.Net Core

Question 1

What is .net core?

Answer 1

A open source framework used to build applications from web applications, native applications etc. Most frequently coded using C# language which is an object orientated language that encompasses many modern programming disciplines.

static typing > compiler can do checks on types at compile type rather than run time.

Question 2

Describe the middleware vs filters in a .net core web application?

Answer 2

Middleware operates on on every request / response. e.g Authentication or Localization middleware

MVC middleware > Filters operate at the MVC layer, authorization, action filter and have access to access routing / MVC context

Question 3

How does routing work in .net core?

Answer 3

Conventional routing - useEndpoints - Controller/Action/id

Attribute routing - defined in the attribute

Question 4

Authentication and authorization .net core

Answer 4

.NetCore use middleware for authentication which can be setup on startup.

Configure services add authentication such as JWT authentication, validate authority and other token parameters.
Configure method used for http requests useAuthentication

Authorization allows you to set Policies. I have used that for specific roles or they have given context.

Takes a Policy Name, define requirement, generally used a role requirement in terms of what roles are allowed etc. AuthorizationHandler then defined to handle the requirement and registers on startup. We can then access the handler context for the user ClaimsPrincipal. Essential access the custom claim to access json object with roles.

On controller / action we can define an Authorization Attribute

context.Succeed
Complete Task

Question 5

What is Threading?

Answer 5

An analogy usually helps. You are cooking in a restaurant. An order comes in for eggs and toast.

Synchronous: you cook the eggs, then you cook the toast.
Asynchronous, single threaded: you start the eggs cooking and set a timer. You start the toast cooking, and set a timer. While they are both cooking, you clean the kitchen. When the timers go off you take the eggs off the heat and the toast out of the toaster and serve them.
Asynchronous, multithreaded: you hire two more cooks, one to cook eggs and one to cook toast. Now you have the problem of coordinating the cooks so that they do not conflict with each other in the kitchen when sharing resources. And you have to pay them.

Question 6

What is async await?

Answer 6

Async await is the mechanism to manage long running operations / I/O or DB calls with indeterminate timeframe. The advantage of this is that it enables the state machine which allows the current thread to be freed up in order to perform another Task (single operation). This enables and supports vertical scaling in terms of maximising the resources in a given server.

Question 7

What testing tools have you used in .net core?

Answer 7

In terms of testing frameworks I have used both nunit and mstest. In terms of mocking I have used nsubstitute and moq. AutoMoq for setting up test objects.

Question 8

What is TDD?

Answer 8

TDD stands for Test Driven Development is the software development process relying on software requirements converted into test cases before the software is fully developed. The trigger for a new test is a requirement not a new class or method.

It focuses on writing basic test to meet the requirement that might not compile
The write the code as quickly as possible to meet the requirement
Refactor the code for readability, duplication, code smells, design patterns
You should not have to write new tests

Don’t blindly follow process for process sake. Use your experience and keep and open mind about what’s important to your products needs. __ Elliot Chance

Mocks are useful when a resource is expensive to create, people have used them to isolate classes

Question 9

What is BDD?

Answer 9

BDD (Behaviour-driven development) Testing is a technique of agile software development and is as an extension of TDD, i.e., Test Driven Development. In BDD, test cases are written in a natural language that even non-programmers can read. Involves product, stakeholders developers writing test cases to meet the need.

Gherkin given when then

Specflow
Playwright

Question 10

What is DI?

Answer 10

Dependency Inversion Principle (suggests a solution)

High level modules dont depend on lower level modules both depend on abstractions
Abstraction dont depend on details, details depend on abstractions

Maintainable, loose couple, testable code

IOC - is the mechanism to apply the principle that allows higher level modules to depend on abstraction rather than concrete implementations of lower level modules

Dependency Injection - design pattern to implement IOC allows you to inject low level component into your high level component

Register it, resolution at runtime and disposition lifetime

IServiceProvider > IServiceCollection

Question 11

What are using blocks?

Answer 11

used to outline the scope of unmanaged resource to ensure its memory is freed up as soon as possible. Generally used with the IDisposable interface in order to outline how it should be disposed.

Question 12

Abstract class vs interface

Answer 12

An abstract class allows you to create functionality that subclasses can implement or override. An interface only allows you to define functionality, not implement it.

extends is for extending a class.

implements is for implementing an interface

A big impediment to software evolution has been the fact that you couldn’t add new members to a public interface. You would break existing implementers of the interface; after all they would have no implementation for the new member!

Question 13

What is differed execution?

Answer 13

Deferred execution means that the evaluation of an expression is delayed until its realized value is actually required. It greatly improves performance by avoiding unnecessary execution.
It is executed when the query object is iterated over a loop.

IQueryable queries out-of-memory data stores, while IEnumerable queries in-memory data

Question 14

Constant vs readonly

Answer 14

A const is a compile-time constant whereas readonly allows a value to be calculated at run-time and set in the constructor or field initializer. So, a ‘const’ is always constant but ‘readonly’ is read-only once it is assigned.

Question 15

Virtual / abstract / Override

Answer 15

Abstract Method
Abstract Method resides in abstract class and it has no body.
Abstract Method must be overridden in non-abstract child class.

Virtual Method
Virtual Method can reside in abstract and non-abstract class.
It is not necessary to override virtual method in derived but it can be.
Virtual method must have body ….can be overridden by “override keyword”…..

Question 16

What is agile / scrum

Answer 16

Agile is a philosophy which takes an iterative approach towards completion of a project. Scrum focuses on delivery business value in the shortest time.
Plan design developer test release feedback

Scrum delivers every sprint
Ceremonies, sprint planning, standups

React quickly to changes

Question 17

What is OOP?

Answer 17

OOP implementing a solution focused on objects. An object encapsulates both data and behaviour
Behaviours are modelled through function and operate on the data.
Data is hidden from the outside world
Object is a concrete abstraction

Question 18

What are the pillars of OOP?

Answer 18

Abstraction
Inheritance
Polymorphism
Encapsulation

Question 19

What is inheritance?

Answer 19

Enables you to base one object or class off another object or class.
This allows reuse, extend, modify behaviour

C# single inheritance with the base class and then the derived class. it is transitive

Question 20

What is abstraction?

Answer 20

Abstraction focuses on what an object does rather than how it works.
Hide the inner implementation detail. Abstract classes / interfaces
Solves the issues at design level
Show relevant information
Information contained

Question 21

What is encapsulation?

Answer 21

Encapsulation is a putting a group of related properties and methods into a single unit.
implementation level
Hides inner detail

Question 22

What is polymorphism?

Answer 22

takes many forms (is-a relationship)

Compile time - method overloading
Run time - overriding virtual methods

Question 23

Access modifiers?

Answer 23

protected > current and derived class
internal > same assembly

Question 24

Solid principles

Answer 24

Single responsibility > Class should have one and only one reason to change
Open closed principle > Classes should be open for extension but closed for modification. Code that doesnt have to change when the requirements do
Liskov substitution principle > treat a child as if it was the parent - calculator
interface segregation > Small interfaces as possible, shouldnt create not implemented

Question 25

Oauth vs Open Id Connect

Answer 25

Resource owner
Resource server
Client
Authorization Server
Authorization grant
Redirect URI
Access token

Resource owner > passes response type code, scopes, redirect URI < Authorization Server > Authorization Code for access token

Question 26

OWASP security vulnerabilities ?

Answer 26

1 - Broken access control - parameter tampering, insecure direct object identifier, CORS misconfiguration
2 - Crypto failers, weak encryption, certs, clear text transmission
3 - Injection - SQL injection, no validation, Sanitization
4 - Insecure design -
5 - security misconfigd
6 0 vuknerabke componets
authenticatiib
logging faiklures

Question 27

Pillars of observability

Answer 27

Metrics
Logs
Tracing

Question 28

What is a rest API?

Answer 28

Uniform interface. All API requests for the same resource should look the same, no matter where the request comes from. The REST API should ensure that the same piece of data, such as the name or email address of a user, belongs to only one uniform resource identifier (URI). Resources shouldn’t be too large but should contain every piece of information that the client might need.
Client-server decoupling. In REST API design, client and server applications must be completely independent of each other. The only information the client application should know is the URI of the requested resource; it can’t interact with the server application in any other ways. Similarly, a server application shouldn’t modify the client application other than passing it to the requested data via HTTP.
Statelessness. REST APIs are stateless, meaning that each request needs to include all the information necessary for processing it. In other words, REST APIs do not require any server-side sessions. Server applications aren’t allowed to store any data related to a client request.
Cacheability. When possible, resources should be cacheable on the client or server side. Server responses also need to contain information about whether caching is allowed for the delivered resource. The goal is to improve performance on the client side, while increasing scalability on the server side.
Layered system architecture. In REST APIs, the calls and responses go through different layers. As a rule of thumb, don’t assume that the client and server applications connect directly to each other. There may be a number of different intermediaries in the communication loop. REST APIs need to be designed so that neither the client nor the server can tell whether it communicates with the end application or an intermediary.
Code on demand (optional). REST APIs usually send static resources, but in certain cases, responses can also contain executable code (such as Java applets). In these cases, the code should only run on-demand.

Question 29

what is web assembly

Answer 29

open web standards no need to recompile c# code download app assemblies, and ,net runtime.
Blazor web assembly bootstraps the .net runtime and loads the assemblies for execution

Question 30

What is EF Core?

Answer 30

EF core is a lightweight, extensible data access technology which can serve as an ORM. This allows developers to work the entities in code rather than SQL.