@codingdroplets profile picture
Coding Droplets @codingdroplets
Joined October 2021
  • Tweets 97
  • Following 12
  • Followers 165
93 Photos and videos
You added output caching. Now User B sees User A's orders. A per-user response cached under a URL-only key leaks to the next caller. VaryByHeader("Authorization") is NOT the Fix - Vary by user id from ClaimsPrincipal. codingdroplets.com/ #dotnet #aspnetcore
15
Your "15-minute" JWT is actually a ~20-minute JWT. ASP.NET Core's JwtBearer defaults ClockSkew to 5 min - a token past its exp still validates for 5 extra minutes. Fix: ClockSkew = TimeSpan.Zero aspnetcoreapi.codingdroplets… #dotnet #jwt
35
Your EF Core query isn't slow because of "the database". It's slow because two .Include() calls = one LEFT JOIN = a cross product. 10 posts x 10 tags = 100 rows for ONE record. Correct data, 100x the volume. Fix: .AsSplitQuery() #dotnet #efcore #aspnetcore
12
Your .Skip().Take() pagination isn't constant-time. The DB processes every row it skips. It can also skip/duplicate rows if data changes mid-paging. Fix: Keyset Pagination → WHERE Id > lastId. #dotnet #aspnetcore #efcore
16
JWTs are stateless - the server only checks signature expiry. It never asks "did this user log out?" So a token copied before logout keeps working until it expires. Fix: short-lived access tokens a revocable refresh token. 👉 aspnetcoreapi.codingdroplets… #dotnet #aspnetcore #jwt
1
1
21
The Dependency Rule for Clean Architecture: → Dependencies flow INWARD → Interfaces live where they're USED, not where they're IMPLEMENTED → Domain knows nothing 👉 aspnetcoreapi.codingdroplets… #dotnet #csharp #aspnetcore #cleanarchitecture #softwarearchitecture #webapi
17
async void is "Fire & Forget". Exceptions in async void skip your try/catch AND your global middleware, then take down the whole app. Use it for event handlers only. Everywhere else: async Task. 👉 aspnetcoreapi.codingdroplets… #dotnet #csharp #aspnetcore #webdev
15
That ASP NET Core 400 you can't reproduce? [ApiController] validates the model before your action. Wrong type, bad JSON, missing [Required] → instant 400. Breakpoints skipped. Read the errors dictionary, not the controller. aspnetcoreapi.codingdroplets… #aspnetcore #dotnet
19
async didn't make your EF Core code faster. SaveChangesAsync() inside a loop = 1 DB round-trip per row. Move it outside → 1 trip. async = non-blocking. batching = fast. aspnetcoreapi.codingdroplets… #dotnet #efcore
16
Your ASP NET Core API running in Docker is not automatically production-safe. If you never set a non-root user, your app may be running as root inside the container. 👉 aspnetcoreapi.codingdroplets… #ASPNETCore #Docker #DevOps #DotNet
8
The Hybrid Pattern 🚀 Use EF Core for Writes (Safety/Validation). Use Dapper for Reads (Speed/DTOs). codingdroplet.com/ #DotNet #WebDev #Performance #SoftwareEngineering
16
If a service is drowning, don't throw it more lead. Use exponential backoff jitter, or better yet, open the Circuit Breaker and fail fast. Production-ready patterns here: aspnetcoreapi.codingdroplets… #Coding #Architecture #Backend #DistSys
15
If your Background Job doesn't use a Distributed Lock, it isn't "Production-Ready". 👉 aspnetcoreapi.codingdroplets… #Programming #DotNet #CloudNative #Backend
14
Custom logging middleware is the #1 cause of "Mystery" OOM exceptions in new APIs. If you're calling EnableBuffering() globally, you're not "logging" - You're hoarding RAM. aspnetcoreapi.codingdroplets… #Programming #Scalability #Backend #WebDev
6
If your POST endpoint doesn't support Idempotency Keys, it’s not production-ready. A simple network hiccup shouldn't result in a double-charge for your users. Resilience > "Happy Path" logic. aspnetcoreapi.codingdroplets… #BuildInPublic #BackendDev #SystemDesign #Programming
11
Rate Limiting by IP is often Lazy Engineering that punishes legitimate users. It blocks 50 people share an office NAT. Identity-based partitioning (User ID/API Key) is the best option. 👉aspnetcoreapi.codingdroplets… #SystemDesign #WebAPI #CloudComputing #Backend
11
If you aren't passing CancellationToken to your EF Core queries, your API isn't actually "Production-Ready". More production-level insights here: aspnetcoreapi.codingdroplets… #dotnet #csharp #backend #performance
16
Default EF Core behavior is a trap for read-only APIs. 🪤 aspnetcoreapi.codingdroplets… The Fix? .AsNoTracking() Leaner. Faster. Production-ready. #dotnet #csharp #webdev #performance
1
70
If your ASP.NET Core middleware uses .Result or .Wait(), you don’t have an async pipeline. The full list of 7 common mistakes and their fixes: codingdroplets.com/aspnet-co… #dotnet #csharp #webapi #backend
1
35
Caching without Locking isn't an Optimization. It's a Vulnerability. 🚩 If your API crashes the moment a high-traffic cache key expires, you've been hit by a Cache Stampede. Use SemaphoreSlim or HybridCache. aspnetcoreapi.codingdroplets… #DotNet #Architecture #Backend #CSharp
9
Load more