أسئلة القسم
تدرب على أسئلة المقابلات في هذا القسم. اكتب إجابتك، قم بتقييمها، أو اضغط على "عرض الإجابة" بعد التفكير.
What is token? متوسط
A piece of data (usually a string) used to authenticate or authorize a user. Examples: Session tokens, OAuth access tokens, JWTs. Carries claims/permissions instead of using cookies.
What is JWT? متوسط
Open standard (RFC 7519) for secure transmission of claims. Consists of Header, Payload, Signature. Self-contained: server doesn’t store session state.
What is different between Authorization and Authentication? متوسط
| Term | Meaning |
|---|---|
| Authentication | Verifying identity (login) |
| Authorization | Verifying permissions (what they can access) |
How does Routing work in ASP.NET Core, and what are Attribute Routes? متوسط
Routing: Matches incoming URL to endpoint (controller/action or Razor page). By default, uses convention-based routing defined in Program.cs. Attribute Routing: Decorating controllers/actions with [Route] to define URL patterns explicitly.
What is Middleware in ASP.NET Core, and how do you create a custom middleware? متوسط
Components that handle requests/responses in a pipeline. Registered in Program.cs using app.Use....
Creating custom middleware:
public class MyMiddleware {
private readonly RequestDelegate _next;
public MyMiddleware(RequestDelegate next) => _next = next;
public async Task Invoke(HttpContext context) {
await _next(context);
}
}
// In Program.cs
app.UseMiddleware<MyMiddleware>();
How does Middleware pipeline work in .NET Core? متوسط
Request enters → passes each middleware in order → endpoint executes → response travels back through middlewares. Order matters.
What are Action Filters and when to use them? متوسط
Special attributes that run before or after controller actions. Used for cross-cutting concerns: logging, validation, caching.
What is the difference between Middleware and ActionFilters? متوسط
| Feature | Middleware | Action Filter |
|---|---|---|
| Scope | Whole pipeline (all requests) | Specific controller/actions |
| When it runs | Before MVC executes | Around action execution inside MVC |
| Use Cases | Auth, logging, compression | Validation, custom logic per action |
What is an Anti-Forgery Token and why is it used? متوسط
Prevents Cross-Site Request Forgery (CSRF) attacks.
Ensures request is from the authenticated user’s browser.
ASP.NET Core: @Html.AntiForgeryToken() in view + [ValidateAntiForgeryToken] in action.
Is there any limit to the GET request’s length? If yes, where is such a limit configured? What about POST? متوسط
HTTP spec doesn’t set a hard limit. The web server or browser imposes limits:
- IIS default max URL length ≈ 16 KB.
- ASP.NET Core’s Kestrel has higher defaults but still limited by OS. POST body size can be configured (e.g. MaxRequestBodySize).
What are Kestrel and IIS, and how do they work with .NET Core applications? متوسط
Kestrel: Cross-platform, lightweight, built-in web server for ASP.NET Core. Always used. IIS: Windows-only, full-featured web server.
How they work:
ASP.NET Core runs on Kestrel internally. On Windows, you often put IIS in front as a reverse proxy (handles SSL termination, process management). On Linux you’d use Nginx/Apache in front.
Difference between ControllerBase and Controller in Web API. متوسط
| Class | Contains | Typical Use |
|---|---|---|
| ControllerBase | API-only features (routing, model binding, HTTP helpers) | Web API controllers (no views) |
| Controller | Inherits ControllerBase + View support (View(), PartialView()) | MVC controllers returning views |
What is alias in API? متوسط
Alternate route name for the same endpoint using multiple [Route] attributes.
What are the dependency injection scopes in ASP.NET? متوسط
- Transient: New instance every time requested.
- Scoped: One instance per request.
- Singleton: One instance for the lifetime of the app.
What is the types of lifetimes we use with Dependency injection and difference between them? متوسط
| Lifetime | Created | Typical Use |
|---|---|---|
| Transient | Every injection | Lightweight, stateless services |
| Scoped | Once per request | DB contexts, unit of work |
| Singleton | App lifetime | Config, caching |
How can dependency injection be helpful in testing? متوسط
Allows you to swap real implementations with mocks/fakes. Your code depends on interfaces, not concrete classes.
What is IHttpClientFactory used for, and which issues does it help to eliminate? متوسط
Central factory to create HttpClient instances. Solves socket exhaustion & DNS issues. Centralized config & resilience (policies, retries with Polly).
What is wrong with creating HttpClient manually? متوسط
If you new HttpClient() repeatedly:
- OS sockets not released fast enough (socket exhaustion).
- DNS changes not respected. Recommended: one long-lived instance or use IHttpClientFactory.
What is asynchronous programming in .NET, and why is it important? متوسط
Uses async/await to free threads during I/O operations. Increases scalability and responsiveness (especially for web apps). Doesn’t block the request thread.
What’s the difference between await AsyncMethod() and AsyncMethod().Result? متوسط
| Expression | Behavior |
|---|---|
await AsyncMethod() |
Asynchronously waits without blocking current thread. |
AsyncMethod().Result |
Blocks until result available; can cause deadlocks. |