Logging is frequently necessary while dealing with ASP.NET applications, particularly for monitoring problems, API replies, or authentication events. When implementing file-based logging, the following runtime error is frequently encountered:

Could not find a part of the path
E:\2026 ProjectList\Project's\CoreConversation\ReferenceProject\~singlsignonlog\singlsignon_log13-01-26.txt

This error usually appears when calling File.AppendAllText() and indicates that the application is trying to write to a file location that does not exist or is incorrectly mapped.

Problematic Logging Code
Consider the following logging method used in an ASP.NET application:
public static void Singlsignon_log(string res)
{
    try
    {
        File.AppendAllText(
            HttpContext.Current.Server.MapPath(
                "~singlsignonlog/singlsignon_log" +
                DateTime.Now.ToString("dd-MM-yy") + ".txt"),
            "{" + DateTime.Now.ToString() + "} " + res + Environment.NewLine
        );
    }
    catch (Exception ex)
    {
        File.AppendAllText(
            HttpContext.Current.Server.MapPath(
                "~singlsignonlog/singlsignon_log" +
                DateTime.Now.ToString("dd-MM-yy") + ".txt"),
            "{" + DateTime.Now.ToString() + "} " + ex.Message + Environment.NewLine
        );
    }
}

At first glance, the code appears correct, but there are two critical issues that cause the exception.

Issue 1: Incorrect Use of Server.MapPath
In ASP.NET, the tilde (~) must always be followed by a forward slash. Using ~singlsignonlog instead of ~/singlsignonlog results in an invalid physical path being generated.

Issue 2: Directory Does Not Exist
The File.AppendAllText() method does not create directories automatically. If the singlsignonlog folder does not already exist in the application root, the method throws a "Could not find a part of the path" exception.

Because of these two issues, the application fails at runtime when it attempts to write the log file.

Correct and Safe Implementation
A safer approach is to resolve the folder path correctly and ensure that the directory exists before writing to the file. The revised method below fixes both problems:
public static void Singlsignon_log(string res)
{
    try
    {
        string folderPath =
            HttpContext.Current.Server.MapPath("~/singlsignonlog/");

        if (!Directory.Exists(folderPath))
        {
            Directory.CreateDirectory(folderPath);
        }

        string filePath = Path.Combine(
            folderPath,
            "singlsignon_log" +
            DateTime.Now.ToString("dd-MM-yy") + ".txt"
        );

        File.AppendAllText(
            filePath,
            "{" + DateTime.Now + "} " + res + Environment.NewLine
        );
    }
    catch
    {
        // Avoid logging inside catch to prevent recursive failures
    }
}

Why This Fix Works?
The virtual path is correctly written as ~/singlsignonlog/, ensuring that Server.MapPath resolves it to a valid physical directory
The code checks whether the directory exists and creates it if necessary
This prevents runtime exceptions related to missing folders

Additional Best Practices
Avoid performing file logging inside the catch block using the same logic. If logging fails for any reason, attempting to log the exception again can lead to repeated failures or even application crashes. In production systems, it is better to silently handle logging failures or route them to a fallback logging mechanism.

For real-world ASP.NET applications, it is also recommended to store log files inside the App_Data folder. This folder is designed for application data and helps avoid permission issues on hosting servers.

Conclusion
A small mistake in virtual path usage or directory validation can lead to runtime logging failures. By correcting Server.MapPath usage and ensuring directories exist before writing files, logging becomes reliable across development, testing, and production environments.

Microservices architecture has emerged as the go-to method for creating scalable and maintainable systems as contemporary applications continue to expand in size and complexity. Teams now divide functionality into smaller, independently deployable services rather than implementing a single, huge application. Method calls within the same process facilitate quick and easy communication in a monolithic program. Because microservices communicate over a network, there are issues with latency, partial failures, versioning, and security.

In this post, I'll examine the most popular microservices communication techniques, discuss when and why to utilize them, and show how to implement them in.NET 10.

Recognizing Communication Styles in Microservices
Two basic communication types are commonly used by microservices:

1. Concurrent Communication
The calling service awaits a prompt answer from another provider. Examples include gRPC and REST APIs.

2. Communication That Is Asynchronous
After sending a message or event, the calling service proceeds with processing without waiting for a reply. Examples include message queues and platforms for streaming events.

Depending on performance requirements and business needs, the majority of production systems combine the two.

1. RESTful APIs (HTTP-Based Communication)
REST remains the most common and accessible communication mechanism in microservices. It relies on standard HTTP methods and usually exchanges data in JSON format.

Despite newer alternatives, REST continues to be relevant due to its simplicity, tooling support, and compatibility with browsers and external clients.

When REST Is the Right Choice

• Client-facing or public APIs
• Simple request–response workflows
• Scenarios where readability and debuggability matter
• Integration with third-party systems

RestAPI
Example: Product Microservice Using ASP.NET Core (.NET 10)
[ApiController]
[Route("api/products")]
public class ProductController : ControllerBase
{
    [HttpGet]
    public IActionResult GetProducts()
    {
        return Ok(new[] { "Laptop", "Tablet", "Mobile" });
    }

    [HttpPost]
    public IActionResult CreateProduct(Product product)
    {
        return Ok(product);
    }
}

Why REST Still Works Well?

• Easy to understand and maintain
• Mature ecosystem (Swagger, OpenAPI, Postman)
• Language and platform independent

Limitations to Be Aware Of

• JSON serialization increases payload size
• Higher latency for internal service-to-service calls
• Tight coupling due to synchronous request–response flow

2. gRPC – High-Performance Internal Communication
gRPC is designed for efficient, low-latency communication between internal services. It uses Protocol Buffers (Protobuf) for binary serialization and runs over HTTP/2, making it significantly faster than REST.

With .NET 10, gRPC continues to be a first-class citizen, especially for service-to-service communication inside a controlled environment.

Ideal Use Cases for gRPC

• Internal microservice communication
• High-throughput systems
• Real-time or streaming scenarios
• Strict API contract enforcement

Define the Service Contract (greet.proto)
syntax = "proto3";

option csharp_namespace = "GrpcService1";

package greet;

// The greeting service definition.
service Greeter {
  // Sends a greeting
  rpc SayHello (HelloRequest) returns (HelloReply);
}

Implement gRPC Service in .NET 10
namespace GrpcService1.Services
{
    public class GreeterService(ILogger<GreeterService> logger) : Greeter.GreeterBase
    {
        public override Task<HelloReply> SayHello(HelloRequest request, ServerCallContext context)
        {
            logger.LogInformation("The message is received from {Name}", request.Name);

            return Task.FromResult(new HelloReply
            {
                Message = "Hello " + request.Name
            });
        }
    }
}

Key Benefits

• Very fast serialization and transport
• Strongly typed, contract-first design
• Built-in support for streaming

Trade-Offs

• Payloads are not human-readable
• Requires tooling for debugging
• Limited direct browser support

3. Message Queues – Asynchronous and Event-Driven Communication
Message queues enable asynchronous communication, allowing services to exchange messages without knowing about each other’s availability or location. This approach is fundamental to event-driven architectures.

Technologies like RabbitMQ, Apache Kafka, and cloud-based queues are commonly used with .NET microservices.

When Message Queues Are the Best Fit?

• Background processing
• Event publishing (e.g., OrderCreated)
• Loose coupling between services
• High resilience and fault tolerance

Example: RabbitMQ Producer in .NET 10
var factory = new ConnectionFactory { HostName = "localhost" };

using var connection = factory.CreateConnection();
using var channel = connection.CreateModel();

channel.QueueDeclare("productQueue", false, false, false);

var body = Encoding.UTF8.GetBytes("ProductCreated");

channel.BasicPublish("", "productQueue", null, body);

Why Teams Choose Message Queues

• Services are loosely coupled
• Improved system stability
• Easy horizontal scaling

Challenges

• Increased infrastructure complexity
• Harder end-to-end tracing
• Requires idempotent message handling

4. Apache Kafka – Event Streaming at Enterprise Scale
Apache Kafka is a distributed event streaming platform built for massive scale. Unlike traditional queues, Kafka stores events durably and allows multiple consumers to read them independently.

Kafka is often used when events are core to the business domain.

Common Kafka Use Cases

• Event sourcing
• Audit logs
• Real-time analytics
• Data pipelines across systems

Kafka works best when teams embrace event-driven thinking rather than request–response models

Conclusions
Choosing how microservices communicate is a long-term architectural decision, not just a technology choice.

• REST prioritizes simplicity and accessibility
• gRPC delivers speed and contract safety
• Message queues enable resilience and scalability

Modern systems built with .NET 10 often combine all three approaches to meet evolving business and technical demands.

A creational design pattern called the Singleton pattern guarantees that a class has a single instance for the duration of the program and that it can be accessed from any location.

We frequently come across situations during software development where having numerous instances of a class could result in issues like inconsistent state or data, resource conflicts, or ineffective resource use. By guaranteeing that a class has a single instance that will be used globally across a program, the singleton pattern resolves this issue.

Prerequisites

• Visual Studio 2022 installed,
• Basics of .NET Core

When Should We Use the Singleton Pattern?
Logging Systems
In most applications, logging should be handled by a single logger instance.

Using a singleton logger ensures:

• All log messages go to the same place (file, database, or monitoring system)
• Logs are written in a consistent format
• No conflicts occur due to multiple logger instances

This makes debugging and monitoring much easier.

Configuration Manager
Application configuration such as connection strings, API keys, or feature flags should be loaded once and shared across the application.

A singleton configuration manager:

• Loads settings a single time
• Provides fast, global access to configuration values
• Ensures consistency across different modules

This avoids repeated file or database reads and improves performance.

Database Connections
Using a singleton for managing database access will:

• Prevents creating multiple unnecessary connections
• Helps control connection usage
• Centralizes database-related logic

Thread Pools
Thread pools are shared resources that should be managed centrally.

Using a singleton thread pool will:

• Avoids uncontrolled thread creation
• Ensures efficient use of system resources
• Improves application stability and performance

A single and well-managed thread pool is better than multiple competing each others.

When we should avoid Singleton

• Singleton should not be used when:
• You need multiple instances with different states
• The class holds user-specific or request-specific data

You want easy unit testing without tight coupling
In many modern .NET Core applications, Dependency Injection (DI) can be a better alternative.

Building blocks of the Singleton Design Pattern

• Private Parameterless constructor: It prevents creating an instance using new keyword from outside the class.
• Sealed Class: It prevents inheritance and also avoids the polymerphism and overridden behavior.
• Private Static Variable: It holds the single instance of the class and having it private ensures the controlled access as well.
• Public Static Method or Property: This will provide central access point to the instance so that we can ensure only one instance existed.

Practical ways to implement the Singleton Design Pattern in C#
Below are the most common and practical ways to implement the Singleton Design Pattern.

• Simple Singleton (NOT Thread-Safe)
• Thread-Safe Singleton using Lock
• Double-Checked Locking Singleton
• Eager Initialization Singleton
• Lazy Initialization Singleton
• Static Class based Singleton
• Singleton via Dependency Injection

1. Simple Singleton (NOT Thread-Safe)
This version of the Singleton pattern is very easy to understand, making it ideal for learning and demonstrations. Its simple structure clearly shows how a single instance is created and reused, and it works correctly in single-threaded applications such as basic console programs.

However, it is not thread-safe. In multi-threaded environments, multiple threads may create more than one instance at the same time, which breaks the Singleton rule. Because of this, it should be used only for learning purposes or simple single-threaded tools, and not in production systems.

Add a AppConfigSingleton.cs file
namespace SingletonPatternInCSharp.Simple
{
    /// <summary>
    /// Basic singleton implementation - NOT thread-safe!
    /// Demonstrates the simplest form of singleton pattern.
    /// </summary>
    public class AppConfigSingleton
    {
        private static AppConfigSingleton? _instance;

        // Private constructor
        private AppConfigSingleton()
        {
            ApplicationName = "Singleton Demo App";
            Version = "1.0.0";
        }

        public static AppConfigSingleton Instance
        {
            get
            {
                if (_instance == null)
                {
                    _instance = new AppConfigSingleton();
                }

                return _instance;
            }
        }

        public string ApplicationName { get; }
        public string Version { get; }
    }
}

Now access it from program.cs as
using SingletonPatternInCSharp.Simple;

var config1 = AppConfigSingleton.Instance;
var config2 = AppConfigSingleton.Instance;

Console.WriteLine($"App: {config1.ApplicationName}");
Console.WriteLine($"Version: {config1.Version}");

// Both references point to the same instance
Console.WriteLine(ReferenceEquals(config1, config2)); // True

2. Thread-Safe Singleton using Lock
This ensures that only one instance of the class is created, even when multiple threads try to access it at the same time. This approach is thread-safe and straightforward to implement, making it suitable for scenarios where multiple threads might try to create the instance simultaneously.

However, there is a performance cost because the lock is applied every time the instance is accessed, even after the Singleton has been created. Despite this, it works well for small-scale multi-threaded applications where the performance overhead is negligible, providing a simple and reliable way to maintain a single shared instance.

Add a LoggerSingleton.cs file
namespace SingletonPatternInCSharp.Thread_Safe_using_Lock
{
    public class LoggerSingleton
    {
        private static LoggerSingleton? _instance;
        private static readonly object _lock = new object();

        // Private constructor prevents external instantiation
        private LoggerSingleton() { }

        public static LoggerSingleton Instance
        {
            get
            {
                lock (_lock)
                {
                    if (_instance == null)
                    {
                        _instance = new LoggerSingleton();
                    }
                    return _instance;
                }
            }
        }

        // Example method for logging
        public void Log(string message)
        {
            Console.WriteLine($"[{DateTime.Now:HH:mm:ss}] {message}");
        }
    }
}

Now access it from program.cs as
// Simulate multiple threads logging at the same time
Parallel.For(0, 5, i =>
{
    var logger = LoggerSingleton.Instance;
    logger.Log($"Message from task {i}");
});

// Verify single instance
var logger1 = LoggerSingleton.Instance;
var logger2 = LoggerSingleton.Instance;
Console.WriteLine(ReferenceEquals(logger1, logger2)); // True

3. Double-Checked Locking Singleton
This is a thread-safe implementation that minimizes the performance overhead of locking. It checks whether the instance already exists before acquiring the lock, and again inside the lock if necessary. This ensures that the lock is applied only once, when the Singleton is first created, making it highly efficient for systems where the instance is accessed frequently.

However, this approach is slightly more complex than a simple locked Singleton and must be implemented carefully to avoid subtle threading issues. It is best suited for high-performance systems where a Singleton is accessed often, providing a balance between thread safety and runtime efficiency.

Add DatabaseManagerSingleton.cs
namespace SingletonPatternInCSharp.Double_Checked_Locking
{
    public class DatabaseManagerSingleton
    {
        private static DatabaseManagerSingleton? _instance;
        private static readonly object _lock = new object();

        // Private constructor prevents external instantiation
        private DatabaseManagerSingleton()
        {
            // Simulate opening a database connection
            Console.WriteLine("Database connection initialized.");
        }

        public static DatabaseManagerSingleton Instance
        {
            get
            {
                // First check without locking (performance optimization)
                if (_instance == null)
                {
                    lock (_lock)
                    {
                        // Double-check inside the lock
                        if (_instance == null)
                        {
                            _instance = new DatabaseManagerSingleton();
                        }
                    }
                }

                return _instance;
            }
        }

        // Example method to simulate database query
        public void ExecuteQuery(string query)
        {
            Console.WriteLine($"Executing query: {query}");
        }
    }
}

Now access it from program.cs as:
// Simulate multiple threads accessing the database manager
Parallel.For(0, 5, i =>
{
    var dbManager = DatabaseManagerSingleton.Instance;
    dbManager.ExecuteQuery($"SELECT * FROM Users WHERE Id = {i}");
});

// Verify single instance
var db1 = DatabaseManagerSingleton.Instance;
var db2 = DatabaseManagerSingleton.Instance;
Console.WriteLine(ReferenceEquals(db1, db2)); // True

4. Eager Initialization Singleton
The Eager Initialization Singleton creates the single instance of the class as soon as the application starts, rather than waiting until it is first needed. This approach is thread-safe by default because the instance is created before any threads can access it, and the implementation is very simple and clean, making it easy to understand and use.

The main drawback is that the instance is created even if it is never used, which could be wasteful for heavy objects. This pattern is best suited for situations where the Singleton is lightweight and the application always requires the instance, ensuring it is available immediately when needed.

Add AppSettingsSingleton.cs
namespace SingletonPatternInCSharp.Eager_Initialization
{
    public class AppSettingsSingleton
    {
        // Eagerly created instance (thread-safe by default)
        private static readonly AppSettingsSingleton _instance = new AppSettingsSingleton();

        // Private constructor prevents external instantiation
        private AppSettingsSingleton()
        {
            AppName = "Eager Singleton Demo App";
            Version = "1.0.0";
            MaxUsers = 100;
        }

        public static AppSettingsSingleton Instance => _instance;

        // Example configuration properties
        public string AppName { get; }
        public string Version { get; }
        public int MaxUsers { get; }
    }
}

Now, access it from program.cs
var settings1 = AppSettingsSingleton.Instance;
var settings2 = AppSettingsSingleton.Instance;

Console.WriteLine($"App: {settings1.AppName}");
Console.WriteLine($"Version: {settings1.Version}");
Console.WriteLine($"Max Users: {settings1.MaxUsers}");

// Verify both references point to the same instance
Console.WriteLine(ReferenceEquals(settings1, settings2)); // True

5. Lazy Initialization Singleton
The Lazy Initialization Singleton uses the Lazy<T> type to create the instance only when it is first accessed, rather than at application startup. This approach is thread-safe by default, easy to read, and avoids the complexity of manual locking. The internal implementation of Lazy<T> handles synchronization and edge cases, making the code clean, reliable, and less error-prone.

There is a very small performance overhead due to the use of Lazy<T>, but in practice this cost is negligible. Because of its safety, clarity, and maintainability, this pattern is recommended for most production systems, including ASP.NET Core applications, microservices, and enterprise-level software.

Add CacheManagerSingleton.cs
namespace SingletonPatternInCSharp.Lazy_Initialization
{
    public class CacheManagerSingleton
    {
        private static readonly Lazy<CacheManagerSingleton> _instance =
            new Lazy<CacheManagerSingleton>(() => new CacheManagerSingleton());

        // Private constructor
        private CacheManagerSingleton()
        {
            Console.WriteLine("Cache Manager initialized.");
            _cache = new Dictionary<string, string>();
        }

        public static CacheManagerSingleton Instance => _instance.Value;

        private readonly Dictionary<string, string> _cache;

        public void Add(string key, string value)
        {
            _cache[key] = value;
        }

        public string Get(string key)
        {
            return _cache.TryGetValue(key, out var value)
                ? value
                : "Not Found";
        }
    }
}

Access it from program.cs as:
// Cache is NOT created yet
Parallel.For(0, 3, i =>
{
    var cache = CacheManagerSingleton.Instance;
    cache.Add($"key{i}", $"value{i}");
});

var cacheManager = CacheManagerSingleton.Instance;
Console.WriteLine(cacheManager.Get("key1"));

6. Static Class based Singleton
A static class is often used as a Singleton alternative in C#, even though it is not a true implementation of the Singleton pattern. Since static members are initialized by the runtime and exist only once per application domain, this approach is thread-safe by default, has no instantiation issues, and offers very fast access without any additional overhead.

However, static classes come with important limitations. They cannot implement interfaces, do not support inheritance, and offer no control over lazy initialization beyond what the runtime provides. Because of these constraints, static classes are best suited for utility-style functionality, such as configuration values, constants, helper methods, and shared utilities, where simplicity and performance are more important than flexibility or extensibility.

Add DatabaseConnectionProvider.cs
using Microsoft.Data.SqlClient;

namespace SingletonPatternInCSharp.Static_Class
{
    public static class DatabaseConnectionProvider
    {
        private static readonly string _connectionString =
            "Server=localhost;Database=AppDb;Trusted_Connection=True;";

        public static SqlConnection GetConnection()
        {
            return new SqlConnection(_connectionString);
        }
    }
}

Access it from program.cs as:
SqlConnection connection1 = DatabaseConnectionProvider.GetConnection();
SqlConnection connection2 = DatabaseConnectionProvider.GetConnection();

Console.WriteLine(connection1.ConnectionString);
Console.WriteLine(connection2.ConnectionString);

// These are different objects, created by a static provider
Console.WriteLine(ReferenceEquals(connection1, connection2)); // False

7. Singleton via Dependency Injection
The Singleton via Dependency Injection approach relies on the application’s DI container to manage the lifetime of the object instead of implementing the Singleton pattern manually. By registering a service as a singleton, the framework ensures that only one instance is created and shared throughout the application. This results in cleaner code, with no explicit singleton logic, locks, or static access.

This approach is highly testable, as services can be easily mocked or replaced, and the object’s lifecycle is fully managed by the framework. The main drawback is that it requires a DI container, which may not be suitable for very simple applications. It is the preferred approach in ASP.NET Core and modern .NET applications, where maintainability, scalability, and clean architecture are key design goals.

Add ILoggerService.cs
namespace SingletonPatternInCSharp.Dependency_Injection
{
    public interface ILoggerService
    {
        void Log(string message);
    }
}

Add LoggerService.cs
namespace SingletonPatternInCSharp.Dependency_Injection
{
    public class LoggerService : ILoggerService
    {
        public void Log(string message)
        {
            Console.WriteLine($"[{DateTime.Now:HH:mm:ss}] {message}");
        }
    }
}

Access it from program.cs as:
// Create service collection
var services = new ServiceCollection();

// Register LoggerService as Singleton
services.AddSingleton<ILoggerService, LoggerService>();

// Build service provider
var serviceProvider = services.BuildServiceProvider();

// Resolve service multiple times
var singletonLogger1 = serviceProvider.GetRequiredService<ILoggerService>();
var singletonLogger2 = serviceProvider.GetRequiredService<ILoggerService>();

singletonLogger1.Log("First log message");
singletonLogger2.Log("Second log message");

// Verify singleton behavior
Console.WriteLine(ReferenceEquals(singletonLogger1, singletonLogger2)); // True

Cheers !

Consider ASP.NET Core as a high-speed internet request assembly line. Every time a user accesses the website, their request passes through a number of "stations" known as middleware. The software can do specific tasks at each station, such as collecting data, managing issues, or determining whether the user is logged in. If something goes wrong, such as a security guard barring someone without a badge, these stations can even "stop" a request early.

This article will examine middleware, or how ASP.NET Core handles incoming requests.

Middleware: What is it?
The ASP.NET Core request pipeline relies heavily on middleware. It operates as a series of software elements intended to handle both incoming and outgoing HTTP requests. Before a request reaches the application's primary logic, each piece of middleware has the ability to examine, modify, or even halt it. This configuration offers an organized method of handling security, error management, and logging.

A request enters the application and moves through the pipeline in the precise order that each component has been registered. Each middleware component must decide whether to process the request and forward it to the subsequent component or to immediately produce a response.

When a component stops a request from moving further, it "short-circuits" the pipeline a perfect tactic for blocking unauthenticated users or delivering cached content instantly.

The beauty of this pipeline is its total flexibility. We can rely on built-in middleware for common needs like routing and authentication, or develop custom components for specialized tasks. Because these pieces run one after another, their order is vital. For example, authentication must always occur before authorization so the system knows who a user is before deciding what they can access.

Setting up this pipeline is straightforward in the Program.cs file, using simple methods like app.Use, app.Run, and app.Map. This organized approach ensures every request is handled predictably while giving the power to customize the entire journey.

How Middleware Work?
Every piece of middleware in the pipeline follows a consistent pattern- it receives the HttpContext, performs its specific task, and then either passes control to the next component or "short-circuits" the process by sending a response back immediately. When middleware short-circuits a request, it stops all remaining components from running, which is a great way to optimize performance by handling errors or serving cached data early.

By organizing these components correctly, we can efficiently manage security, logging, and data transformations. This structured approach ensures that every request flows through ASP.NET Core application in a smooth, fast, and predictable way.

The order of the middleware is critical. Components run sequentially as requests flow in and responses flow out.

• Request Flow (Inbound): The request goes down the pipeline in the order we have register middleware (Top-Down).
• Response Flow (Outbound): The response travels back up the pipeline in the reverse order (Bottom-Up) if await next() was called.

// Layer 1: The Receptionist (Logging)
app.Use(async (context, next) =>
{
    Console.WriteLine("Receptionist: Checking the visitor in...");
    await next(); // Allow the visitor to go to the next floor
    Console.WriteLine("Receptionist: Checking the visitor out...");
});

// Layer 2: Security Scanner (Authentication)
app.Use(async (context, next) =>
{
    Console.WriteLine("Scanner: Checking ID badge...");

    // Example of short-circuiting:
    // If no ID is found, we stop them here and don't call next()
    if (!context.Request.Headers.ContainsKey("X-ID-Badge"))
    {
        context.Response.StatusCode = 401;
        await context.Response.WriteAsync("Access Denied: No Badge Found.");
        return;
    }

    await next();
    Console.WriteLine("Scanner: Scanning bags on the way out...");
});

// Layer 3: The Office (The Final Destination)
app.Run(async (context) =>
{
    Console.WriteLine("Office: Doing the actual work...");
    await context.Response.WriteAsync("Welcome to the main office!");
});

Expected Execution Flow:

• Receptionist: Checking the visitor in...
• Scanner: Checking ID badge...
• Office: Doing the actual work...
• Scanner: Scanning bags on the way out...
• Receptionist: Checking the visitor out...

Request Delegate & HttpContext:
Understanding the relationship between the Request Delegate and HttpContext is essential for mastering the ASP.NET Core pipeline.

The HttpContext (The Cargo)

Think of the HttpContext as a large envelope that contains everything about a single web request. It travels through the entire pipeline and carries:

• Request: Information coming in (URL, Headers, Cookies, Form data).
• Response: Information going out (Status code, Body, Headers).
• User: Information about who is making the request.
• The Request Delegate (The Worker)

A Request Delegate is a functional piece of code (specifically a RequestDelegate) that processes the HttpContext. It is the "worker" that looks at the envelope, does something with it, and passes it to the next worker.
var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();

// This function IS a Request Delegate
// It takes HttpContext as an input and returns a Task
RequestDelegate myWorker = async (HttpContext context) =>
{
    // Reading from the HttpContext (The Request)
    string? userAgent = context.Request.Headers.UserAgent;

    // Writing to the HttpContext (The Response)
    context.Response.StatusCode = 200;
    await context.Response.WriteAsync($"Our browser is: {userAgent}");
};

// Telling the app to use our worker for all requests
app.Run(myWorker);

app.Run();

Summary of the Relationship:

• HttpContext is the data (the "what").
• Request Delegate is the logic (the "how").

When a request hits the server, ASP.NET Core creates the HttpContext and hands it to the first Request Delegate in the pipeline.

Built-In Middlewares
ASP.NET Core remains a powerhouse for web development largely due to its robust library of pre-configured Middleware. These built-in components act as ready-made "checkpoints" that we can plug into our request pipeline to handle critical tasks like security, traffic routing, and error management without writing custom code from scratch.

Exception Handling Middleware
Captures unhandled crashes and provides a centralized way to log errors and return custom error responses.
app.UseExceptionHandler("/Error");

Routing Middleware
Analyzes the incoming URL to determine which endpoint (like a Controller or Minimal API) should handle the request.
app.UseRouting();

Authentication and Authorization Middleware
These work together to secure the app: UseAuthentication identifies the user, while UseAuthorization checks their permissions.
app.UseAuthentication();

app.UseAuthorization();

Static Files Middleware
Efficiently serves assets like images, CSS, and JavaScript directly from the wwwroot folder.
app.UseStaticFiles();

CORS Middleware
Cross-Origin Resource Sharing (CORS) manages which external domains are permitted to access the API.
app.UseCors(p => p.WithOrigins("https://trusted.com").AllowAnyMethod());

Response Compression Middleware
Reduces bandwidth usage by shrinking responses before they are sent to the client, improving performance.

app.UseResponseCompression();

Session Middleware
Enables the application to store and retrieve user-specific data during their visit using in-memory or distributed caches.
app.UseSession();

HTTPS Redirection Middleware
Secures communication by automatically forcing all incoming HTTP requests to use the encrypted HTTPS protocol.
app.UseHttpsRedirection();

Request Logging Middleware
Records details about every HTTP request, which is essential for debugging, monitoring, and security audits.
app.UseSerilogRequestLogging();

Endpoint Middleware
The final stage where the request is dispatched to its intended target, such as a Controller or Razor Page.
app.MapControllers();

The order of registration is critical. For example, we must always call UseRouting before UseAuthorization so the app knows which resource is being accessed before checking if the user has permission to see it.

Custom Middleware
This remains one of the most powerful ways to extend our application's capabilities. While the built-in tools cover the basics, creating our own middleware allows us to inject specialized logic—like custom security headers, niche logging, or unique business rules—directly into the heart of the request pipeline. We will look into it more detail in another article, lets focus on in-built ones in this article.

How to create and stop Middleware pipeline
Request Delegate based Middleware remains the most straightforward method for injecting custom logic into the pipeline. This approach uses inline delegates, allowing us to define middleware directly within Program.cs file without the overhead of creating separate classes.

This method is perfect for quick tasks like specialized logging, adding custom headers, or simple performance timing.
// Simple monitoring middleware
app.Use(async (context, next) =>
{
    // Logic before the next component runs
    Console.WriteLine($"Incoming: {context.Request.Method} {context.Request.Path}");

    await next(); // Hand control to the next middleware in line

    // Logic after the rest of the app has finished
    Console.WriteLine($"Outgoing: Status {context.Response.StatusCode}");
});

Short-Circuiting is a vital performance and security tactic in ASP.NET Core. It occurs when a middleware component generates a response and decides not to call the next middleware in the pipeline. This effectively stops the request from traveling any further, preventing unnecessary processing in controllers or database.

In this example, the middleware checks a "Maintenance Mode" flag. If active, it short-circuits the pipeline and tells the user to come back later, protecting the rest of the app during updates.
bool isMaintenanceMode = true;

app.Use(async (context, next) =>
{
    if (isMaintenanceMode)
    {
        // 1. Set the response status
        context.Response.StatusCode = 503; // Service Unavailable

        // 2. Send the message
        await context.Response.WriteAsync("Site is down for maintenance. Please try again later.");

        // 3. IMPORTANT: We do NOT call 'await next()'.
        // This short-circuits the pipeline here.
        return;
    }

    // If not in maintenance, continue as normal
    await next();
});

app.MapGet("/", () => "Welcome to the App!");

Best Practices
Middleware remains a cornerstone for processing traffic in ASP.NET Core Web APIs. Properly designing and organizing the pipeline is essential for ensuring high performance, long-term maintainability, and robust security.

1. Order is Everything
Middleware executes in the exact sequence it is registered in Program.cs. Always place Exception Handling first to catch all downstream errors, followed by Routing, then Authentication, and finally Authorization. Getting this wrong can lead to security holes or unhandled crashes.

2. Keep Middleware "Lean"
Middleware should be fast and focused on a single task (like logging or security). Avoid putting heavy business logic or long-running database queries inside a middleware component. If it takes too long to process, it slows down every single request entering the application.

3. Use Short-Circuiting Wisely
Stop the request as early as possible if it doesn't meet requirements. For example, if an API Key is missing, return a 401 Unauthorized immediately. This prevents the request from hitting expensive resources like database or external services.

4. Avoid "Fat" Program.cs Files
For complex logic, move the middleware into a separate Middleware Class rather than using long inline lambda expressions. This keeps the startup code clean and makes the custom logic much easier to unit test.

5. Use Built-in Middleware First
Before writing a custom solution, check if a built-in component exists. ASP.NET Core provides highly optimized middleware for CORS, Compression, Caching, and Rate Limiting. These are maintained by Microsoft and are typically more performant and secure than custom-built alternatives.

Here is the professional standard for arranging the middleware to ensure every request is handled efficiently:
var app = builder.Build();

// 1. Global Exception Handling - Catch all errors from the very start
app.UseExceptionHandler("/error");

// 2. HTTPS Redirection - Secure the connection before processing data
app.UseHttpsRedirection();

// 3. Routing Middleware - Determine where the request is trying to go
app.UseRouting();

// 4. CORS Middleware - Validate cross-origin access early
app.UseCors();

// 5. Authentication - Identify WHO the user is
app.UseAuthentication();

// 6. Authorization - Confirm WHAT the user can do
app.UseAuthorization();

// 7. Custom Middleware - Niche logic (e.g., specialized logging or headers)
app.UseMiddleware<CustomMiddleware>();

// 8. Endpoint Execution - Finally execute the controller or minimal API logic
app.MapControllers();

app.Run();

Why this specific order is best:
Safety First: Placing Exception Handling at the very top ensures that if any later middleware (like Database or Custom logic) crashes, the error is caught and handled gracefully.
Efficiency: By placing CORS and Authentication before the custom logic, we can reject unauthorized or untrusted requests before the server wastes any time processing them.
Logic Flow: We must call Routing before Authorization because the system needs to know which "room" the user is trying to enter before it can check if they have the specific key for it.

Conclusion
In this article we have seen how Middleware remains the essential foundation of the ASP.NET Core request pipeline, providing a structured way to manage global tasks like security, logging, and error handling. By mastering the way these components function and strictly following the correct execution order, we can ensure Web APIs are built for high performance, maximum security, and long-term maintainability. Hope this helps.