> <span class="s">${{ vars.ASPNETCORE_ENVIRONMENT }}</span> </code></pre> </div> <h2> Common Errors and How to Avoid Them </h2> <p><strong>Showing stack traces in production</strong><br> This is the most critical issue. Always configure <code>UseExceptionHandler</code> or custom middleware for production. Use <code>IHostEnvironment.IsProduction()</code> — never rely on <code>#if DEBUG</code> for security decisions.</p> <p><strong>Returning exception messages directly to clients</strong><br> Never do <code>return BadRequest(exception.Message)</code>. Exception messages are written for developers, not clients. They frequently contain internal paths, SQL fragments, or configuration values. Always return a message you explicitly wrote.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌</span> <span class="k">return</span> <span class="nf">BadRequest</span><span class="p">(</span><span class="n">ex</span><span class="p">.</span><span class="n">Message</span><span class="p">);</span> <span class="c1">// ✅</span> <span class="k">return</span> <span class="nf">BadRequest</span><span class="p">(</span><span class="s">"The request could not be processed. Please check your input."</span><span class="p">);</span> </code></pre> </div> <p><strong>Catching and swallowing exceptions silently</strong><br> Hiding exceptions without logging them destroys your ability to debug production issues.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Exception disappears — you'll never know this happened</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">ProcessOrderAsync</span><span class="p">(</span><span class="n">order</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span><span class="p">)</span> <span class="p">{</span> <span class="p">}</span> <span class="c1">// ✅ Log it, then decide how to respond</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">ProcessOrderAsync</span><span class="p">(</span><span class="n">order</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="n">ex</span><span class="p">,</span> <span class="s">"Failed to process order {OrderId}"</span><span class="p">,</span> <span class="n">order</span><span class="p">.</span><span class="n">Id</span><span class="p">);</span> <span class="k">throw</span><span class="p">;</span> <span class="c1">// or return a safe error response</span> <span class="p">}</span> </code></pre> </div> <p><strong>Leaking internal IDs in error messages</strong><br> Avoid returning internal identifiers (auto-increment IDs, GUIDs from internal systems) in error messages. They help attackers enumerate resources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Confirms the resource exists and reveals the internal ID format</span> <span class="k">return</span> <span class="nf">NotFound</span><span class="p">(</span><span class="s">$"Order with ID </span><span class="p">{</span><span class="n">id</span><span class="p">}</span><span class="s"> not found in database."</span><span class="p">);</span> <span class="c1">// ✅ Generic — reveals nothing</span> <span class="k">return</span> <span class="nf">NotFound</span><span class="p">();</span> </code></pre> </div> <p><strong>Using <code>Environment.StackTrace</code> in responses or logs</strong><br> Developers sometimes manually include <code>Environment.StackTrace</code> in log messages or error responses when debugging a tricky issue — and forget to remove it. This is just as dangerous as an unhandled exception reaching the client: it exposes the full call stack, file paths, and line numbers.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Never include Environment.StackTrace in HTTP responses</span> <span class="k">return</span> <span class="nf">StatusCode</span><span class="p">(</span><span class="m">500</span><span class="p">,</span> <span class="k">new</span> <span class="p">{</span> <span class="n">error</span> <span class="p">=</span> <span class="s">"Something went wrong"</span><span class="p">,</span> <span class="n">stack</span> <span class="p">=</span> <span class="n">Environment</span><span class="p">.</span><span class="n">StackTrace</span> <span class="c1">// Full stack trace sent to the client</span> <span class="p">});</span> <span class="c1">// ❌ Logging it is safer but still leaks internal structure to your log store</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="s">"Error occurred. Stack: {Stack}"</span><span class="p">,</span> <span class="n">Environment</span><span class="p">.</span><span class="n">StackTrace</span><span class="p">);</span> <span class="c1">// ✅ Log the exception object instead — it includes the stack trace</span> <span class="c1">// in a structured way, scoped to the actual exception that was thrown</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="n">exception</span><span class="p">,</span> <span class="s">"Unhandled error processing order {OrderId}"</span><span class="p">,</span> <span class="n">orderId</span><span class="p">);</span> </code></pre> </div> <p>The exception object passed to <code>_logger.LogError(exception, ...)</code> captures the stack trace as a structured field in your log store. You get full context without manually concatenating strings — and it never accidentally ends up in an HTTP response.</p> <p><strong>Different error responses for valid vs invalid users</strong><br> If your API returns different error messages for "user not found" vs "wrong password", attackers can enumerate valid usernames. Use identical responses:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Reveals whether the email exists</span> <span class="k">if</span> <span class="p">(</span><span class="n">user</span> <span class="k">is</span> <span class="k">null</span><span class="p">)</span> <span class="k">return</span> <span class="nf">Unauthorized</span><span class="p">(</span><span class="s">"Email address not registered."</span><span class="p">);</span> <span class="k">if</span> <span class="p">(!</span><span class="nf">VerifyPassword</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">request</span><span class="p">.</span><span class="n">Password</span><span class="p">))</span> <span class="k">return</span> <span class="nf">Unauthorized</span><span class="p">(</span><span class="s">"Incorrect password."</span><span class="p">);</span> <span class="c1">// ✅ Same message either way</span> <span class="k">if</span> <span class="p">(</span><span class="n">user</span> <span class="k">is</span> <span class="k">null</span> <span class="p">||</span> <span class="p">!</span><span class="nf">VerifyPassword</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">request</span><span class="p">.</span><span class="n">Password</span><span class="p">))</span> <span class="k">return</span> <span class="nf">Unauthorized</span><span class="p">(</span><span class="s">"Invalid credentials."</span><span class="p">);</span> </code></pre> </div> <blockquote> <p><strong>Don't forget timing attacks.</strong> Identical messages aren't enough on their own. If validating a non-existent user takes 2ms (a quick null check) and validating a wrong password takes 200ms (a bcrypt hash comparison), an attacker can still enumerate valid emails by measuring response times — even without reading the message body. Use a constant-time dummy verification to equalise the response time regardless of whether the user exists:</p> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">user</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="n">Users</span><span class="p">.</span><span class="nf">FirstOrDefaultAsync</span><span class="p">(</span><span class="n">u</span> <span class="p">=&gt;</span> <span class="n">u</span><span class="p">.</span><span class="n">Email</span> <span class="p">==</span> <span class="n">request</span><span class="p">.</span><span class="n">Email</span><span class="p">);</span> <span class="c1">// Always run the hash comparison — even for non-existent users</span> <span class="c1">// This ensures the response time is the same whether the user exists or not</span> <span class="kt">var</span> <span class="n">passwordValid</span> <span class="p">=</span> <span class="n">user</span> <span class="k">is</span> <span class="k">not</span> <span class="k">null</span> <span class="p">?</span> <span class="nf">VerifyPassword</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">PasswordHash</span><span class="p">,</span> <span class="n">request</span><span class="p">.</span><span class="n">Password</span><span class="p">)</span> <span class="p">:</span> <span class="n">BCrypt</span><span class="p">.</span><span class="nf">Verify</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">Password</span><span class="p">,</span> <span class="n">_dummyHash</span><span class="p">);</span> <span class="c1">// constant-time dummy check</span> <span class="k">if</span> <span class="p">(</span><span class="n">user</span> <span class="k">is</span> <span class="k">null</span> <span class="p">||</span> <span class="p">!</span><span class="n">passwordValid</span><span class="p">)</span> <span class="k">return</span> <span class="nf">Unauthorized</span><span class="p">(</span><span class="s">"Invalid credentials."</span><span class="p">);</span> </code></pre> <p>This is a more advanced technique, but it closes the gap between "secure messages" and "truly secure authentication."</p> </blockquote> <h2> Best Practices </h2> <ul> <li> <strong>Never expose stack traces in production.</strong> Configure <code>UseExceptionHandler</code> before deploying — it's off by default in non-Development environments only if you set it up.</li> <li> <strong>Return Problem Details (RFC 7807)</strong> for all error responses. It's a standard format that clients can handle generically.</li> <li> <strong>Always include a correlation/trace ID</strong> in error responses. It lets clients report errors to support without exposing internal details.</li> <li> <strong>Log the full exception internally</strong> — never sacrifice observability for security. The goal is to hide details from clients, not from your own monitoring.</li> <li> <strong>Validate all input at the boundary.</strong> Most information leaks start with unvalidated data reaching layers that weren't designed to handle it.</li> <li> <strong>Use identical error messages</strong> for authentication failures to prevent username enumeration.</li> <li> <strong>Remove server headers</strong> (<code>Server</code>, <code>X-Powered-By</code>, <code>X-AspNet-Version</code>) from all responses.</li> <li> <strong>Audit your error responses in staging</strong> before every release. Run your API against a tool like OWASP ZAP and check what error details leak.</li> </ul> <h2> Conclusion </h2> <p>Exceptions are not just a reliability concern — they're a security boundary. Every unhandled exception that reaches a client is a potential information disclosure vulnerability. Stack traces, database schemas, internal paths, and connection strings all become attacker intelligence when they leak through error responses.</p> <p>The fixes are straightforward: global exception middleware, Problem Details responses, structured logging with redaction, and environment-specific configuration. None of this requires a security specialist — it's standard ASP.NET Core development practice that every team should have in place before going to production.</p> <p>The goal is simple: your logs should have everything, your clients should have nothing they didn't need to know.</p> dotnet csharp security programming Adrián Bailador Sun, 15 Mar 2026 19:46:53 +0000 https://forem.com/adrianbailador/github-actions-for-net-build-test-and-deploy-your-api-18mk https://forem.com/adrianbailador/github-actions-for-net-build-test-and-deploy-your-api-18mk <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1j830rufj94zmcmy7fi9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1j830rufj94zmcmy7fi9.png" alt=" "></a></p> <p>A complete guide to CI/CD for .NET developers — automated builds, test runs, Docker images, and deployments to Azure using GitHub Actions from scratch.</p> <h2> Introduction: Why CI/CD Is Not Optional </h2> <p>Every time you push code manually, run tests by hand, or deploy by copying files to a server, you're introducing risk. Human steps fail. They get skipped under pressure. They're not reproducible.</p> <p>CI/CD (Continuous Integration / Continuous Deployment) solves this by automating the entire path from a git push to a running application. Every commit is built. Every build is tested. Every successful build on main can be deployed automatically.</p> <p>GitHub Actions is the most natural CI/CD tool for .NET developers on GitHub. It's free for public repositories, deeply integrated with the GitHub ecosystem, and has a growing marketplace of pre-built actions. You write workflows in YAML, they run on Microsoft-hosted runners with .NET pre-installed, and you pay nothing for most use cases.</p> <p>In this article I'll walk you through building a complete pipeline: automated builds, test runs with coverage, Docker image creation, NuGet caching, and deployment to Azure App Service.</p> <h2> GitHub Actions Core Concepts </h2> <p>Before writing any YAML, understand the four building blocks:</p> <p><strong>Workflow</strong> — a YAML file in <code>.github/workflows/</code> that defines your automation. You can have multiple workflows per repository.</p> <p><strong>Event</strong> — what triggers the workflow. A push, a pull request, a schedule, or a manual trigger.</p> <p><strong>Job</strong> — a unit of work that runs on a runner (a virtual machine). Jobs run in parallel by default; you can make them sequential with <code>needs</code>.</p> <p><strong>Step</strong> — a single command or action within a job. Steps run sequentially within a job.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Workflow └── Job A (runs on ubuntu-latest) ├── Step 1: Checkout code ├── Step 2: Setup .NET ├── Step 3: Restore packages ├── Step 4: Build └── Step 5: Test └── Job B (runs after Job A) ├── Step 1: Build Docker image └── Step 2: Deploy to Azure </code></pre> </div> <h2> Your First .NET Workflow: Build + Test on Every Push </h2> <p>Create <code>.github/workflows/ci.yml</code> in your repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">CI</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">main</span><span class="pi">,</span> <span class="nv">develop</span> <span class="pi">]</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">main</span> <span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build-and-test</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup .NET</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-dotnet@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">dotnet-version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">8.0.x'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Restore dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet restore</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet build --no-restore --configuration Release</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet test --no-build --configuration Release --verbosity normal</span> </code></pre> </div> <p>This workflow runs on every push to <code>main</code> or <code>develop</code>, and on every pull request targeting <code>main</code>. It checks out your code, sets up .NET 8, restores NuGet packages, builds in Release mode, and runs all tests.</p> <p>Push this file to your repository and you'll see it appear under the <strong>Actions</strong> tab immediately.</p> <h2> Caching NuGet Packages for Faster Builds </h2> <p>By default, NuGet packages are downloaded fresh on every run. For a project with many dependencies, this adds 30–90 seconds per build. Caching fixes this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup .NET</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-dotnet@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">dotnet-version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">8.0.x'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Cache NuGet packages</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/cache@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">~/.nuget/packages</span> <span class="na">key</span><span class="pi">:</span> <span class="s">${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}</span> <span class="na">restore-keys</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">${{ runner.os }}-nuget-</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Restore dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet restore</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet build --no-restore --configuration Release</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet test --no-build --configuration Release</span> </code></pre> </div> <p>The cache key is based on the hash of all <code>.csproj</code> files. When you add or update a package, the hash changes, the cache misses, and packages are downloaded fresh. Otherwise, the cached packages are used immediately.</p> <h2> Running Tests and Publishing Coverage Reports </h2> <p>Knowing tests pass is good. Knowing coverage isn't dropping is better. Add coverage reporting with Coverlet:</p> <p>First, add the package to your test project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package coverlet.collector </code></pre> </div> <p>Then update your test step:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test with coverage</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">dotnet test --no-build --configuration Release \</span> <span class="s">--collect:"XPlat Code Coverage" \</span> <span class="s">--results-directory ./coverage</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Upload coverage report</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/upload-artifact@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">coverage-report</span> <span class="na">path</span><span class="pi">:</span> <span class="s">./coverage</span> </code></pre> </div> <p>For a richer experience, use Codecov or the built-in GitHub summary:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test with coverage summary</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">dotnet test --no-build --configuration Release \</span> <span class="s">--logger "trx;LogFileName=test-results.trx" \</span> <span class="s">--collect:"XPlat Code Coverage"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Publish test results</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">dorny/test-reporter@v1</span> <span class="na">if</span><span class="pi">:</span> <span class="s">always()</span> <span class="na">with</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">.NET Test Results</span> <span class="na">path</span><span class="pi">:</span> <span class="s1">'</span><span class="s">**/*.trx'</span> <span class="na">reporter</span><span class="pi">:</span> <span class="s">dotnet-trx</span> </code></pre> </div> <p>The <code>if: always()</code> ensures test results are published even when tests fail — so you can see which tests broke.</p> <h2> Matrix Builds: Testing on Multiple .NET Versions </h2> <p>If your library or API needs to support multiple .NET versions, matrix builds test all of them in parallel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">jobs</span><span class="pi">:</span> <span class="na">build-and-test</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">dotnet-version</span><span class="pi">:</span> <span class="pi">[</span> <span class="s1">'</span><span class="s">8.0.x'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">9.0.x'</span> <span class="pi">]</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup .NET ${{ matrix.dotnet-version }}</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-dotnet@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">dotnet-version</span><span class="pi">:</span> <span class="s">${{ matrix.dotnet-version }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Restore, Build, Test</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">dotnet restore</span> <span class="s">dotnet build --no-restore --configuration Release</span> <span class="s">dotnet test --no-build --configuration Release</span> </code></pre> </div> <p>This runs two parallel jobs — one for .NET 8, one for .NET 9 — and reports results for each independently.</p> <h2> Building and Pushing a Docker Image </h2> <p>Once tests pass, build a Docker image and push it to a container registry. First, make sure you have a <code>Dockerfile</code> in your project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">mcr.microsoft.com/dotnet/aspnet:8.0</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">base</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">EXPOSE</span><span class="s"> 8080</span> <span class="k">FROM</span><span class="w"> </span><span class="s">mcr.microsoft.com/dotnet/sdk:8.0</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">build</span> <span class="k">WORKDIR</span><span class="s"> /src</span> <span class="k">COPY</span><span class="s"> ["MyApi/MyApi.csproj", "MyApi/"]</span> <span class="k">RUN </span>dotnet restore <span class="s2">"MyApi/MyApi.csproj"</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">WORKDIR</span><span class="s"> "/src/MyApi"</span> <span class="k">RUN </span>dotnet build <span class="nt">--configuration</span> Release <span class="nt">--output</span> /app/build <span class="k">FROM</span><span class="w"> </span><span class="s">build</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">publish</span> <span class="k">RUN </span>dotnet publish <span class="nt">--configuration</span> Release <span class="nt">--output</span> /app/publish /p:UseAppHost<span class="o">=</span><span class="nb">false</span> <span class="k">FROM</span><span class="w"> </span><span class="s">base</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">final</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> --from=publish /app/publish .</span> <span class="k">ENTRYPOINT</span><span class="s"> ["dotnet", "MyApi.dll"]</span> </code></pre> </div> <p>Now add a Docker job to your workflow that runs after the tests pass:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">docker</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">build-and-test</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.ref == 'refs/heads/main'</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Log in to Docker Hub</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/login-action@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKER_USERNAME }}</span> <span class="na">password</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKER_PASSWORD }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and push Docker image</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/build-push-action@v5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">.</span> <span class="na">push</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">tags</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">yourusername/myapi:latest</span> <span class="s">yourusername/myapi:${{ github.sha }}</span> </code></pre> </div> <p>The <code>needs: build-and-test</code> ensures Docker only runs if tests pass. The <code>if: github.ref == 'refs/heads/main'</code> ensures we only push images from the main branch, not from every feature branch.</p> <p>Add your Docker Hub credentials as <strong>repository secrets</strong> under Settings → Secrets and variables → Actions.</p> <h2> Deploying to Azure App Service </h2> <p>For deploying to Azure App Service, use the official Azure action. You'll need an Azure publish profile stored as a secret:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">docker</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.ref == 'refs/heads/main'</span> <span class="na">environment</span><span class="pi">:</span> <span class="s">production</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to Azure App Service</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">azure/webapps-deploy@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">app-name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">my-dotnet-api'</span> <span class="na">publish-profile</span><span class="pi">:</span> <span class="s">${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}</span> <span class="na">images</span><span class="pi">:</span> <span class="s1">'</span><span class="s">yourusername/myapi:${{</span><span class="nv"> </span><span class="s">github.sha</span><span class="nv"> </span><span class="s">}}'</span> </code></pre> </div> <p>The <code>environment: production</code> adds a manual approval gate — someone must approve the deployment in the GitHub UI before it proceeds. Essential for production deployments.</p> <p>To get the publish profile, go to your App Service in the Azure Portal → <strong>Get Publish Profile</strong> → download the file → paste the contents into a GitHub secret named <code>AZURE_WEBAPP_PUBLISH_PROFILE</code>.</p> <h2> Using Secrets and Environment Variables Safely </h2> <p>Never hardcode connection strings, API keys, or credentials in your workflow files. Use GitHub secrets for sensitive values and environment variables for non-sensitive configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run integration tests</span> <span class="na">env</span><span class="pi">:</span> <span class="c1"># Non-sensitive — fine in the workflow file</span> <span class="na">ASPNETCORE_ENVIRONMENT</span><span class="pi">:</span> <span class="s">Testing</span> <span class="c1"># Sensitive — always use secrets</span> <span class="na">ConnectionStrings__DefaultConnection</span><span class="pi">:</span> <span class="s">${{ secrets.TEST_DB_CONNECTION }}</span> <span class="na">ExternalApi__ApiKey</span><span class="pi">:</span> <span class="s">${{ secrets.EXTERNAL_API_KEY }}</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet test --filter Category=Integration</span> </code></pre> </div> <p>For environment-specific configuration across multiple jobs, use workflow-level environment variables:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">env</span><span class="pi">:</span> <span class="na">DOTNET_VERSION</span><span class="pi">:</span> <span class="s1">'</span><span class="s">8.0.x'</span> <span class="na">BUILD_CONFIGURATION</span><span class="pi">:</span> <span class="s">Release</span> <span class="na">AZURE_APP_NAME</span><span class="pi">:</span> <span class="s1">'</span><span class="s">my-dotnet-api'</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build-and-test</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup .NET</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-dotnet@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">dotnet-version</span><span class="pi">:</span> <span class="s">${{ env.DOTNET_VERSION }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet build --configuration ${{ env.BUILD_CONFIGURATION }}</span> </code></pre> </div> <h2> Complete Pipeline: Putting It All Together </h2> <p>Here's the full production-ready workflow combining everything above:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">CI/CD Pipeline</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">main</span><span class="pi">,</span> <span class="nv">develop</span> <span class="pi">]</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">main</span> <span class="pi">]</span> <span class="na">env</span><span class="pi">:</span> <span class="na">DOTNET_VERSION</span><span class="pi">:</span> <span class="s1">'</span><span class="s">8.0.x'</span> <span class="na">BUILD_CONFIGURATION</span><span class="pi">:</span> <span class="s">Release</span> <span class="na">DOCKER_IMAGE</span><span class="pi">:</span> <span class="s">yourusername/myapi</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build-and-test</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup .NET</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-dotnet@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">dotnet-version</span><span class="pi">:</span> <span class="s">${{ env.DOTNET_VERSION }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Cache NuGet packages</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/cache@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">~/.nuget/packages</span> <span class="na">key</span><span class="pi">:</span> <span class="s">${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}</span> <span class="na">restore-keys</span><span class="pi">:</span> <span class="s">${{ runner.os }}-nuget-</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Restore</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet restore</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet build --no-restore --configuration ${{ env.BUILD_CONFIGURATION }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">dotnet test --no-build \</span> <span class="s">--configuration ${{ env.BUILD_CONFIGURATION }} \</span> <span class="s">--collect:"XPlat Code Coverage" \</span> <span class="s">--logger "trx;LogFileName=test-results.trx"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Upload test results</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/upload-artifact@v4</span> <span class="na">if</span><span class="pi">:</span> <span class="s">always()</span> <span class="na">with</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">test-results</span> <span class="na">path</span><span class="pi">:</span> <span class="s1">'</span><span class="s">**/*.trx'</span> <span class="na">docker</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">build-and-test</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.ref == 'refs/heads/main'</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Login to Docker Hub</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/login-action@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKER_USERNAME }}</span> <span class="na">password</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKER_PASSWORD }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and push</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/build-push-action@v5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">.</span> <span class="na">push</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">tags</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">${{ env.DOCKER_IMAGE }}:latest</span> <span class="s">${{ env.DOCKER_IMAGE }}:${{ github.sha }}</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">docker</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.ref == 'refs/heads/main'</span> <span class="na">environment</span><span class="pi">:</span> <span class="s">production</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to Azure App Service</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">azure/webapps-deploy@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">app-name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">my-dotnet-api'</span> <span class="na">publish-profile</span><span class="pi">:</span> <span class="s">${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}</span> <span class="na">images</span><span class="pi">:</span> <span class="s1">'</span><span class="s">${{</span><span class="nv"> </span><span class="s">env.DOCKER_IMAGE</span><span class="nv"> </span><span class="s">}}:${{</span><span class="nv"> </span><span class="s">github.sha</span><span class="nv"> </span><span class="s">}}'</span> </code></pre> </div> <p>This gives you three jobs in sequence: build and test → build Docker image → deploy to Azure, with manual approval on the final step.</p> <h2> Common Errors and How to Avoid Them </h2> <p><strong><code>Error: Process completed with exit code 1</code> on dotnet test</strong><br> This usually means a test failed, not a configuration problem. Check the test output in the Actions log. If tests pass locally but fail in CI, the most common cause is a missing environment variable or a test that depends on local state (file system, local database). Use <code>--verbosity normal</code> to see detailed output.</p> <p><strong>Docker build fails with <code>COPY failed: file not found</code></strong><br> The Docker build context in GitHub Actions is the repository root by default. If your <code>Dockerfile</code> references files with relative paths, make sure those paths are relative to the root, not to the Dockerfile's location. Set <code>context: .</code> explicitly in the <code>docker/build-push-action</code> step.</p> <p><strong>Secrets not available in pull requests from forks</strong><br> For security, GitHub doesn't expose secrets to workflows triggered by pull requests from forks. This is intentional. Run integration tests that need secrets only on <code>push</code> events, not on <code>pull_request</code> from external contributors.</p> <p><strong>NuGet cache never hits</strong><br> If the cache key changes on every run, check whether any <code>.csproj</code> file is being modified during the build (e.g. by a code generator). Use <code>restore-keys</code> as a fallback to get a partial cache hit even when the primary key misses.</p> <p><strong>Deployment runs even when tests fail</strong><br> Always use <code>needs: build-and-test</code> on your deployment job. Without it, jobs run in parallel and a failing test won't stop a deployment. Add <code>if: success()</code> for extra safety.</p> <p><strong><code>azure/webapps-deploy</code> fails with 403</strong><br> The publish profile may be expired or from the wrong slot. Re-download it from the Azure Portal and update the secret. Also verify the <code>app-name</code> matches exactly — it's case-sensitive.</p> <h2> Best Practices </h2> <ul> <li> <strong>Never skip tests in CI.</strong> If tests are slow, fix the tests — don't disable them.</li> <li> <strong>Pin action versions with a full SHA</strong> for security-critical workflows. <code>actions/checkout@v4</code> is convenient; <code>actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683</code> is safer.</li> <li> <strong>Use environments with required reviewers</strong> for production deployments. A manual approval gate prevents accidents.</li> <li> <strong>Tag Docker images with the git SHA</strong>, not just <code>latest</code>. <code>latest</code> is a moving target that makes rollbacks painful.</li> <li> <strong>Keep secrets minimal.</strong> Each secret should have the minimum permissions needed. Rotate them regularly.</li> <li> <strong>Add a status badge to your README.</strong> It signals professionalism and shows the current build status at a glance.</li> <li> <strong>Use concurrency groups</strong> to cancel in-progress runs when a new push arrives on the same branch: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">concurrency</span><span class="pi">:</span> <span class="na">group</span><span class="pi">:</span> <span class="s">${{ github.workflow }}-${{ github.ref }}</span> <span class="na">cancel-in-progress</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h2> Conclusion </h2> <p>A CI/CD pipeline is one of the highest-ROI investments you can make in a .NET project. The first time it catches a broken build before it reaches production, or saves you from a failed manual deployment at 6pm on a Friday, it pays for itself.</p> <p>The workflow in this article gives you everything you need for a real project: fast builds with NuGet caching, test results with coverage, Docker images tagged by commit SHA, and a deployment to Azure with a manual approval gate.</p> <p>Start with just the build and test job. Add Docker and deployment once that's stable. Complexity can always be added later — the habit of always having CI running is what matters from day one.</p> <p>In the next article in this series, we'll look at deploying .NET applications to Azure in depth — App Service, Container Apps, managed identity, and Application Insights for production monitoring.</p> dotnet csharp devops azure Adrián Bailador Sun, 08 Mar 2026 19:50:41 +0000 https://forem.com/adrianbailador/just-shipped-major-updates-to-the-coffee-timer-3n6d https://forem.com/adrianbailador/just-shipped-major-updates-to-the-coffee-timer-3n6d <p>New features that make focusing on deep work actually enjoyable:</p> <p>📋 Task Integration<br> Connect your pomodoros to actual tasks. See what you're working on, track progress, and get that dopamine hit when tasks are completed.</p> <p>⚡ Real-Time Sync<br> Using Supabase Realtime. Add a task on your phone? It's instantly on your desktop. No refresh needed.</p> <p>🔥 Smart Streaks<br> The app tracks your daily goals and longest streaks. Gamification that actually works.</p> <p>🤖 AI Daily Summaries (Premium)<br> End-of-day summaries powered by Claude AI. What you achieved, patterns spotted, recommendations for tomorrow.</p> <p>🎨 Beautiful UX<br> Dark mode, ambient sounds, smooth animations. Because productivity tools shouldn't be ugly.</p> <p>Built with: React + TypeScript | .NET 8 | Supabase | Stripe | Claude AI</p> <p>🔗 Try it: <a href="https://thecoffeetimer.com/" rel="noopener noreferrer">https://thecoffeetimer.com/</a></p> <p>What features would make YOUR perfect productivity timer? 👇</p> dotnet ai programming react Adrián Bailador Sat, 07 Mar 2026 10:59:44 +0000 https://forem.com/adrianbailador/messaging-in-net-queues-topics-and-why-you-need-them-50lf https://forem.com/adrianbailador/messaging-in-net-queues-topics-and-why-you-need-them-50lf <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9s6hsf52yk63hvs2py8t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9s6hsf52yk63hvs2py8t.png" alt=" " width="800" height="530"></a></p> <p>An introduction to asynchronous messaging in .NET — what queues and topics are, how delivery semantics work, and which broker to choose for your next project.</p> <h2> Introduction: The Problem with Direct API Calls </h2> <p>Imagine you have an e-commerce application. When a customer places an order, your API needs to:</p> <ol> <li>Save the order to the database</li> <li>Send a confirmation email</li> <li>Notify the warehouse system</li> <li>Update the inventory</li> <li>Trigger a loyalty points calculation</li> </ol> <p>The naive approach is to do all of this synchronously in a single HTTP request. Your controller calls five different services, waits for each one to respond, and then returns a 200 OK to the user.</p> <p>This works — until it doesn't.</p> <p>What happens when the email service is slow? The user waits. What happens when the warehouse system is down? The entire order fails. What happens under heavy traffic? Your API becomes a bottleneck, holding connections open while it waits for downstream services to respond.</p> <p>This is the problem that messaging solves. Instead of calling downstream services directly, you publish a message to a broker. The broker stores it. The downstream services consume it when they're ready. Your API returns immediately. The customer gets a fast response. Everything else happens in the background, reliably, even if individual services are temporarily unavailable.</p> <p>In this article, I'll cover the core concepts you need before diving into any specific broker — queues, topics, delivery semantics, and the key patterns that make distributed messaging reliable.</p> <h2> Synchronous vs Asynchronous Communication </h2> <p>Before queues and topics, it's worth being precise about what we mean by synchronous and asynchronous.</p> <p><strong>Synchronous communication</strong> means the caller waits for a response. HTTP REST calls are synchronous. Your API calls the inventory service and blocks until it gets a reply. The caller and the receiver are temporally coupled — they must both be available at the same moment.</p> <p><strong>Asynchronous communication</strong> means the caller sends a message and moves on. The receiver processes it independently, at its own pace, potentially much later. The caller and receiver are decoupled in time — the receiver doesn't even need to be running when the message is sent.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// Synchronous — tight coupling var result = await _inventoryService.UpdateStockAsync(productId, quantity); // If inventory service is down, this throws. Order fails. // Asynchronous — loose coupling await _messageBus.PublishAsync(new StockUpdateRequested(productId, quantity)); // Message is stored. Even if inventory service is down, it processes when it recovers. </code></pre> </div> <p>Asynchronous messaging doesn't replace synchronous communication — it complements it. Use HTTP when you need an immediate response. Use messaging when you need reliability, scalability, or decoupling.</p> <h2> Queues vs Topics: What's the Difference? </h2> <p>These two concepts are the foundation of every messaging system, and they're frequently confused.</p> <h3> Queues — One Producer, One Consumer </h3> <p>A queue is a first-in, first-out data structure. A producer sends a message to the queue. One consumer picks it up and processes it. Once processed, the message is gone.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Producer → [Queue] → Consumer A </code></pre> </div> <p>This is a <strong>point-to-point</strong> pattern. If you have multiple consumers reading from the same queue, each message goes to exactly one of them (competing consumers). This is ideal for work distribution — multiple workers processing jobs in parallel without duplicating the work.</p> <p><strong>Use queues when:</strong></p> <ul> <li>You need to distribute work across multiple workers</li> <li>Each message should be processed exactly once</li> <li>You're building task queues, job runners, or command handlers</li> </ul> <h3> Topics — One Producer, Many Consumers </h3> <p>A topic (sometimes called an exchange or a pub/sub channel) allows one producer to send a message that gets delivered to multiple independent consumers simultaneously. Each consumer gets its own copy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Producer → [Topic] → Consumer A (sends email) → Consumer B (updates warehouse) → Consumer C (calculates points) </code></pre> </div> <p>This is the <strong>publish/subscribe</strong> (pub/sub) pattern. When an <code>OrderPlaced</code> event is published, every service that cares about orders receives it independently. The order service doesn't know or care who's listening.</p> <p><strong>Use topics when:</strong></p> <ul> <li>Multiple independent services need to react to the same event</li> <li>You want to add new subscribers without modifying the producer</li> <li>You're building an event-driven architecture</li> </ul> <h3> The Practical Difference in Code </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Queue: send a command to be processed once</span> <span class="k">await</span> <span class="n">bus</span><span class="p">.</span><span class="nf">Send</span><span class="p">(</span><span class="k">new</span> <span class="n">ProcessPaymentCommand</span> <span class="p">{</span> <span class="n">OrderId</span> <span class="p">=</span> <span class="n">orderId</span><span class="p">,</span> <span class="n">Amount</span> <span class="p">=</span> <span class="n">total</span> <span class="p">});</span> <span class="c1">// Topic: publish an event that multiple services can react to</span> <span class="k">await</span> <span class="n">bus</span><span class="p">.</span><span class="nf">Publish</span><span class="p">(</span><span class="k">new</span> <span class="n">OrderPlacedEvent</span> <span class="p">{</span> <span class="n">OrderId</span> <span class="p">=</span> <span class="n">orderId</span><span class="p">,</span> <span class="n">CustomerId</span> <span class="p">=</span> <span class="n">customerId</span><span class="p">,</span> <span class="n">TotalAmount</span> <span class="p">=</span> <span class="n">total</span><span class="p">,</span> <span class="n">PlacedAt</span> <span class="p">=</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span> <span class="p">});</span> </code></pre> </div> <p>The naming convention reveals the intent: commands are sent (to a specific queue), events are published (to anyone who's interested).</p> <h2> Delivery Semantics: At Most Once, At Least Once, Exactly Once </h2> <p>This is where things get interesting — and where many developers make mistakes that lead to data corruption or silent data loss.</p> <h3> At Most Once </h3> <p>The broker delivers the message once and doesn't retry if something goes wrong. The message may be lost if the consumer crashes mid-processing. No duplicates, but possible data loss.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Broker → Consumer (crashes mid-process) Message is lost. No retry. </code></pre> </div> <p><strong>When to use it:</strong> Metrics, analytics, log events — data where occasional loss is acceptable.</p> <h3> At Least Once </h3> <p>The broker keeps the message until the consumer explicitly acknowledges (acks) it. If the consumer crashes before acking, the broker redelivers. This guarantees no data loss, but the same message may be delivered more than once.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Broker → Consumer (processes but crashes before ack) Broker → Consumer (redeliver — message processed twice) </code></pre> </div> <p><strong>This is the default in most production systems.</strong> RabbitMQ, Azure Service Bus, and AWS SQS all default to at-least-once delivery.</p> <p><strong>The consequence:</strong> your consumers must be idempotent — processing the same message twice must produce the same result as processing it once.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">HandleAsync</span><span class="p">(</span><span class="n">OrderPlacedEvent</span> <span class="n">message</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ✅ Idempotent — checking prevents duplicate processing</span> <span class="k">if</span> <span class="p">(</span><span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="n">Orders</span><span class="p">.</span><span class="nf">AnyAsync</span><span class="p">(</span><span class="n">o</span> <span class="p">=&gt;</span> <span class="n">o</span><span class="p">.</span><span class="n">Id</span> <span class="p">==</span> <span class="n">message</span><span class="p">.</span><span class="n">OrderId</span><span class="p">))</span> <span class="k">return</span><span class="p">;</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="n">Orders</span><span class="p">.</span><span class="nf">AddAsync</span><span class="p">(</span><span class="k">new</span> <span class="nf">Order</span><span class="p">(</span><span class="n">message</span><span class="p">));</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="nf">SaveChangesAsync</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <h3> Exactly Once </h3> <p>The broker guarantees each message is processed exactly once. In theory this is ideal. In practice, true exactly-once delivery is extremely difficult to achieve across distributed systems and comes with significant performance overhead.</p> <p><strong>Most teams don't need exactly-once delivery at the broker level.</strong> At-least-once delivery with idempotent consumers achieves the same result in practice.</p> <h2> Key Concepts Every .NET Developer Should Know </h2> <h3> Dead Letter Queues (DLQ) </h3> <p>When a message can't be processed — because of an exception, a schema mismatch, or too many failed retries — it gets moved to a dead letter queue instead of being lost.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[Main Queue] → Consumer (fails 3 times) ↓ [Dead Letter Queue] ← inspect, fix, replay </code></pre> </div> <p>Dead letter queues are essential for observability. Without them, failed messages vanish silently. With them, you can inspect what went wrong, fix the bug, and replay the messages.</p> <h3> Idempotency Keys </h3> <p>Since at-least-once delivery means duplicates are possible, consumers need a way to detect them. An idempotency key is a unique identifier per message that the consumer checks before processing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">ProcessPaymentHandler</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IIdempotencyStore</span> <span class="n">_store</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">HandleAsync</span><span class="p">(</span><span class="n">ProcessPaymentCommand</span> <span class="n">command</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Check if already processed</span> <span class="k">if</span> <span class="p">(</span><span class="k">await</span> <span class="n">_store</span><span class="p">.</span><span class="nf">ExistsAsync</span><span class="p">(</span><span class="n">command</span><span class="p">.</span><span class="n">MessageId</span><span class="p">))</span> <span class="k">return</span><span class="p">;</span> <span class="k">await</span> <span class="nf">ProcessPaymentAsync</span><span class="p">(</span><span class="n">command</span><span class="p">);</span> <span class="c1">// Mark as processed</span> <span class="k">await</span> <span class="n">_store</span><span class="p">.</span><span class="nf">MarkAsync</span><span class="p">(</span><span class="n">command</span><span class="p">.</span><span class="n">MessageId</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Deduplication Windows </h3> <p>Some brokers (Azure Service Bus, AWS SQS FIFO) support server-side deduplication. Within a time window, messages with the same deduplication ID are automatically discarded.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Azure Service Bus — set the message ID for deduplication</span> <span class="kt">var</span> <span class="n">message</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">ServiceBusMessage</span><span class="p">(</span><span class="n">payload</span><span class="p">)</span> <span class="p">{</span> <span class="n">MessageId</span> <span class="p">=</span> <span class="s">$"order-</span><span class="p">{</span><span class="n">orderId</span><span class="p">}</span><span class="s">-placed"</span> <span class="c1">// Broker deduplicates on this</span> <span class="p">};</span> </code></pre> </div> <h3> Retry Policies and Backoff </h3> <p>Most brokers support automatic retries on failure. The key is to use exponential backoff — increasing the delay between retries to avoid hammering a struggling downstream service.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// MassTransit retry policy</span> <span class="n">cfg</span><span class="p">.</span><span class="nf">UseMessageRetry</span><span class="p">(</span><span class="n">r</span> <span class="p">=&gt;</span> <span class="n">r</span><span class="p">.</span><span class="nf">Exponential</span><span class="p">(</span> <span class="n">retryLimit</span><span class="p">:</span> <span class="m">5</span><span class="p">,</span> <span class="n">minInterval</span><span class="p">:</span> <span class="n">TimeSpan</span><span class="p">.</span><span class="nf">FromSeconds</span><span class="p">(</span><span class="m">1</span><span class="p">),</span> <span class="n">maxInterval</span><span class="p">:</span> <span class="n">TimeSpan</span><span class="p">.</span><span class="nf">FromMinutes</span><span class="p">(</span><span class="m">5</span><span class="p">),</span> <span class="n">intervalDelta</span><span class="p">:</span> <span class="n">TimeSpan</span><span class="p">.</span><span class="nf">FromSeconds</span><span class="p">(</span><span class="m">5</span><span class="p">)</span> <span class="p">));</span> </code></pre> </div> <h2> Which Broker to Choose </h2> <p>The three most common options in the .NET ecosystem each have different strengths.</p> <h3> RabbitMQ </h3> <p>Open source, self-hosted, extremely flexible. Supports complex routing rules, multiple exchange types, and fine-grained control over message flow. The AMQP protocol gives you features that cloud-managed services don't offer.</p> <p><strong>Choose RabbitMQ when:</strong> you need full control, want to self-host, or need advanced routing. Ideal for on-premises or containerised deployments.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="nt">--hostname</span> rabbit <span class="nt">--name</span> rabbitmq <span class="se">\</span> <span class="nt">-p</span> 5672:5672 <span class="nt">-p</span> 15672:15672 <span class="se">\</span> rabbitmq:3-management </code></pre> </div> <h3> Azure Service Bus </h3> <p>Fully managed, enterprise-grade messaging on Azure. Supports queues, topics, subscriptions, sessions (for ordered processing), and has native integration with the Azure ecosystem.</p> <p><strong>Choose Azure Service Bus when:</strong> you're already on Azure and want zero infrastructure management. Excellent SLA, built-in geo-redundancy, and deep integration with Azure Functions and Logic Apps.</p> <h3> AWS SQS + SNS </h3> <p>SQS is a managed queue service. SNS is a managed pub/sub service. They're designed to be used together — SNS fans out to multiple SQS queues. Extremely scalable, pay-per-use, and deeply integrated with the AWS ecosystem.</p> <p><strong>Choose SQS + SNS when:</strong> you're on AWS and want fully managed, highly scalable messaging without the operational overhead.</p> <h3> Quick Comparison </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>RabbitMQ</th> <th>Azure Service Bus</th> <th>AWS SQS + SNS</th> </tr> </thead> <tbody> <tr> <td><strong>Hosting</strong></td> <td>Self-managed</td> <td>Fully managed</td> <td>Fully managed</td> </tr> <tr> <td><strong>Protocol</strong></td> <td>AMQP</td> <td>AMQP / HTTPS</td> <td>HTTPS</td> </tr> <tr> <td><strong>Routing flexibility</strong></td> <td>Very high</td> <td>Medium</td> <td>Medium</td> </tr> <tr> <td><strong>Cost</strong></td> <td>Infrastructure only</td> <td>Per operation</td> <td>Per operation</td> </tr> <tr> <td><strong>Best for</strong></td> <td>On-prem / containers</td> <td>Azure workloads</td> <td>AWS workloads</td> </tr> </tbody> </table></div> <h2> When to Use Messaging (and When NOT To) </h2> <p>Messaging adds complexity. It introduces eventual consistency, requires idempotent consumers, and adds operational overhead. It's not always the right tool.</p> <p><strong>Use messaging when:</strong></p> <ul> <li>Operations are slow and don't need an immediate result (email sending, PDF generation, report processing)</li> <li>Multiple services need to react to the same event independently</li> <li>You need to buffer traffic spikes and protect downstream services</li> <li>Reliability matters more than immediacy — the work must eventually happen even if a service is temporarily down</li> </ul> <p><strong>Don't use messaging when:</strong></p> <ul> <li>You need an immediate response — use HTTP</li> <li>The operation is simple and happens within a single bounded context</li> <li>You're adding unnecessary complexity to a problem that a simple service call solves</li> <li>Your team isn't ready for the operational complexity of a message broker</li> </ul> <p>A common mistake is reaching for messaging too early. Start with synchronous calls, identify where coupling, latency, or reliability becomes a problem, and introduce messaging at those specific seams.</p> <h2> Common Errors and How to Avoid Them </h2> <p><strong>Processing messages without idempotency checks</strong><br> At-least-once delivery means duplicates will happen. Without idempotency, you'll charge customers twice, send duplicate emails, or create duplicate records. Always check whether a message has already been processed before acting on it.</p> <p><strong>Not configuring a dead letter queue</strong><br> Without a DLQ, failed messages are silently dropped or cause infinite retry loops. Always configure a DLQ and set up alerts when messages arrive there.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// RabbitMQ — declare a dead letter exchange</span> <span class="n">channel</span><span class="p">.</span><span class="nf">QueueDeclare</span><span class="p">(</span><span class="s">"orders"</span><span class="p">,</span> <span class="n">arguments</span><span class="p">:</span> <span class="k">new</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">object</span><span class="p">&gt;</span> <span class="p">{</span> <span class="p">{</span> <span class="s">"x-dead-letter-exchange"</span><span class="p">,</span> <span class="s">"orders.dlx"</span> <span class="p">},</span> <span class="p">{</span> <span class="s">"x-max-retries"</span><span class="p">,</span> <span class="m">3</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p><strong>Putting too much data in the message payload</strong><br> Messages should carry just enough information to identify the event and trigger processing — not entire object graphs. Large payloads increase latency and make schema evolution painful. Use the Claim Check pattern for large data: store the payload elsewhere and put only a reference in the message.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ Too much data in the message</span> <span class="k">new</span> <span class="n">OrderPlacedEvent</span> <span class="p">{</span> <span class="n">Order</span> <span class="p">=</span> <span class="n">entireOrderObjectWithAllRelations</span> <span class="p">};</span> <span class="c1">// ✅ Just the identifiers — consumers fetch what they need</span> <span class="k">new</span> <span class="n">OrderPlacedEvent</span> <span class="p">{</span> <span class="n">OrderId</span> <span class="p">=</span> <span class="n">orderId</span><span class="p">,</span> <span class="n">CustomerId</span> <span class="p">=</span> <span class="n">customerId</span> <span class="p">};</span> </code></pre> </div> <p><strong>Ignoring message ordering</strong><br> Most brokers don't guarantee message ordering by default. If your consumer assumes <code>OrderUpdated</code> always arrives after <code>OrderCreated</code>, you'll have subtle bugs. Either design consumers to handle out-of-order messages, or use ordering guarantees (SQS FIFO, Service Bus sessions) where ordering truly matters.</p> <p><strong>Forgetting about schema evolution</strong><br> Once you publish messages, consumers depend on their shape. Changing a field name or removing a property breaks consumers. Use additive changes only — add new optional fields, never remove or rename existing ones. Consider a schema registry for large teams.</p> <h2> Best Practices </h2> <ul> <li> <strong>Start with a queue, move to topics when you have multiple consumers.</strong> Don't over-architect from day one.</li> <li> <strong>Make every consumer idempotent.</strong> Assume every message will be delivered more than once.</li> <li> <strong>Always configure dead letter queues.</strong> Failed messages must be observable, not silently lost.</li> <li> <strong>Use exponential backoff for retries.</strong> Hammering a failing service makes things worse.</li> <li> <strong>Keep message payloads small.</strong> Include identifiers, not full objects.</li> <li> <strong>Name messages as past-tense events.</strong> <code>OrderPlaced</code>, not <code>PlaceOrder</code>. Events describe what happened; commands describe what to do.</li> <li> <strong>Version your message contracts.</strong> Plan for schema evolution before you ship.</li> <li> <strong>Monitor consumer lag.</strong> If messages are accumulating in a queue faster than they're being consumed, something is wrong.</li> </ul> <h2> Conclusion </h2> <p>Messaging is one of the most powerful tools for building resilient, scalable .NET applications — and one of the most misunderstood. The core ideas are simpler than they seem: queues for point-to-point work distribution, topics for broadcasting events to multiple consumers, and at-least-once delivery with idempotent consumers as the default approach.</p> <p>Understanding these fundamentals before picking a broker will save you from the most common pitfalls: messages that silently disappear, consumers that process the same event multiple times, and systems that fail in non-obvious ways under load.</p> <p>In the next article in this series, we'll put these concepts into practice with RabbitMQ: setting it up with Docker, sending and consuming messages in .NET, implementing dead letter queues, and building a real order processing example from scratch.</p> dotnet csharp architecture programming Adrián Bailador Sun, 22 Feb 2026 13:43:13 +0000 https://forem.com/adrianbailador/getting-started-with-postgresql-in-net-from-zero-to-production-365e https://forem.com/adrianbailador/getting-started-with-postgresql-in-net-from-zero-to-production-365e <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0xghf26jl01o1hdq66ew.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0xghf26jl01o1hdq66ew.png" alt=" " width="800" height="886"></a></p> <p>Getting started with PostgreSQL in .NET using Entity Framework Core and Dapper. Learn how to set up PostgreSQL with Docker, run migrations, use JSONB and arrays, and connect your ASP.NET Core API to a production-ready database.</p> <h2> Introduction: Why PostgreSQL Over SQL Server? </h2> <p>If you've been working with SQL Server for a while, switching to PostgreSQL might feel unnecessary. But more and more .NET teams are making the move — and for good reasons.</p> <p>PostgreSQL is open source, free, and runs on any platform. It's battle-tested at scale by companies like Apple, Instagram, and Spotify. It handles relational data as well as SQL Server, but also supports native JSON storage, full-text search, arrays, custom types, and vector search through the <code>pgvector</code> extension — all without additional licensing costs.</p> <p>For .NET developers, the ecosystem is mature. The Npgsql driver has first-class support for Entity Framework Core and Dapper, and the development experience is practically identical to what you're used to.</p> <p>In this article, I'll walk you through everything you need to go from zero to a working .NET application backed by PostgreSQL — locally with Docker, through migrations, and into production-ready territory.</p> <h2> Setting Up PostgreSQL Locally with Docker </h2> <p>The fastest way to get PostgreSQL running locally is with Docker. No installation, no PATH conflicts, no version headaches.</p> <p>Create a <code>docker-compose.yml</code> in your project root:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:16</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">pg_dev</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">yourpassword</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">myapp</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5432:5432"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pgdata:/var/lib/postgresql/data</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">pgdata</span><span class="pi">:</span> </code></pre> </div> <p>Start it with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose up <span class="nt">-d</span> </code></pre> </div> <p>Verify it's running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker <span class="nb">exec</span> <span class="nt">-it</span> pg_dev psql <span class="nt">-U</span> admin <span class="nt">-d</span> myapp </code></pre> </div> <p>You can also use a GUI like <strong>pgAdmin</strong> or <strong>DBeaver</strong> if you prefer a visual interface. Connect with:</p> <ul> <li> <strong>Host:</strong> <code>localhost</code> </li> <li> <strong>Port:</strong> <code>5432</code> </li> <li> <strong>User:</strong> <code>admin</code> </li> <li> <strong>Password:</strong> <code>yourpassword</code> </li> <li> <strong>Database:</strong> <code>myapp</code> </li> </ul> <h2> Connecting to PostgreSQL with Entity Framework Core (Npgsql) </h2> <h3> Install the packages </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package Npgsql.EntityFrameworkCore.PostgreSQL dotnet add package Microsoft.EntityFrameworkCore.Design </code></pre> </div> <h3> Create your models </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">Product</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Name</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="kt">string</span><span class="p">.</span><span class="n">Empty</span><span class="p">;</span> <span class="k">public</span> <span class="kt">decimal</span> <span class="n">Price</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">DateTime</span> <span class="n">CreatedAt</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">bool</span> <span class="n">IsAvailable</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Configure the DbContext </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">AppDbContext</span> <span class="p">:</span> <span class="n">DbContext</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">AppDbContext</span><span class="p">(</span><span class="n">DbContextOptions</span><span class="p">&lt;</span><span class="n">AppDbContext</span><span class="p">&gt;</span> <span class="n">options</span><span class="p">)</span> <span class="p">:</span> <span class="k">base</span><span class="p">(</span><span class="n">options</span><span class="p">)</span> <span class="p">{</span> <span class="p">}</span> <span class="k">public</span> <span class="n">DbSet</span><span class="p">&lt;</span><span class="n">Product</span><span class="p">&gt;</span> <span class="n">Products</span> <span class="p">=&gt;</span> <span class="n">Set</span><span class="p">&lt;</span><span class="n">Product</span><span class="p">&gt;();</span> <span class="k">protected</span> <span class="k">override</span> <span class="k">void</span> <span class="nf">OnModelCreating</span><span class="p">(</span><span class="n">ModelBuilder</span> <span class="n">modelBuilder</span><span class="p">)</span> <span class="p">{</span> <span class="n">modelBuilder</span><span class="p">.</span><span class="n">Entity</span><span class="p">&lt;</span><span class="n">Product</span><span class="p">&gt;(</span><span class="n">entity</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">entity</span><span class="p">.</span><span class="nf">HasKey</span><span class="p">(</span><span class="n">e</span> <span class="p">=&gt;</span> <span class="n">e</span><span class="p">.</span><span class="n">Id</span><span class="p">);</span> <span class="n">entity</span><span class="p">.</span><span class="nf">Property</span><span class="p">(</span><span class="n">e</span> <span class="p">=&gt;</span> <span class="n">e</span><span class="p">.</span><span class="n">Name</span><span class="p">).</span><span class="nf">IsRequired</span><span class="p">().</span><span class="nf">HasMaxLength</span><span class="p">(</span><span class="m">200</span><span class="p">);</span> <span class="n">entity</span><span class="p">.</span><span class="nf">Property</span><span class="p">(</span><span class="n">e</span> <span class="p">=&gt;</span> <span class="n">e</span><span class="p">.</span><span class="n">Price</span><span class="p">).</span><span class="nf">HasColumnType</span><span class="p">(</span><span class="s">"numeric(18,2)"</span><span class="p">);</span> <span class="n">entity</span><span class="p">.</span><span class="nf">Property</span><span class="p">(</span><span class="n">e</span> <span class="p">=&gt;</span> <span class="n">e</span><span class="p">.</span><span class="n">CreatedAt</span><span class="p">).</span><span class="nf">HasDefaultValueSql</span><span class="p">(</span><span class="s">"NOW()"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Register in Program.cs </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddDbContext</span><span class="p">&lt;</span><span class="n">AppDbContext</span><span class="p">&gt;(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="n">options</span><span class="p">.</span><span class="nf">UseNpgsql</span><span class="p">(</span><span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">.</span><span class="nf">GetConnectionString</span><span class="p">(</span><span class="s">"Postgres"</span><span class="p">)));</span> </code></pre> </div> <h3> Add the connection string to appsettings.json </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"ConnectionStrings"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Postgres"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Host=localhost;Port=5432;Database=myapp;Username=admin;Password=yourpassword"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Connecting with Dapper </h2> <p>For scenarios where you need raw SQL — reports, complex joins, stored procedures — Dapper is a great companion to EF Core.</p> <h3> Install the package </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package Dapper dotnet add package Npgsql </code></pre> </div> <h3> Create a connection factory </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">interface</span> <span class="nc">IDbConnectionFactory</span> <span class="p">{</span> <span class="n">NpgsqlConnection</span> <span class="nf">CreateConnection</span><span class="p">();</span> <span class="p">}</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">PostgresConnectionFactory</span> <span class="p">:</span> <span class="n">IDbConnectionFactory</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="n">_connectionString</span><span class="p">;</span> <span class="k">public</span> <span class="nf">PostgresConnectionFactory</span><span class="p">(</span><span class="n">IConfiguration</span> <span class="n">configuration</span><span class="p">)</span> <span class="p">{</span> <span class="n">_connectionString</span> <span class="p">=</span> <span class="n">configuration</span><span class="p">.</span><span class="nf">GetConnectionString</span><span class="p">(</span><span class="s">"Postgres"</span><span class="p">)!;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">NpgsqlConnection</span> <span class="nf">CreateConnection</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">NpgsqlConnection</span><span class="p">(</span><span class="n">_connectionString</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Register it in <code>Program.cs</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddSingleton</span><span class="p">&lt;</span><span class="n">IDbConnectionFactory</span><span class="p">,</span> <span class="n">PostgresConnectionFactory</span><span class="p">&gt;();</span> </code></pre> </div> <h3> Query with Dapper </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">ProductRepository</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IDbConnectionFactory</span> <span class="n">_factory</span><span class="p">;</span> <span class="k">public</span> <span class="nf">ProductRepository</span><span class="p">(</span><span class="n">IDbConnectionFactory</span> <span class="n">factory</span><span class="p">)</span> <span class="p">{</span> <span class="n">_factory</span> <span class="p">=</span> <span class="n">factory</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IEnumerable</span><span class="p">&lt;</span><span class="n">Product</span><span class="p">&gt;&gt;</span> <span class="nf">GetAvailableAsync</span><span class="p">()</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">connection</span> <span class="p">=</span> <span class="n">_factory</span><span class="p">.</span><span class="nf">CreateConnection</span><span class="p">();</span> <span class="k">return</span> <span class="k">await</span> <span class="n">connection</span><span class="p">.</span><span class="n">QueryAsync</span><span class="p">&lt;</span><span class="n">Product</span><span class="p">&gt;(</span> <span class="s">"SELECT * FROM products WHERE is_available = true ORDER BY created_at DESC"</span><span class="p">);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">Product</span><span class="p">?&gt;</span> <span class="nf">GetByIdAsync</span><span class="p">(</span><span class="kt">int</span> <span class="n">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">connection</span> <span class="p">=</span> <span class="n">_factory</span><span class="p">.</span><span class="nf">CreateConnection</span><span class="p">();</span> <span class="k">return</span> <span class="k">await</span> <span class="n">connection</span><span class="p">.</span><span class="n">QuerySingleOrDefaultAsync</span><span class="p">&lt;</span><span class="n">Product</span><span class="p">&gt;(</span> <span class="s">"SELECT * FROM products WHERE id = @Id"</span><span class="p">,</span> <span class="k">new</span> <span class="p">{</span> <span class="n">Id</span> <span class="p">=</span> <span class="n">id</span> <span class="p">});</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;</span> <span class="nf">CreateAsync</span><span class="p">(</span><span class="n">Product</span> <span class="n">product</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">connection</span> <span class="p">=</span> <span class="n">_factory</span><span class="p">.</span><span class="nf">CreateConnection</span><span class="p">();</span> <span class="k">return</span> <span class="k">await</span> <span class="n">connection</span><span class="p">.</span><span class="n">ExecuteScalarAsync</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;(</span> <span class="s">""" </span> <span class="n">INSERT</span> <span class="n">INTO</span> <span class="nf">products</span> <span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="n">price</span><span class="p">,</span> <span class="n">is_available</span><span class="p">)</span> <span class="nf">VALUES</span> <span class="p">(</span><span class="n">@Name</span><span class="p">,</span> <span class="n">@Price</span><span class="p">,</span> <span class="n">@IsAvailable</span><span class="p">)</span> <span class="n">RETURNING</span> <span class="n">id</span> <span class="s">""", </span> <span class="n">product</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> PostgreSQL-Specific Features You'll Love </h2> <p>This is where PostgreSQL starts to shine beyond standard relational databases.</p> <h3> JSONB — Storing Flexible Data </h3> <p>JSONB stores JSON as binary, making it fast to query and index. Perfect for dynamic attributes, metadata, or configuration data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">Order</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">CustomerEmail</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="kt">string</span><span class="p">.</span><span class="n">Empty</span><span class="p">;</span> <span class="k">public</span> <span class="n">JsonDocument</span> <span class="n">Metadata</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="n">JsonDocument</span><span class="p">.</span><span class="nf">Parse</span><span class="p">(</span><span class="s">"{}"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Configure it in your <code>DbContext</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">modelBuilder</span><span class="p">.</span><span class="n">Entity</span><span class="p">&lt;</span><span class="n">Order</span><span class="p">&gt;()</span> <span class="p">.</span><span class="nf">Property</span><span class="p">(</span><span class="n">o</span> <span class="p">=&gt;</span> <span class="n">o</span><span class="p">.</span><span class="n">Metadata</span><span class="p">)</span> <span class="p">.</span><span class="nf">HasColumnType</span><span class="p">(</span><span class="s">"jsonb"</span><span class="p">);</span> </code></pre> </div> <p>Query specific JSONB keys with Dapper:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">orders</span> <span class="k">WHERE</span> <span class="n">metadata</span><span class="o">-&gt;&gt;</span><span class="s1">'region'</span> <span class="o">=</span> <span class="s1">'EU'</span> <span class="k">AND</span> <span class="p">(</span><span class="n">metadata</span><span class="o">-&gt;&gt;</span><span class="s1">'total'</span><span class="p">)::</span><span class="nb">numeric</span> <span class="o">&gt;</span> <span class="mi">500</span><span class="p">;</span> </code></pre> </div> <h3> Arrays — Native List Support </h3> <p>No junction tables needed for simple lists of primitive values.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">Article</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Title</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="kt">string</span><span class="p">.</span><span class="n">Empty</span><span class="p">;</span> <span class="k">public</span> <span class="kt">string</span><span class="p">[]</span> <span class="n">Tags</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="p">[];</span> <span class="p">}</span> </code></pre> </div> <p>Configure it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">modelBuilder</span><span class="p">.</span><span class="n">Entity</span><span class="p">&lt;</span><span class="n">Article</span><span class="p">&gt;()</span> <span class="p">.</span><span class="nf">Property</span><span class="p">(</span><span class="n">a</span> <span class="p">=&gt;</span> <span class="n">a</span><span class="p">.</span><span class="n">Tags</span><span class="p">)</span> <span class="p">.</span><span class="nf">HasColumnType</span><span class="p">(</span><span class="s">"text[]"</span><span class="p">);</span> </code></pre> </div> <p>Query articles that have a specific tag:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">articles</span> <span class="p">=</span> <span class="k">await</span> <span class="n">context</span><span class="p">.</span><span class="n">Articles</span> <span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">a</span> <span class="p">=&gt;</span> <span class="n">a</span><span class="p">.</span><span class="n">Tags</span><span class="p">.</span><span class="nf">Contains</span><span class="p">(</span><span class="s">"dotnet"</span><span class="p">))</span> <span class="p">.</span><span class="nf">ToListAsync</span><span class="p">();</span> </code></pre> </div> <h3> Enum Types — Readable Data in the Database </h3> <p>Instead of storing magic numbers or plain strings, use PostgreSQL native enums.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">enum</span> <span class="n">OrderStatus</span> <span class="p">{</span> <span class="n">Pending</span><span class="p">,</span> <span class="n">Processing</span><span class="p">,</span> <span class="n">Shipped</span><span class="p">,</span> <span class="n">Delivered</span><span class="p">,</span> <span class="n">Cancelled</span> <span class="p">}</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Order</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">OrderStatus</span> <span class="n">Status</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Register the enum in Npgsql:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddDbContext</span><span class="p">&lt;</span><span class="n">AppDbContext</span><span class="p">&gt;(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="n">options</span><span class="p">.</span><span class="nf">UseNpgsql</span><span class="p">(</span><span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">.</span><span class="nf">GetConnectionString</span><span class="p">(</span><span class="s">"Postgres"</span><span class="p">),</span> <span class="n">o</span> <span class="p">=&gt;</span> <span class="n">o</span><span class="p">.</span><span class="n">MapEnum</span><span class="p">&lt;</span><span class="n">OrderStatus</span><span class="p">&gt;(</span><span class="s">"order_status"</span><span class="p">)));</span> </code></pre> </div> <p>And in <code>OnModelCreating</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">modelBuilder</span><span class="p">.</span><span class="n">HasPostgresEnum</span><span class="p">&lt;</span><span class="n">OrderStatus</span><span class="p">&gt;(</span><span class="s">"order_status"</span><span class="p">);</span> </code></pre> </div> <h2> Running Migrations with EF Core </h2> <h3> Install the CLI tool (if you haven't already) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet tool <span class="nb">install</span> <span class="nt">--global</span> dotnet-ef </code></pre> </div> <h3> Create and apply your first migration </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet ef migrations add InitialCreate dotnet ef database update </code></pre> </div> <h3> Generating a script for production </h3> <p>Never run <code>dotnet ef database update</code> directly in production. Instead, generate a SQL script and run it through your deployment pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet ef migrations script <span class="nt">--idempotent</span> <span class="nt">-o</span> migrations.sql </code></pre> </div> <p>The <code>--idempotent</code> flag makes the script safe to run multiple times — it only applies migrations that haven't been applied yet.</p> <h3> Applying migrations programmatically on startup </h3> <p>For containerised environments, you can apply pending migrations automatically when the app starts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="p">(</span><span class="kt">var</span> <span class="n">scope</span> <span class="p">=</span> <span class="n">app</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">CreateScope</span><span class="p">())</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">db</span> <span class="p">=</span> <span class="n">scope</span><span class="p">.</span><span class="n">ServiceProvider</span><span class="p">.</span><span class="n">GetRequiredService</span><span class="p">&lt;</span><span class="n">AppDbContext</span><span class="p">&gt;();</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="n">Database</span><span class="p">.</span><span class="nf">MigrateAsync</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>⚠️ Use this pattern with care in multi-instance deployments. Consider using an init container or a dedicated migration job instead.</p> </blockquote> <h2> Common Errors and How to Avoid Them </h2> <p><strong><code>Npgsql.PostgresException: column does not exist</code></strong><br> PostgreSQL is case-sensitive by default. Column and table names created without quotes are lowercased automatically. If your model has <code>CreatedAt</code>, EF Core maps it to <code>created_at</code> with snake_case conventions (enabled via <code>UseSnakeCaseNamingConvention()</code>). Enable it explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">options</span><span class="p">.</span><span class="nf">UseNpgsql</span><span class="p">(</span><span class="n">connectionString</span><span class="p">)</span> <span class="p">.</span><span class="nf">UseSnakeCaseNamingConvention</span><span class="p">();</span> </code></pre> </div> <p><strong><code>System.InvalidOperationException: No suitable constructor found for entity type</code></strong><br> EF Core needs either a parameterless constructor or one it can match to properties. Add a protected parameterless constructor if you have a custom one:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">Product</span> <span class="p">{</span> <span class="k">protected</span> <span class="nf">Product</span><span class="p">()</span> <span class="p">{</span> <span class="p">}</span> <span class="c1">// For EF Core</span> <span class="k">public</span> <span class="nf">Product</span><span class="p">(</span><span class="kt">string</span> <span class="n">name</span><span class="p">,</span> <span class="kt">decimal</span> <span class="n">price</span><span class="p">)</span> <span class="p">{</span> <span class="p">...</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong><code>NpgsqlException: SSL connection is required</code></strong><br> Production PostgreSQL instances (like Azure Database for PostgreSQL) enforce SSL. Update your connection string:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Host=myserver.postgres.database.azure.com;...;Ssl Mode=Require;Trust Server Certificate=true; </code></pre> </div> <p><strong>Enum migration fails with <code>type already exists</code></strong><br> If you drop and recreate the database during development, Npgsql may try to create the enum type again. Wrap the enum creation in a migration check, or use <code>HasPostgresEnum()</code> which handles this safely.</p> <p><strong>Slow queries after a large data load</strong><br> PostgreSQL relies on table statistics to build query plans. After bulk inserts, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ANALYZE</span> <span class="n">products</span><span class="p">;</span> </code></pre> </div> <p>Or let the autovacuum daemon handle it automatically in production.</p> <h2> Best Practices </h2> <ul> <li> <strong>Use snake_case naming conventions</strong> with <code>UseSnakeCaseNamingConvention()</code> — this avoids constant quoting issues and aligns with PostgreSQL conventions.</li> <li> <strong>Don't use <code>dotnet ef database update</code> in production</strong> — always generate and review SQL scripts before applying them.</li> <li> <strong>Index foreign keys</strong> — PostgreSQL does not create indexes on foreign key columns automatically, unlike SQL Server.</li> <li> <strong>Use <code>NOW()</code> for server-side timestamps</strong> — instead of setting <code>DateTime.UtcNow</code> in C#, use <code>HasDefaultValueSql("NOW()")</code> to let the database handle it.</li> <li> <strong>Prefer <code>jsonb</code> over <code>json</code></strong> — <code>jsonb</code> is stored as parsed binary and supports indexing. <code>json</code> stores raw text and is slower to query.</li> <li> <strong>Pool your connections</strong> — Npgsql includes connection pooling by default. Avoid creating <code>NpgsqlConnection</code> instances as singletons; always open and dispose per request.</li> <li> <strong>Monitor with <code>pg_stat_statements</code></strong> — enable this extension to track slow queries across your application in production.</li> </ul> <h2> Conclusion </h2> <p>PostgreSQL is a powerful, production-proven database that integrates seamlessly with the .NET ecosystem. Whether you're using Entity Framework Core for its migration and LINQ support, or Dapper for raw SQL performance, the tooling is mature and the developer experience is excellent.</p> <p>The features covered here — JSONB, arrays, enum types, and EF Core migrations — are the ones you'll reach for most often in real projects. Start with them, and you'll quickly see why so many teams are moving away from SQL Server and never looking back.</p> <p>In the next article in this series, we'll go deeper into PostgreSQL query performance: understanding <code>EXPLAIN ANALYZE</code>, building the right indexes, and optimising the queries that EF Core generates under the hood.</p> dotnet csharp database programming Adrián Bailador Fri, 13 Feb 2026 19:46:30 +0000 https://forem.com/adrianbailador/vertical-slice-architecture-in-net-k80 https://forem.com/adrianbailador/vertical-slice-architecture-in-net-k80 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgwkwd4s6badmksjdrjpp.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgwkwd4s6badmksjdrjpp.jpg" alt=" " width="800" height="446"></a></p> <h2> Organize your code by what it does, not where it lives </h2> <p>Most .NET applications are organized in horizontal layers: Presentation, Business Logic, and Data Access. But what if we organized code by <strong>business features</strong> instead? </p> <p>Welcome to <strong>Vertical Slice Architecture (VSA)</strong>, a pattern that's changing how we structure modern .NET applications.</p> <blockquote> <p><strong>TL;DR:</strong> Vertical Slice Architecture groups all code for a feature together (API → Logic → Database). No more jumping between 5 folders to understand one thing.</p> </blockquote> <h2> 🎂 What is Vertical Slice Architecture? </h2> <p>Vertical Slice Architecture is a code organization pattern that groups all code for a single feature or use case together, from the user interface down to the database.</p> <h3> The Core Concept </h3> <p>Think of your application as a cake. Traditional architectures cut the cake <strong>horizontally</strong> into layers:</p> <ul> <li> <strong>Top layer:</strong> Presentation (Controllers, Views)</li> <li> <strong>Middle layer:</strong> Business Logic (Services, Commands)</li> <li> <strong>Bottom layer:</strong> Data Access (Repositories, DbContext)</li> </ul> <p><strong>Vertical Slice Architecture</strong> cuts the cake vertically. Each slice contains everything needed for one specific feature:</p> <ul> <li> <strong>Slice 1:</strong> "Create Product" → Complete from API to Database</li> <li> <strong>Slice 2:</strong> "Ship Order" → Complete from API to Database</li> <li> <strong>Slice 3:</strong> "Register User" → Complete from API to Database</li> </ul> <h3> Why "Vertical"? </h3> <p>A vertical slice <strong>cuts through all layers</strong> for a single feature. When you need to add a field to "Create Product", you only touch files in <code>Features/Products/Create/</code>. No jumping between Controllers → Services → Repositories.</p> <h2> 📁 Project Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>MyApp/ ├── Features/ │ ├── Products/ │ │ ├── Create/ │ │ │ ├── CreateProduct.cs │ │ │ └── CreateProductEndpoint.cs │ │ ├── Update/ │ │ ├── Delete/ │ │ └── GetById/ │ ├── Orders/ │ │ ├── Create/ │ │ ├── Ship/ │ │ └── Cancel/ │ └── Customers/ ├── Common/ # Only truly shared infrastructure │ ├── Behaviors/ # MediatR pipeline behaviors │ └── Results/ ├── Data/ │ ├── AppDbContext.cs │ └── Entities/ └── Program.cs </code></pre> </div> <p>Everything for "Create Product" lives in one place: <code>Features/Products/Create/</code>.</p> <h2> ⚖️ Core Principles </h2> <h3> 1. Feature-First Organization </h3> <p>Code is organized by <strong>what it does</strong> (business capability), not by <strong>what it is</strong> (technical role). </p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Traditional (Layered)</th> <th>Vertical Slice</th> </tr> </thead> <tbody> <tr> <td><code>Controllers/ProductsController.cs</code></td> <td><code>Features/Products/Create/CreateProduct.cs</code></td> </tr> <tr> <td><code>Services/ProductService.cs</code></td> <td><code>Features/Products/Create/CreateProductEndpoint.cs</code></td> </tr> <tr> <td><code>Repositories/ProductRepository.cs</code></td> <td>(Logic &amp; Data access are inside the slice)</td> </tr> </tbody> </table></div> <p>To understand "Create Product", you read <strong>one folder</strong> instead of <strong>three files in three different folders</strong>.</p> <h3> 2. High Cohesion, Low Coupling </h3> <ul> <li> <strong>High Cohesion:</strong> Related code stays together. Command, validation, and logic are all in one file or folder. You see the complete picture immediately.</li> <li> <strong>Low Coupling:</strong> Features don't depend on each other. Deleting "Create Product" won't break "Ship Order". Each feature can evolve independently.</li> </ul> <h3> 3. Minimal Abstractions </h3> <p>Create abstractions only when you have actual shared behavior. In VSA, we often use the <code>DbContext</code> directly in the handler. </p> <p><strong>Don't do this:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Abstraction for a single implementation</span> <span class="k">public</span> <span class="k">interface</span> <span class="nc">IProductRepository</span> <span class="p">{</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">Product</span><span class="p">&gt;</span> <span class="nf">GetByIdAsync</span><span class="p">(</span><span class="kt">int</span> <span class="n">id</span><span class="p">);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ProductRepository</span> <span class="p">:</span> <span class="n">IProductRepository</span> <span class="p">{</span> <span class="c1">// Only implementation, will never be swapped</span> <span class="p">}</span> </code></pre> </div> <p><strong>Do this:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Direct database access in the handler</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Handler</span> <span class="p">:</span> <span class="n">IRequestHandler</span><span class="p">&lt;</span><span class="n">Query</span><span class="p">,</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">AppDbContext</span> <span class="n">_db</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;</span> <span class="nf">Handle</span><span class="p">(</span><span class="n">Query</span> <span class="n">request</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">product</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="n">Products</span> <span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">Id</span> <span class="p">==</span> <span class="n">request</span><span class="p">.</span><span class="n">Id</span><span class="p">)</span> <span class="p">.</span><span class="nf">Select</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="k">new</span> <span class="n">ProductDto</span> <span class="p">{</span> <span class="n">Id</span> <span class="p">=</span> <span class="n">p</span><span class="p">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">Name</span> <span class="p">=</span> <span class="n">p</span><span class="p">.</span><span class="n">Name</span> <span class="p">})</span> <span class="p">.</span><span class="nf">FirstOrDefaultAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="k">return</span> <span class="n">product</span> <span class="p">!=</span> <span class="k">null</span> <span class="p">?</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;.</span><span class="nf">Success</span><span class="p">(</span><span class="n">product</span><span class="p">)</span> <span class="p">:</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;.</span><span class="nf">Failure</span><span class="p">(</span><span class="s">"Product not found"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If you aren't swapping your DB for a text file tomorrow, you probably don't need a Repository Layer.</p> <h3> 4. Duplication Over Wrong Abstraction </h3> <p>It's okay to duplicate a DTO or a small piece of logic between slices if it keeps them independent.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Products/Create</span> <span class="kt">var</span> <span class="n">product</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Product</span> <span class="p">{</span> <span class="n">CreatedAt</span> <span class="p">=</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span><span class="p">,</span> <span class="n">CreatedBy</span> <span class="p">=</span> <span class="n">_currentUser</span><span class="p">.</span><span class="n">Id</span> <span class="p">};</span> <span class="c1">// Orders/Create - Same code, that's OK!</span> <span class="kt">var</span> <span class="n">order</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Order</span> <span class="p">{</span> <span class="n">CreatedAt</span> <span class="p">=</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span><span class="p">,</span> <span class="n">CreatedBy</span> <span class="p">=</span> <span class="n">_currentUser</span><span class="p">.</span><span class="n">Id</span> <span class="p">};</span> </code></pre> </div> <blockquote> <p><strong>The Rule of Three:</strong> Extract common code only when you use it in 3+ features, not before.</p> </blockquote> <p>Why? Because those two features might diverge in the future. Premature abstraction creates coupling.</p> <h2> 🛠️ Complete Implementation: "Create Product" </h2> <p>Let's build a feature from scratch using <strong>MediatR</strong> and <strong>Minimal APIs</strong>.</p> <h3> Step 1: The Command and Handler </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Features/Products/Create/CreateProduct.cs</span> <span class="k">namespace</span> <span class="nn">MyApp.Features.Products.Create</span><span class="p">;</span> <span class="k">public</span> <span class="k">static</span> <span class="k">class</span> <span class="nc">CreateProduct</span> <span class="p">{</span> <span class="c1">// The request</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">Command</span><span class="p">(</span> <span class="kt">string</span> <span class="n">Name</span><span class="p">,</span> <span class="kt">decimal</span> <span class="n">Price</span><span class="p">,</span> <span class="kt">int</span> <span class="n">CategoryId</span> <span class="p">)</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;&gt;;</span> <span class="c1">// Validation rules</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Validator</span> <span class="p">:</span> <span class="n">AbstractValidator</span><span class="p">&lt;</span><span class="n">Command</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">Validator</span><span class="p">()</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="n">Name</span><span class="p">).</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">MaximumLength</span><span class="p">(</span><span class="m">100</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="n">Price</span><span class="p">).</span><span class="nf">GreaterThan</span><span class="p">(</span><span class="m">0</span><span class="p">).</span><span class="nf">LessThan</span><span class="p">(</span><span class="m">1000000</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="n">CategoryId</span><span class="p">).</span><span class="nf">GreaterThan</span><span class="p">(</span><span class="m">0</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Business logic</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Handler</span> <span class="p">:</span> <span class="n">IRequestHandler</span><span class="p">&lt;</span><span class="n">Command</span><span class="p">,</span> <span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">AppDbContext</span> <span class="n">_db</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">Handler</span><span class="p">&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">public</span> <span class="nf">Handler</span><span class="p">(</span><span class="n">AppDbContext</span> <span class="n">db</span><span class="p">,</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">Handler</span><span class="p">&gt;</span> <span class="n">logger</span><span class="p">)</span> <span class="p">{</span> <span class="n">_db</span> <span class="p">=</span> <span class="n">db</span><span class="p">;</span> <span class="n">_logger</span> <span class="p">=</span> <span class="n">logger</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;&gt;</span> <span class="nf">Handle</span><span class="p">(</span><span class="n">Command</span> <span class="n">request</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Business rule: Category must exist</span> <span class="kt">var</span> <span class="n">categoryExists</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="n">Categories</span> <span class="p">.</span><span class="nf">AnyAsync</span><span class="p">(</span><span class="n">c</span> <span class="p">=&gt;</span> <span class="n">c</span><span class="p">.</span><span class="n">Id</span> <span class="p">==</span> <span class="n">request</span><span class="p">.</span><span class="n">CategoryId</span><span class="p">,</span> <span class="n">ct</span><span class="p">);</span> <span class="k">if</span> <span class="p">(!</span><span class="n">categoryExists</span><span class="p">)</span> <span class="k">return</span> <span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;.</span><span class="nf">Failure</span><span class="p">(</span><span class="s">"Category not found"</span><span class="p">);</span> <span class="c1">// Create product</span> <span class="kt">var</span> <span class="n">product</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Product</span> <span class="p">{</span> <span class="n">Name</span> <span class="p">=</span> <span class="n">request</span><span class="p">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">Price</span> <span class="p">=</span> <span class="n">request</span><span class="p">.</span><span class="n">Price</span><span class="p">,</span> <span class="n">CategoryId</span> <span class="p">=</span> <span class="n">request</span><span class="p">.</span><span class="n">CategoryId</span><span class="p">,</span> <span class="n">CreatedAt</span> <span class="p">=</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span> <span class="p">};</span> <span class="n">_db</span><span class="p">.</span><span class="n">Products</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="n">product</span><span class="p">);</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="nf">SaveChangesAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span> <span class="s">"Created product {ProductId}: {ProductName}"</span><span class="p">,</span> <span class="n">product</span><span class="p">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">product</span><span class="p">.</span><span class="n">Name</span><span class="p">);</span> <span class="k">return</span> <span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;.</span><span class="nf">Success</span><span class="p">(</span><span class="n">product</span><span class="p">.</span><span class="n">Id</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Everything in one file:</strong> Request, validation, and business logic. You can understand the entire feature without opening multiple files.</p> <h3> Step 2: The Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Features/Products/Create/CreateProductEndpoint.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">CreateProductEndpoint</span> <span class="p">:</span> <span class="n">ICarterModule</span> <span class="p">{</span> <span class="k">public</span> <span class="k">void</span> <span class="nf">AddRoutes</span><span class="p">(</span><span class="n">IEndpointRouteBuilder</span> <span class="n">app</span><span class="p">)</span> <span class="p">{</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapPost</span><span class="p">(</span><span class="s">"/api/products"</span><span class="p">,</span> <span class="k">async</span> <span class="p">(</span> <span class="n">CreateProduct</span><span class="p">.</span><span class="n">Command</span> <span class="n">request</span><span class="p">,</span> <span class="n">IMediator</span> <span class="n">mediator</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">result</span> <span class="p">=</span> <span class="k">await</span> <span class="n">mediator</span><span class="p">.</span><span class="nf">Send</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">ct</span><span class="p">);</span> <span class="k">return</span> <span class="n">result</span><span class="p">.</span><span class="n">IsSuccess</span> <span class="p">?</span> <span class="n">Results</span><span class="p">.</span><span class="nf">Created</span><span class="p">(</span><span class="s">$"/api/products/</span><span class="p">{</span><span class="n">result</span><span class="p">.</span><span class="n">Value</span><span class="p">}</span><span class="s">"</span><span class="p">,</span> <span class="k">new</span> <span class="p">{</span> <span class="n">id</span> <span class="p">=</span> <span class="n">result</span><span class="p">.</span><span class="n">Value</span> <span class="p">})</span> <span class="p">:</span> <span class="n">Results</span><span class="p">.</span><span class="nf">BadRequest</span><span class="p">(</span><span class="k">new</span> <span class="p">{</span> <span class="n">error</span> <span class="p">=</span> <span class="n">result</span><span class="p">.</span><span class="n">Error</span> <span class="p">});</span> <span class="p">})</span> <span class="p">.</span><span class="nf">WithName</span><span class="p">(</span><span class="s">"CreateProduct"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithTags</span><span class="p">(</span><span class="s">"Products"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>That's it! A complete feature in <strong>2 files</strong>.</p> <h3> Step 3: Supporting Types </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Common/Results/Result.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Result</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">bool</span> <span class="n">IsSuccess</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">T</span> <span class="n">Value</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Error</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="nf">Result</span><span class="p">(</span><span class="kt">bool</span> <span class="n">isSuccess</span><span class="p">,</span> <span class="n">T</span> <span class="k">value</span><span class="p">,</span> <span class="kt">string</span> <span class="n">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">IsSuccess</span> <span class="p">=</span> <span class="n">isSuccess</span><span class="p">;</span> <span class="n">Value</span> <span class="p">=</span> <span class="k">value</span><span class="p">;</span> <span class="n">Error</span> <span class="p">=</span> <span class="n">error</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">static</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="nf">Success</span><span class="p">(</span><span class="n">T</span> <span class="k">value</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="k">new</span><span class="p">(</span><span class="k">true</span><span class="p">,</span> <span class="k">value</span><span class="p">,</span> <span class="kt">string</span><span class="p">.</span><span class="n">Empty</span><span class="p">);</span> <span class="k">public</span> <span class="k">static</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="nf">Failure</span><span class="p">(</span><span class="kt">string</span> <span class="n">error</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="k">new</span><span class="p">(</span><span class="k">false</span><span class="p">,</span> <span class="k">default</span><span class="p">!,</span> <span class="n">error</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> 🌊 How a Request Flows </h2> <p>Let's trace a request through the system:</p> <p><strong>User Request:</strong> <code>POST /api/products</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Laptop"</span><span class="p">,</span><span class="w"> </span><span class="nl">"price"</span><span class="p">:</span><span class="w"> </span><span class="mf">1299.99</span><span class="p">,</span><span class="w"> </span><span class="nl">"categoryId"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Flow:</strong></p> <ol> <li><p><strong>Endpoint receives request</strong> → Deserializes into <code>CreateProduct.Command</code></p></li> <li><p><strong>MediatR pipeline begins</strong> → <code>mediator.Send(request)</code></p></li> <li> <p><strong>Validation runs automatically</strong> → <code>ValidationBehavior</code> intercepts and runs <code>CreateProduct.Validator</code></p> <ul> <li>If validation fails → Returns <code>400 Bad Request</code> </li> <li>If validation passes → Continues to handler</li> </ul> </li> <li><p><strong>Logging (automatic)</strong> → <code>LoggingBehavior</code> logs the request</p></li> <li><p><strong>Handler executes</strong> → Business rules, database operations</p></li> <li> <p><strong>Response returned</strong> → <code>Result&lt;int&gt;</code> converted to HTTP response</p> <ul> <li>Success → <code>201 Created</code> </li> <li>Failure → <code>400 Bad Request</code> </li> </ul> </li> </ol> <p><strong>Key insight:</strong> Validation and logging happen automatically via MediatR pipeline behaviors. You don't write that code in every handler.</p> <h2> 🔄 Cross-Cutting Concerns with MediatR Behaviors </h2> <p>Common functionality is handled by pipeline behaviors, not inheritance or base classes.</p> <h3> Validation Behavior </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Common/Behaviors/ValidationBehavior.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ValidationBehavior</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">,</span> <span class="n">TResponse</span><span class="p">&gt;</span> <span class="p">:</span> <span class="n">IPipelineBehavior</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">,</span> <span class="n">TResponse</span><span class="p">&gt;</span> <span class="k">where</span> <span class="n">TRequest</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IEnumerable</span><span class="p">&lt;</span><span class="n">IValidator</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">&gt;&gt;</span> <span class="n">_validators</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="nf">Handle</span><span class="p">(</span> <span class="n">TRequest</span> <span class="n">request</span><span class="p">,</span> <span class="n">RequestHandlerDelegate</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="n">next</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(!</span><span class="n">_validators</span><span class="p">.</span><span class="nf">Any</span><span class="p">())</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">next</span><span class="p">();</span> <span class="kt">var</span> <span class="n">context</span> <span class="p">=</span> <span class="k">new</span> <span class="n">ValidationContext</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">&gt;(</span><span class="n">request</span><span class="p">);</span> <span class="kt">var</span> <span class="n">failures</span> <span class="p">=</span> <span class="n">_validators</span> <span class="p">.</span><span class="nf">Select</span><span class="p">(</span><span class="n">v</span> <span class="p">=&gt;</span> <span class="n">v</span><span class="p">.</span><span class="nf">Validate</span><span class="p">(</span><span class="n">context</span><span class="p">))</span> <span class="p">.</span><span class="nf">SelectMany</span><span class="p">(</span><span class="n">result</span> <span class="p">=&gt;</span> <span class="n">result</span><span class="p">.</span><span class="n">Errors</span><span class="p">)</span> <span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">f</span> <span class="p">=&gt;</span> <span class="n">f</span> <span class="p">!=</span> <span class="k">null</span><span class="p">)</span> <span class="p">.</span><span class="nf">ToList</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="n">failures</span><span class="p">.</span><span class="nf">Any</span><span class="p">())</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">ValidationException</span><span class="p">(</span><span class="n">failures</span><span class="p">);</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Logging Behavior </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Common/Behaviors/LoggingBehavior.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">LoggingBehavior</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">,</span> <span class="n">TResponse</span><span class="p">&gt;</span> <span class="p">:</span> <span class="n">IPipelineBehavior</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">,</span> <span class="n">TResponse</span><span class="p">&gt;</span> <span class="k">where</span> <span class="n">TRequest</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">LoggingBehavior</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">,</span> <span class="n">TResponse</span><span class="p">&gt;&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="nf">Handle</span><span class="p">(</span> <span class="n">TRequest</span> <span class="n">request</span><span class="p">,</span> <span class="n">RequestHandlerDelegate</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="n">next</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span><span class="s">"Handling {RequestName}"</span><span class="p">,</span> <span class="k">typeof</span><span class="p">(</span><span class="n">TRequest</span><span class="p">).</span><span class="n">Name</span><span class="p">);</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="nf">next</span><span class="p">();</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span><span class="s">"Handled {RequestName}"</span><span class="p">,</span> <span class="k">typeof</span><span class="p">(</span><span class="n">TRequest</span><span class="p">).</span><span class="n">Name</span><span class="p">);</span> <span class="k">return</span> <span class="n">response</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Register Behaviors in Program.cs </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddMediatR</span><span class="p">(</span><span class="n">cfg</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">cfg</span><span class="p">.</span><span class="nf">RegisterServicesFromAssembly</span><span class="p">(</span><span class="k">typeof</span><span class="p">(</span><span class="n">Program</span><span class="p">).</span><span class="n">Assembly</span><span class="p">);</span> <span class="n">cfg</span><span class="p">.</span><span class="nf">AddBehavior</span><span class="p">(</span><span class="k">typeof</span><span class="p">(</span><span class="n">IPipelineBehavior</span><span class="p">&lt;,&gt;),</span> <span class="k">typeof</span><span class="p">(</span><span class="n">LoggingBehavior</span><span class="p">&lt;,&gt;));</span> <span class="n">cfg</span><span class="p">.</span><span class="nf">AddBehavior</span><span class="p">(</span><span class="k">typeof</span><span class="p">(</span><span class="n">IPipelineBehavior</span><span class="p">&lt;,&gt;),</span> <span class="k">typeof</span><span class="p">(</span><span class="n">ValidationBehavior</span><span class="p">&lt;,&gt;));</span> <span class="p">});</span> </code></pre> </div> <p>Every feature automatically gets validation and logging without touching each handler.</p> <h2> 🧪 Testing Strategy </h2> <p>In VSA, we prioritize <strong>Integration Tests</strong>. Since the slice is self-contained, testing the API endpoint with a real (or in-memory) database gives you the highest confidence with the least effort.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">CreateProductTests</span> <span class="p">:</span> <span class="n">IClassFixture</span><span class="p">&lt;</span><span class="n">WebApplicationFactory</span><span class="p">&lt;</span><span class="n">Program</span><span class="p">&gt;&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">HttpClient</span> <span class="n">_client</span><span class="p">;</span> <span class="k">public</span> <span class="nf">CreateProductTests</span><span class="p">(</span><span class="n">WebApplicationFactory</span><span class="p">&lt;</span><span class="n">Program</span><span class="p">&gt;</span> <span class="n">factory</span><span class="p">)</span> <span class="p">{</span> <span class="n">_client</span> <span class="p">=</span> <span class="n">factory</span><span class="p">.</span><span class="nf">CreateClient</span><span class="p">();</span> <span class="p">}</span> <span class="p">[</span><span class="n">Fact</span><span class="p">]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">CreateProduct_WithValidData_ReturnsCreated</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Arrange</span> <span class="kt">var</span> <span class="n">command</span> <span class="p">=</span> <span class="k">new</span> <span class="p">{</span> <span class="n">name</span> <span class="p">=</span> <span class="s">"Laptop"</span><span class="p">,</span> <span class="n">price</span> <span class="p">=</span> <span class="m">999</span><span class="p">,</span> <span class="n">categoryId</span> <span class="p">=</span> <span class="m">1</span> <span class="p">};</span> <span class="c1">// Act</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_client</span><span class="p">.</span><span class="nf">PostAsJsonAsync</span><span class="p">(</span><span class="s">"/api/products"</span><span class="p">,</span> <span class="n">command</span><span class="p">);</span> <span class="c1">// Assert</span> <span class="n">response</span><span class="p">.</span><span class="n">StatusCode</span><span class="p">.</span><span class="nf">Should</span><span class="p">().</span><span class="nf">Be</span><span class="p">(</span><span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">Created</span><span class="p">);</span> <span class="kt">var</span> <span class="n">productId</span> <span class="p">=</span> <span class="k">await</span> <span class="n">response</span><span class="p">.</span><span class="n">Content</span><span class="p">.</span><span class="n">ReadFromJsonAsync</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;();</span> <span class="n">productId</span><span class="p">.</span><span class="nf">Should</span><span class="p">().</span><span class="nf">BeGreaterThan</span><span class="p">(</span><span class="m">0</span><span class="p">);</span> <span class="p">}</span> <span class="p">[</span><span class="n">Fact</span><span class="p">]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">CreateProduct_WithInvalidPrice_ReturnsBadRequest</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Arrange</span> <span class="kt">var</span> <span class="n">command</span> <span class="p">=</span> <span class="k">new</span> <span class="p">{</span> <span class="n">name</span> <span class="p">=</span> <span class="s">"Laptop"</span><span class="p">,</span> <span class="n">price</span> <span class="p">=</span> <span class="p">-</span><span class="m">10</span><span class="p">,</span> <span class="c1">// Invalid</span> <span class="n">categoryId</span> <span class="p">=</span> <span class="m">1</span> <span class="p">};</span> <span class="c1">// Act</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_client</span><span class="p">.</span><span class="nf">PostAsJsonAsync</span><span class="p">(</span><span class="s">"/api/products"</span><span class="p">,</span> <span class="n">command</span><span class="p">);</span> <span class="c1">// Assert</span> <span class="n">response</span><span class="p">.</span><span class="n">StatusCode</span><span class="p">.</span><span class="nf">Should</span><span class="p">().</span><span class="nf">Be</span><span class="p">(</span><span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">BadRequest</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why integration tests?</strong></p> <ul> <li>Tests the entire slice end-to-end</li> <li>Validates that all pieces work together</li> <li>Catches integration issues early</li> <li>Closer to how users actually use the system</li> </ul> <h2> 🔧 Essential Setup </h2> <h3> Required NuGet Packages </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># MediatR for request/response pattern</span> dotnet add package MediatR <span class="c"># FluentValidation for validation</span> dotnet add package FluentValidation dotnet add package FluentValidation.DependencyInjectionExtensions <span class="c"># Carter for minimal API organization (optional)</span> dotnet add package Carter <span class="c"># Entity Framework Core</span> dotnet add package Microsoft.EntityFrameworkCore dotnet add package Microsoft.EntityFrameworkCore.SqlServer </code></pre> </div> <h3> Program.cs Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="c1">// Database</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddDbContext</span><span class="p">&lt;</span><span class="n">AppDbContext</span><span class="p">&gt;(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="n">options</span><span class="p">.</span><span class="nf">UseSqlServer</span><span class="p">(</span><span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">.</span><span class="nf">GetConnectionString</span><span class="p">(</span><span class="s">"DefaultConnection"</span><span class="p">)));</span> <span class="c1">// MediatR with behaviors</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddMediatR</span><span class="p">(</span><span class="n">cfg</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">cfg</span><span class="p">.</span><span class="nf">RegisterServicesFromAssembly</span><span class="p">(</span><span class="k">typeof</span><span class="p">(</span><span class="n">Program</span><span class="p">).</span><span class="n">Assembly</span><span class="p">);</span> <span class="n">cfg</span><span class="p">.</span><span class="nf">AddBehavior</span><span class="p">(</span><span class="k">typeof</span><span class="p">(</span><span class="n">IPipelineBehavior</span><span class="p">&lt;,&gt;),</span> <span class="k">typeof</span><span class="p">(</span><span class="n">LoggingBehavior</span><span class="p">&lt;,&gt;));</span> <span class="n">cfg</span><span class="p">.</span><span class="nf">AddBehavior</span><span class="p">(</span><span class="k">typeof</span><span class="p">(</span><span class="n">IPipelineBehavior</span><span class="p">&lt;,&gt;),</span> <span class="k">typeof</span><span class="p">(</span><span class="n">ValidationBehavior</span><span class="p">&lt;,&gt;));</span> <span class="p">});</span> <span class="c1">// FluentValidation</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddValidatorsFromAssemblyContaining</span><span class="p">&lt;</span><span class="n">Program</span><span class="p">&gt;();</span> <span class="c1">// Carter (if using)</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddCarter</span><span class="p">();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseHttpsRedirection</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapCarter</span><span class="p">();</span> <span class="c1">// Maps all endpoints</span> <span class="n">app</span><span class="p">.</span><span class="nf">Run</span><span class="p">();</span> </code></pre> </div> <h2> 📚 Common Patterns </h2> <h3> Pattern 1: Query Features (Read-Only) </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Features/Products/GetById/GetProduct.cs</span> <span class="k">public</span> <span class="k">static</span> <span class="k">class</span> <span class="nc">GetProduct</span> <span class="p">{</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">Query</span><span class="p">(</span><span class="kt">int</span> <span class="n">Id</span><span class="p">)</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;;</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">ProductDto</span><span class="p">(</span><span class="kt">int</span> <span class="n">Id</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Name</span><span class="p">,</span> <span class="kt">decimal</span> <span class="n">Price</span><span class="p">,</span> <span class="kt">string</span> <span class="n">CategoryName</span><span class="p">);</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Handler</span> <span class="p">:</span> <span class="n">IRequestHandler</span><span class="p">&lt;</span><span class="n">Query</span><span class="p">,</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">AppDbContext</span> <span class="n">_db</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;</span> <span class="nf">Handle</span><span class="p">(</span><span class="n">Query</span> <span class="n">request</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">product</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="n">Products</span> <span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">Id</span> <span class="p">==</span> <span class="n">request</span><span class="p">.</span><span class="n">Id</span><span class="p">)</span> <span class="p">.</span><span class="nf">Select</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="k">new</span> <span class="nf">ProductDto</span><span class="p">(</span> <span class="n">p</span><span class="p">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">p</span><span class="p">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">p</span><span class="p">.</span><span class="n">Price</span><span class="p">,</span> <span class="n">p</span><span class="p">.</span><span class="n">Category</span><span class="p">.</span><span class="n">Name</span> <span class="p">))</span> <span class="p">.</span><span class="nf">FirstOrDefaultAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="k">return</span> <span class="n">product</span> <span class="p">!=</span> <span class="k">null</span> <span class="p">?</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;.</span><span class="nf">Success</span><span class="p">(</span><span class="n">product</span><span class="p">)</span> <span class="p">:</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;.</span><span class="nf">Failure</span><span class="p">(</span><span class="s">"Product not found"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Key points:</strong></p> <ul> <li>Use <code>Select</code> to project only needed data</li> <li>Return DTOs, not entities</li> <li>One query, optimized for this specific use case</li> </ul> <h3> Pattern 2: List/Search Features </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Features/Products/List/ListProducts.cs</span> <span class="k">public</span> <span class="k">static</span> <span class="k">class</span> <span class="nc">ListProducts</span> <span class="p">{</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">Query</span><span class="p">(</span> <span class="kt">int</span> <span class="n">Page</span> <span class="p">=</span> <span class="m">1</span><span class="p">,</span> <span class="kt">int</span> <span class="n">PageSize</span> <span class="p">=</span> <span class="m">20</span><span class="p">,</span> <span class="kt">string</span><span class="p">?</span> <span class="n">SearchTerm</span> <span class="p">=</span> <span class="k">null</span><span class="p">,</span> <span class="kt">int</span><span class="p">?</span> <span class="n">CategoryId</span> <span class="p">=</span> <span class="k">null</span> <span class="p">)</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="n">PagedResult</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;&gt;;</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">ProductDto</span><span class="p">(</span><span class="kt">int</span> <span class="n">Id</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Name</span><span class="p">,</span> <span class="kt">decimal</span> <span class="n">Price</span><span class="p">);</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">PagedResult</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;(</span><span class="n">List</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="n">Items</span><span class="p">,</span> <span class="kt">int</span> <span class="n">TotalCount</span><span class="p">,</span> <span class="kt">int</span> <span class="n">Page</span><span class="p">,</span> <span class="kt">int</span> <span class="n">PageSize</span><span class="p">);</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Handler</span> <span class="p">:</span> <span class="n">IRequestHandler</span><span class="p">&lt;</span><span class="n">Query</span><span class="p">,</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">PagedResult</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">AppDbContext</span> <span class="n">_db</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="n">PagedResult</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;&gt;</span> <span class="nf">Handle</span><span class="p">(</span> <span class="n">Query</span> <span class="n">request</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">query</span> <span class="p">=</span> <span class="n">_db</span><span class="p">.</span><span class="n">Products</span><span class="p">.</span><span class="nf">AsQueryable</span><span class="p">();</span> <span class="c1">// Apply filters</span> <span class="k">if</span> <span class="p">(!</span><span class="kt">string</span><span class="p">.</span><span class="nf">IsNullOrWhiteSpace</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">SearchTerm</span><span class="p">))</span> <span class="n">query</span> <span class="p">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">Name</span><span class="p">.</span><span class="nf">Contains</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">SearchTerm</span><span class="p">));</span> <span class="k">if</span> <span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">CategoryId</span><span class="p">.</span><span class="n">HasValue</span><span class="p">)</span> <span class="n">query</span> <span class="p">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">CategoryId</span> <span class="p">==</span> <span class="n">request</span><span class="p">.</span><span class="n">CategoryId</span><span class="p">.</span><span class="n">Value</span><span class="p">);</span> <span class="c1">// Get total count</span> <span class="kt">var</span> <span class="n">totalCount</span> <span class="p">=</span> <span class="k">await</span> <span class="n">query</span><span class="p">.</span><span class="nf">CountAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="c1">// Pagination</span> <span class="kt">var</span> <span class="n">items</span> <span class="p">=</span> <span class="k">await</span> <span class="n">query</span> <span class="p">.</span><span class="nf">Skip</span><span class="p">((</span><span class="n">request</span><span class="p">.</span><span class="n">Page</span> <span class="p">-</span> <span class="m">1</span><span class="p">)</span> <span class="p">*</span> <span class="n">request</span><span class="p">.</span><span class="n">PageSize</span><span class="p">)</span> <span class="p">.</span><span class="nf">Take</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">PageSize</span><span class="p">)</span> <span class="p">.</span><span class="nf">Select</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="k">new</span> <span class="nf">ProductDto</span><span class="p">(</span><span class="n">p</span><span class="p">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">p</span><span class="p">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">p</span><span class="p">.</span><span class="n">Price</span><span class="p">))</span> <span class="p">.</span><span class="nf">ToListAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="k">return</span> <span class="n">Result</span><span class="p">&lt;</span><span class="n">PagedResult</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;&gt;.</span><span class="nf">Success</span><span class="p">(</span> <span class="k">new</span> <span class="n">PagedResult</span><span class="p">&lt;</span><span class="n">ProductDto</span><span class="p">&gt;(</span><span class="n">items</span><span class="p">,</span> <span class="n">totalCount</span><span class="p">,</span> <span class="n">request</span><span class="p">.</span><span class="n">Page</span><span class="p">,</span> <span class="n">request</span><span class="p">.</span><span class="n">PageSize</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Pattern 3: Features with Domain Events </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Features/Orders/Create/CreateOrder.cs</span> <span class="k">public</span> <span class="k">static</span> <span class="k">class</span> <span class="nc">CreateOrder</span> <span class="p">{</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">Command</span><span class="p">(</span><span class="kt">int</span> <span class="n">CustomerId</span><span class="p">,</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">OrderItemDto</span><span class="p">&gt;</span> <span class="n">Items</span><span class="p">)</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;&gt;;</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Handler</span> <span class="p">:</span> <span class="n">IRequestHandler</span><span class="p">&lt;</span><span class="n">Command</span><span class="p">,</span> <span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">AppDbContext</span> <span class="n">_db</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IMediator</span> <span class="n">_mediator</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;&gt;</span> <span class="nf">Handle</span><span class="p">(</span><span class="n">Command</span> <span class="n">request</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">order</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Order</span> <span class="p">{</span> <span class="n">CustomerId</span> <span class="p">=</span> <span class="n">request</span><span class="p">.</span><span class="n">CustomerId</span><span class="p">,</span> <span class="n">Status</span> <span class="p">=</span> <span class="n">OrderStatus</span><span class="p">.</span><span class="n">Pending</span><span class="p">,</span> <span class="n">CreatedAt</span> <span class="p">=</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span> <span class="p">};</span> <span class="n">_db</span><span class="p">.</span><span class="n">Orders</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="n">order</span><span class="p">);</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="nf">SaveChangesAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="c1">// Publish event - other features can react</span> <span class="k">await</span> <span class="n">_mediator</span><span class="p">.</span><span class="nf">Publish</span><span class="p">(</span><span class="k">new</span> <span class="nf">OrderCreated</span><span class="p">(</span><span class="n">order</span><span class="p">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">request</span><span class="p">.</span><span class="n">Items</span><span class="p">),</span> <span class="n">ct</span><span class="p">);</span> <span class="k">return</span> <span class="n">Result</span><span class="p">&lt;</span><span class="kt">int</span><span class="p">&gt;.</span><span class="nf">Success</span><span class="p">(</span><span class="n">order</span><span class="p">.</span><span class="n">Id</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Features/Inventory/ReserveStock/OrderCreatedHandler.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">OrderCreatedHandler</span> <span class="p">:</span> <span class="n">INotificationHandler</span><span class="p">&lt;</span><span class="n">OrderCreated</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">AppDbContext</span> <span class="n">_db</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">Handle</span><span class="p">(</span><span class="n">OrderCreated</span> <span class="n">notification</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">ct</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Update inventory in its own feature</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">item</span> <span class="k">in</span> <span class="n">notification</span><span class="p">.</span><span class="n">Items</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">product</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="n">Products</span><span class="p">.</span><span class="nf">FindAsync</span><span class="p">(</span><span class="n">item</span><span class="p">.</span><span class="n">ProductId</span><span class="p">,</span> <span class="n">ct</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">product</span> <span class="p">!=</span> <span class="k">null</span><span class="p">)</span> <span class="n">product</span><span class="p">.</span><span class="n">ReservedStock</span> <span class="p">+=</span> <span class="n">item</span><span class="p">.</span><span class="n">Quantity</span><span class="p">;</span> <span class="p">}</span> <span class="k">await</span> <span class="n">_db</span><span class="p">.</span><span class="nf">SaveChangesAsync</span><span class="p">(</span><span class="n">ct</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Key insight:</strong> Features stay decoupled but can react to each other's events through MediatR notifications.</p> <h2> 🚀 Can I Use This in an Existing App? </h2> <p><strong>Yes!</strong> VSA's superpower is that you can start TODAY without rewriting anything.</p> <h3> Incremental Adoption Strategy </h3> <p><strong>Phase 1: Coexistence (Month 1-2)</strong></p> <p>Keep your layered code. Build new features as slices. They can coexist:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>MyApp/ ├── Controllers/ # Old layered code - still works │ ├── ProductsController.cs │ └── OrdersController.cs ├── Services/ # Old layered code - still works │ ├── ProductService.cs │ └── OrderService.cs ├── Repositories/ # Old layered code - still works │ └── ProductRepository.cs ├── Features/ # New slices - start here! │ ├── Shipping/ │ │ ├── CalculateRate/ │ │ └── TrackPackage/ │ └── Notifications/ │ └── SendEmail/ </code></pre> </div> <p><strong>Benefits:</strong><br> ✅ Zero risk to existing functionality<br><br> ✅ Team learns VSA gradually<br><br> ✅ New features ship faster<br><br> ✅ Easy to rollback if needed </p> <p><strong>Phase 2: Strategic Migration (Month 3-6)</strong></p> <p>Migrate one feature at a time. Start with simple CRUD:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="c1">// Step 1: Pick a simple feature</span> <span class="c1">// Good candidates:</span> <span class="c1">// - Recently added features (less legacy baggage)</span> <span class="c1">// - Features that change frequently</span> <span class="c1">// - Simple CRUD with few dependencies</span> <span class="c1">// Step 2: Create slice</span> <span class="n">Features</span><span class="p">/</span><span class="n">Products</span><span class="p">/</span><span class="n">Archive</span><span class="p">/</span><span class="n">ArchiveProduct</span><span class="p">.</span><span class="n">cs</span> <span class="c1">// Step 3: Test thoroughly</span> <span class="c1">// Step 4: Delete old code ONLY after new code is in production</span> </code></pre> </div> <p><strong>Phase 3: Live with Both (Ongoing)</strong></p> <p>After 6 months:</p> <ul> <li>70-80% slice-based</li> <li>20-30% still layered</li> <li><strong>That's perfectly fine!</strong></li> </ul> <p>Don't force migration if the old code works. Focus on new development in slices.</p> <p><strong>Real Timeline Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Month 1: Build 3 new features as slices Month 2: Migrate 5 simple CRUD operations Month 3: Migrate 3 medium features Month 4: Build all new features as slices Month 5: Migrate 2 complex features Month 6: Stop migrating, focus on new development Result: ~75% slice-based, team velocity up 40% </code></pre> </div> <p><strong>When to Stop Migrating:</strong></p> <ul> <li>Feature is complex and working fine</li> <li>Migration cost &gt; benefit</li> <li>Feature rarely changes</li> <li>Team isn't comfortable yet</li> </ul> <h2> ⚠️ Common Pitfalls (And How to Avoid Them) </h2> <p>Even with its simplicity, it's easy to lose the "Vertical" spirit. Here are the most common mistakes:</p> <h3> 1. The "Shared" Folder Trap </h3> <p><strong>The #1 question when starting with VSA:</strong> <em>"Where do I put code that's used by multiple features? Won't I end up with a huge Shared folder?"</em></p> <p><strong>The Problem:</strong></p> <p>You see two features that both send emails and immediately create:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Common/ ├── Services/ │ └── EmailService.cs ├── DTOs/ │ ├── ProductDto.cs # Feature-specific! │ └── OrderDto.cs # Feature-specific! ├── Validators/ │ └── CreateOrderValidator.cs # Feature-specific! └── Helpers/ └── (Everything else) </code></pre> </div> <p>Before you know it, <code>Common</code> is a dumping ground and features are tightly coupled.</p> <p><strong>The Solution: A Simple Rule</strong></p> <blockquote> <p><strong>Share infrastructure, duplicate business logic.</strong></p> </blockquote> <p><strong>✅ OK to share:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Common/ ├── Behaviors/ # MediatR pipeline (logging, validation) ├── Results/ # Generic Result&lt;T&gt; type ├── Interfaces/ │ ├── IEmailSender.cs # External services │ └── IFileStorage.cs └── Extensions/ └── ValidationExtensions.cs # Simple reusable rules </code></pre> </div> <p><strong>Why:</strong> These are cross-cutting concerns that apply to ALL features uniformly.</p> <p><strong>❌ Don't share:</strong></p> <ul> <li>DTOs between features (each feature has its own)</li> <li>Business logic between features (duplicate instead)</li> <li>Feature-specific validators</li> <li>"Helpers" or "Utilities" folders</li> </ul> <p><strong>The Key Insight:</strong></p> <p>Just because features share the same database entity doesn't mean they share DTOs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Data/Entities/Product.cs - Shared database entity</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Product</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Name</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">decimal</span> <span class="n">Price</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Features/Products/Create/CreateProduct.cs</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">Command</span><span class="p">(</span><span class="kt">string</span> <span class="n">Name</span><span class="p">,</span> <span class="kt">decimal</span> <span class="n">Price</span><span class="p">);</span> <span class="c1">// Only what Create needs</span> <span class="c1">// Features/Products/List/ListProducts.cs </span> <span class="k">public</span> <span class="k">record</span> <span class="nc">ProductDto</span><span class="p">(</span><span class="kt">int</span> <span class="n">Id</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Name</span><span class="p">,</span> <span class="kt">decimal</span> <span class="n">Price</span><span class="p">);</span> <span class="c1">// Different!</span> <span class="c1">// Features/Products/GetDetails/GetProductDetails.cs</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">DetailedProductDto</span><span class="p">(</span> <span class="kt">int</span> <span class="n">Id</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Name</span><span class="p">,</span> <span class="kt">decimal</span> <span class="n">Price</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Description</span><span class="p">,</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">ReviewDto</span><span class="p">&gt;</span> <span class="n">Reviews</span> <span class="p">);</span> <span class="c1">// Completely different!</span> </code></pre> </div> <p><strong>The Health Check:</strong></p> <p>Your <code>Common</code> folder is healthy if:</p> <p>✅ &lt; 10 files total<br><br> ✅ No business logic<br><br> ✅ No feature-specific code<br><br> ✅ Could be published as a NuGet package </p> <p>Your <code>Common</code> folder has problems if:</p> <p>❌ &gt; 20 files<br><br> ❌ Has "Helpers" folder<br><br> ❌ Has DTOs<br><br> ❌ Features depend on it heavily </p> <p><strong>When in Doubt:</strong></p> <p>Ask: <strong>"Is this infrastructure or business logic?"</strong></p> <ul> <li>Infrastructure → Common (maybe)</li> <li>Business logic → Feature (definitely)</li> </ul> <p><strong>Remember:</strong> Three files in Common is better than thirty.</p> <h3> 2. Logic Leaking into Endpoints </h3> <p><strong>The Error:</strong> Putting <code>if/else</code> business rules inside the Minimal API or Controller.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ DON'T DO THIS</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapPost</span><span class="p">(</span><span class="s">"/api/products"</span><span class="p">,</span> <span class="k">async</span> <span class="p">(</span><span class="n">CreateProductRequest</span> <span class="n">request</span><span class="p">,</span> <span class="n">AppDbContext</span> <span class="n">db</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="c1">// Business logic in endpoint!</span> <span class="k">if</span> <span class="p">(</span><span class="kt">string</span><span class="p">.</span><span class="nf">IsNullOrEmpty</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">Name</span><span class="p">))</span> <span class="k">return</span> <span class="n">Results</span><span class="p">.</span><span class="nf">BadRequest</span><span class="p">(</span><span class="s">"Name is required"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">Price</span> <span class="p">&lt;=</span> <span class="m">0</span><span class="p">)</span> <span class="k">return</span> <span class="n">Results</span><span class="p">.</span><span class="nf">BadRequest</span><span class="p">(</span><span class="s">"Price must be positive"</span><span class="p">);</span> <span class="kt">var</span> <span class="n">product</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Product</span> <span class="p">{</span> <span class="p">...</span> <span class="p">};</span> <span class="n">db</span><span class="p">.</span><span class="n">Products</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="n">product</span><span class="p">);</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">SaveChangesAsync</span><span class="p">();</span> <span class="k">return</span> <span class="n">Results</span><span class="p">.</span><span class="nf">Created</span><span class="p">(...);</span> <span class="p">});</span> </code></pre> </div> <p><strong>The Solution:</strong> The endpoint should be a thin wrapper. Its only job is to receive the request and call <code>mediator.Send()</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ✅ DO THIS</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapPost</span><span class="p">(</span><span class="s">"/api/products"</span><span class="p">,</span> <span class="k">async</span> <span class="p">(</span><span class="n">CreateProduct</span><span class="p">.</span><span class="n">Command</span> <span class="n">request</span><span class="p">,</span> <span class="n">IMediator</span> <span class="n">mediator</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">result</span> <span class="p">=</span> <span class="k">await</span> <span class="n">mediator</span><span class="p">.</span><span class="nf">Send</span><span class="p">(</span><span class="n">request</span><span class="p">);</span> <span class="k">return</span> <span class="n">result</span><span class="p">.</span><span class="n">IsSuccess</span> <span class="p">?</span> <span class="n">Results</span><span class="p">.</span><span class="nf">Created</span><span class="p">(...)</span> <span class="p">:</span> <span class="n">Results</span><span class="p">.</span><span class="nf">BadRequest</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">Error</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>All business logic and validation stays in the handler and validator.</p> <h3> 3. Creating "God" Slices </h3> <p><strong>The Error:</strong> Creating a single slice called <code>ProductManagement</code> that handles Create, Update, Delete, List, Search, Export, Import.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Features/ └── Products/ └── ProductManagement/ # ❌ God slice └── ProductManager.cs # 2000 lines of code </code></pre> </div> <p><strong>The Solution:</strong> Split them! Each use case is its own slice.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Features/ └── Products/ ├── Create/ # ✅ One responsibility ├── Update/ # ✅ One responsibility ├── Delete/ # ✅ One responsibility ├── List/ # ✅ One responsibility └── Search/ # ✅ One responsibility </code></pre> </div> <p><strong>Why:</strong> Keeping them separate makes code easier to:</p> <ul> <li>Find (knows exactly where "Create Product" lives)</li> <li>Test (smaller, focused tests)</li> <li>Modify (changes don't affect other operations)</li> <li>Delete (remove entire folder if feature is deprecated)</li> </ul> <h3> 4. Premature Extraction to Common </h3> <p><strong>The Error:</strong> Seeing similar code twice and immediately extracting to Common.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Two features have similar validation</span> <span class="c1">// Features/Products/Create - validates price</span> <span class="c1">// Features/Orders/Create - validates total</span> <span class="c1">// DON'T immediately create:</span> <span class="c1">// Common/Validators/MoneyValidator.cs</span> </code></pre> </div> <p><strong>The Solution:</strong> Wait for the third usage (Rule of Three). The code might diverge:</p> <ul> <li>Products might need different price rules per category</li> <li>Orders might need different rules for wholesale vs retail</li> </ul> <p><strong>Copy-paste twice. Extract on the third usage.</strong></p> <h2> ✅ When to Use Vertical Slice Architecture </h2> <p><strong>Perfect for:</strong></p> <p>✅ <strong>CRUD-heavy applications</strong> - E-commerce, CMS, dashboards<br><br> ✅ <strong>Microservices</strong> - Each service naturally organized by features<br><br> ✅ <strong>APIs with many endpoints</strong> - Easy to find and modify specific operations<br><br> ✅ <strong>Teams that value velocity</strong> - Less ceremony = faster development<br><br> ✅ <strong>Evolutionary systems</strong> - When you don't know how the system will grow </p> <p><strong>Consider alternatives when:</strong></p> <p>❌ <strong>Complex shared domain logic</strong> - Heavy domain modeling with aggregates<br><br> ❌ <strong>Need to swap infrastructure frequently</strong> - Multiple database providers<br><br> ❌ <strong>Building frameworks or libraries</strong> - Reusability &gt; feature velocity </p> <h2> 🎯 Key Takeaways </h2> <ol> <li><p><strong>Organize by feature, not by layer</strong> - Everything for "Create Product" in one place</p></li> <li><p><strong>High cohesion, low coupling</strong> - Features are self-contained and independent</p></li> <li><p><strong>Minimal abstractions</strong> - Only create them when you have actual shared behavior</p></li> <li><p><strong>Incremental adoption</strong> - Start today with new features, migrate gradually</p></li> <li><p><strong>Share infrastructure, duplicate business logic</strong> - Keep the Common folder small</p></li> <li><p><strong>MediatR behaviors handle cross-cutting concerns</strong> - Validation and logging are automatic</p></li> <li><p><strong>Integration tests give highest confidence</strong> - Test complete slices end-to-end</p></li> </ol> <h2> 💬 What's Next? </h2> <p>Now that you understand Vertical Slice Architecture, here are some questions you might have:</p> <p><strong>"How do I handle Domain Events to communicate between slices without coupling them?"</strong></p> <p>Domain events with MediatR notifications let features react to each other while staying independent. A <code>OrderCreated</code> event can trigger inventory updates, email notifications, and analytics tracking - all in separate handlers.</p> <p><strong>"What about complex business rules shared across features?"</strong></p> <p>If you truly have shared domain logic (not just similar code), you can create a small Domain layer with that core logic. Features call into it, but remain independent slices.</p> <p><strong>"Can I mix this with DDD?"</strong></p> <p>Absolutely! Use Vertical Slices for most features, and a Domain layer for your core business aggregates. They complement each other well.</p> dotnet cleancode architecture designpatterns Adrián Bailador Fri, 06 Feb 2026 21:50:38 +0000 https://forem.com/adrianbailador/just-launched-the-coffee-timer-my-personal-productivity-project-43bg https://forem.com/adrianbailador/just-launched-the-coffee-timer-my-personal-productivity-project-43bg <p>My time management app is finally in production. It combines the Pomodoro technique with a coffee-inspired aesthetic and smart automation.</p> <p>🎯 What is The Coffee Timer?<br> A web application that helps you stay focused with 25-minute work sessions, intelligent task management, and productivity insights.</p> <p>✨ Key features:</p> <ul> <li>Pomodoro timer with animated coffee cup visualization</li> <li>Auto-start sessions - maintains your flow between work and breaks</li> <li>Session feedback tracking - understand when you're most productive</li> <li>Live timer in browser tab - no need to switch windows</li> <li>Task management with priorities, tags, and categories</li> <li>AI-powered daily summary and smart suggestions (Google Gemini)</li> <li>Ambient sounds for better focus</li> <li>Focus Mode for distraction-free work</li> <li>Dark/light mode</li> <li>PWA - works offline, installable as a native app</li> <li>Google authentication</li> <li>Premium subscription with advanced analytics via Stripe</li> </ul> <p>🛠️ Tech stack:<br> Frontend: React + TypeScript + Tailwind CSS<br> Backend: .NET 8<br> Database: Supabase (PostgreSQL)<br> AI: Google Gemini API<br> Payments: Stripe</p> <p>This project taught me about Stripe payment integration, JWT authentication, generative AI APIs, real-time browser tab updates, and building smooth UX flows that reduce friction instead of adding it.</p> <p>The biggest lesson? Shipping version 1.0 with core features beats waiting for perfection.</p> <p>🔗 Try it free: <a href="https://thecoffeetimer.com" rel="noopener noreferrer">https://thecoffeetimer.com</a></p> <p>Do you use the Pomodoro technique? What features would make a productivity tool actually useful for you? I'd love to hear your thoughts!</p> dotnet csharp programming productivity