Q1-Q5

Q1. What is middleware in dotnet 8 ?

Q2.What is the High-Level Flow of Authentication and Authorization in dotnet 8 applications?

Q3. Difference app.Use(), app.next(), app.map(), app.mapwhen(), app.run() in dotnet 8?

Q4. Suppose you have created a service and its interface. You have imported that to your controller class but while making an api request. it is not hitting that particular service?

Q5. How to stop a controller from getting called?

-----------------------------------------------------------------------------------------------------------------------------

Q1. What is middleware in dotnet 8?

Answer:

In .NET 8, middleware is a lightweight component in the request pipeline that can processes every incoming HTTP requests and every outgoing responses.

Middleware are executed in the order they are registered in the pipeline. Most of them call the next middleware in the chain via a delegate(app.use and app.next), while some (like app.Run) can short-circuit the pipeline and it will stop the further calling. 

You can use built-in middleware (e.g., UseRouting, UseAuthentication, UseAuthorization) or create custom middleware by implementing a class with an Invoke or InvokeAsync method.

With .NET 8’s minimal hosting model, middleware are typically configured in the Program.cs file using extension methods like app.Use(...), app.Map(...), app.MapWhen(...)or app.Run(...).

-----------------------------------------------------------------------------------------------------------------------------

Q2. What is the High-Level Flow of Authentication and Authorization in dotnet 8 applications?

Answer

The high-level flow of authentication and authorization in .NET 8 is as follows:

1. Authentication (Identity Establishment)

• A client first authenticates by presenting credentials—this could be username/password through a login API, an API key, or a federated login (e.g., OpenID Connect).

• If credentials are valid, the server issues a security token (commonly a JWT). The token contains identity details and claims (e.g., user id, email, roles).

{

  "sub": "12345",

  "name": "Himanshu Goel",

  "role": "Admin",

  "exp": 1727467200

}

2. Token Storage & Requesting APIs

• The client stores the token (e.g., in local storage, session storage, or cookies).
• For subsequent API calls, the client includes the token in the Authorization header:

Authorization: Bearer <token>

3. Pipeline Validation via Middleware

• The Authentication middleware validates the token (signature, expiry, issuer, audience). If invalid, the request is rejected.

• Once authenticated, the Authorization middleware inspects the claims to enforce policies, roles, or custom requirements. Controllers or endpoints decorated with [Authorize] are protected, while [AllowAnonymous] bypasses checks.

[Authorize(Roles = "Admin")]

public IActionResult GetAdminData() { ... }

4. Program.cs Setup (Minimal Hosting Model in .NET 8) 

         var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthentication("Bearer")
    .AddJwtBearer("Bearer", options => { 
        options.TokenValidationParameters = ...; 
    });
builder.Services.AddAuthorization();
var app = builder.Build();
app.UseAuthentication();
app.UseAuthorization();

-----------------------------------------------------------------------------------------------------------------------------

Q3. Difference app.Use(), app.next(), app.map(), app.mapwhen(), app.run() in dotnet 8?

Answer:

With app.Use may call next middleware component in the pipeline. 

On the other hand, middleware defined using app. Run will never call subsequent middleware and terminates the pipeline. 

1. app.Use()

2. app.next()

for app.use() and app.next()

What it does: Adds a middleware to the pipeline.

That middleware can do some work before passing the request along, and then also do work after the next middleware finishes.

Example: logging, authentication, error handling.

app.Use(async (context, next) =>

{

    Console.WriteLine("Before next middleware");

    await next(); // pass control to the next middleware

    Console.WriteLine("After next middleware");

});

------------------

3. app.map()

Used for branching the pipeline based on a fixed path.

app.Map("/api", apiApp =>

{

    apiApp.Run(async ctx => await ctx.Response.WriteAsync("API branch"));

});

-----------------------

4.app.mapwhen()

Like Map, but branches based on a predicate instead of a fixed path.

app.MapWhen(

    ctx => ctx.Request.Query.ContainsKey("debug"),

    debugApp =>

    {

        debugApp.Run(async ctx =>

            await ctx.Response.WriteAsync("Debug branch"));

    });

-----------------------

5. app.Run()

Registers a terminal middleware.

-----------------------------------------------------------------------------------------------------------------------------

Q4.  In dotnet 8 applications suppose you have created a service and its interface. You have imported that to your controller class but while making an api request, it is not hitting that particular service. What could the possible reason and solution?

Answer:

One major reason could be "Service Registration" missing. Ensure to register interface in program.cs page using AddScoped, AddSingleton, AddTransient

builder.services.AddScoped<IMyService, MyService>();

-----------------------------------------------------------------------------------------------------------------------------

Q5. How to stop a controller from acting like a controller class?

Answer:

So in .NET 8, a class will act like a controller if:

• It’s decorated with [ApiController] or [Controller], or
  
• It has routing attributes ([Route], [HttpGet], etc.), or
  
• It inherits from Controller or ControllerBase.

To make it stop being treated as a controller, you remove those attributes/inheritance or filter it out in Program.cs when registering controllers.