ASP.NET Core

Trigger On

• working on ASP.NET Core apps, services, or middleware
• changing auth, routing, configuration, hosting, or deployment behavior
• deciding between ASP.NET Core sub-stacks such as Blazor, Minimal APIs, or controller APIs
• debugging request pipeline issues
• modernizing legacy ASP.NET to ASP.NET Core

Workflow

1. Detect the real hosting shape first:

- top-level Program.cs structure - middleware order and registration - auth model (Identity, JWT, OAuth, cookies) - endpoint registrations and routing

1. Follow the correct middleware order:

`` ExceptionHandler → HttpsRedirection → Static Files → Routing → CORS → Authentication → Authorization → Rate Limiting → Response Caching → Custom Middleware → Endpoints ``

1. Use built-in patterns correctly:

- Prefer IOptions<T> / IOptionsSnapshot<T> for configuration - Use ILogger<T> for structured logging - Use IHttpClientFactory for HTTP clients (never new HttpClient()) - Use IHostedService / BackgroundService for background work

1. Route specialized work to specific skills:

- UI and components → blazor - Real-time → signalr - RPC → grpc - New HTTP APIs → minimal-apis (prefer unless controllers needed) - Controller APIs → web-api

1. Validate with build, tests, and targeted endpoint checks.

Deliver

• production-credible ASP.NET Core code and config
• a clear request pipeline and hosting story
• verification that matches the affected endpoints and middleware
• security headers and HTTPS configured correctly

Validate

• middleware order is intentional and documented
• security and configuration changes are explicit
• endpoint behavior is covered by tests or smoke checks
• no blocking calls in async context
• secrets are not committed to source control
• health checks are implemented for production readiness

Related skills

Related agents