Production checklist

Last reviewed May 28, 2026 Content v20260528

Track mode: server_compiled
Means: Compiled runner
Reading: ~2 min
Level: advanced

This lesson

This lesson teaches Production checklist: the syntax, APIs, and habits you need before advancing in ASP.NET.

Teams ship Production checklist on every ASP.NET codebase—skipping it leaves gaps in debugging and code reviews.

You will apply Production checklist in contexts like: Line-of-business APIs, intranets, BFF layers, and cloud-hosted services on Linux or Windows.

Write C# (top-level or Program class), click Run on server—the dev runner uses dotnet build/run on a temp net8 project (requires .NET SDK; LEARNING_RUNNER_ENABLED=true).

When functions, arrays, and basic OOP from intermediate lessons are familiar.

Shipping ASP.NET Core means more than passing tutorials: configuration, observability, security headers, and deployment topology matter in production.

Before deploy

Pin SDK/runtime in CI and Docker (mcr.microsoft.com/dotnet/aspnet:8.0)
ASPNETCORE_ENVIRONMENT=Production; secrets via Key Vault or env vars
HTTPS everywhere; HSTS and forwarded headers behind reverse proxy
Health checks (/health), structured logging (Serilog), metrics (OpenTelemetry)
Run EF migrations in controlled pipeline step—not on every pod startup blindly
Enable response compression and caching where safe

Runtime hygiene

Connection pool limits; async database access
Rate limiting and CORS configured explicitly—not AllowAnyOrigin in prod
Graceful shutdown; drain requests before SIGTERM in Kubernetes

Important interview questions and answers

Q: Kestrel vs IIS?
A: Kestrel is in-process server; IIS/nginx terminate TLS and reverse-proxy to Kestrel in many deployments.
Q: Where store connection strings?
A: Environment-specific config or secret store—never committed plaintext for production DBs.

Self-check

Why use a slim runtime Docker image?
What does forwarded headers middleware fix?

Challenge

Local ASP.NET check

Install the .NET SDK and run dotnet --version.
Run dotnet new web -n Demo and dotnet run inside the folder.
Open the HTTPS URL shown in the terminal.

Done when: you see the default ASP.NET Core welcome page in the browser.

Interview tip Lesson completion confidence

Can you explain this lesson in 30 seconds without reading notes?

Self-reflection (saved on this device)

Not saved yet.

Playground

Runs on the configured server runner (dev: npm run runner with LEARNING_RUNNER_ENABLED=true). Output appears below the editor.

Code runner not available

Server runner is disabled. Set LEARNING_RUNNER_ENABLED=true and LEARNING_RUNNER_URL in .env (see .env.example).

Check yourself

Multiple choice — immediate feedback.

Discussion

Past discussion is visible to everyone. Only logged-in users can post comments and replies.

Starter discussion topics

IIS vs Kestrel proxy?
Health checks endpoint?

No discussion yet. Be the first to ask a question.