πŸ”„ ASP.NET Core Application Lifecycle: A Behind-the-Scenes Tour

By Tareq Marji -

 

nderstanding the ASP.NET Core lifecycle is critical if you want to build efficient, scalable, and maintainable web applications. From app startup to handling each HTTP request, ASP.NET Core gives you fine control over how your application behaves.

In this post, we’ll explore:

  • πŸ“Œ What the application lifecycle is
  • πŸ›  Startup process: Program.cs and Startup.cs
  • 🌐 Middleware pipeline and request handling
  • πŸ” Dependency Injection and Service Lifetime
  • 🧼 Application shutdown lifecycle

🧠 What Is the Application Lifecycle?

The ASP.NET Core lifecycle refers to the flow of an application from:

  1. Application startup
  2. Request processing
  3. Service instantiation
  4. Response generation
  5. Application shutdown

This cycle ensures your app is properly configured, requests are handled efficiently, and resources are cleaned up.

πŸš€ Application Startup

The startup process in ASP.NET Core happens in the Program.cs file (and formerly also Startup.cs).

πŸ“ Program.cs (ASP.NET Core 6+)

csharp


var builder = WebApplication.CreateBuilder(args);

 

// Configure services

builder.Services.AddControllers();

builder.Services.AddDbContext<AppDbContext>();

 

var app = builder.Build();

 

// Configure middleware

app.UseRouting();

app.UseAuthorization();

app.MapControllers();

 

app.Run();

Think of Program.cs as the bootstrapper of your app — it builds the application host, registers services, and wires up middleware.

🧱 Middleware Pipeline

ASP.NET Core uses a middleware pipeline to process HTTP requests. Each middleware can:

  • Inspect/modify the request
  • Pass control to the next middleware (await next())
  • Handle/modify the response

Example Pipeline Flow:

csharp

app.UseMiddleware<RequestLoggingMiddleware>();  // Logs incoming requests

app.UseRouting();                               // Determines endpoint

app.UseAuthorization();                         // Checks auth rules

app.MapControllers();                           // Executes controller action

Order matters: Each middleware component runs in the order it’s added.

πŸ§ͺ Request Processing Lifecycle

Here's what happens when an HTTP request hits your ASP.NET Core app:

  1. Kestrel Server receives the request.
  2. ASP.NET Core creates an HttpContext object.
  3. The request enters the middleware pipeline.
  4. Routing middleware finds the matching endpoint.
  5. Dependency Injection resolves the required controller and services.
  6. The controller action is executed.
  7. The response travels back through middleware.
  8. The result is sent back to the client.

πŸ”„ Dependency Injection (DI) Lifecycle

ASP.NET Core is built with DI in mind. Services are registered with different lifetimes:

Lifetime

Description

Singleton

One instance for the whole app lifetime

Scoped

One instance per HTTP request

Transient

A new instance every time it's requested

csharp

builder.Services.AddSingleton<IMySingletonService, MyService>();

builder.Services.AddScoped<IMyScopedService, MyService>();

builder.Services.AddTransient<IMyTransientService, MyService>();

Choose the right lifetime to avoid memory leaks or service conflicts.

πŸ“¦ Application Configuration Flow

Program.cs Order of Execution:

  1. WebApplication.CreateBuilder() → sets up config, logging, DI
  2. builder.Services → register services
  3. builder.Build() → builds the web host
  4. Middleware pipeline setup
  5. app.Run() → starts listening for requests

Older Style (Startup.cs):

If using ASP.NET Core 3.1/5.0:

csharp

public class Startup

{

    public void ConfigureServices(IServiceCollection services) { }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { }

}

🧼 Application Shutdown

ASP.NET Core handles shutdown gracefully:

  • Cancels hosted services
  • Disposes of DI-scoped objects
  • Logs shutdown events

Graceful Cleanup Example

csharp

public class CleanupHostedService : IHostedService, IDisposable

{

    public Task StartAsync(CancellationToken cancellationToken)

    {

        Console.WriteLine("App starting...");

        return Task.CompletedTask;

    }

 

    public Task StopAsync(CancellationToken cancellationToken)

    {

        Console.WriteLine("App stopping...");

        return Task.CompletedTask;

    }

 

    public void Dispose()

    {

        Console.WriteLine("Cleanup resources...");

    }

}

🧭 Lifecycle Summary

Phase

Responsibility

Startup

Configure services and middleware

Request Handling

Build HttpContext and run middleware pipeline

Controller Action

Execute logic with DI-injected services

Response

Return result back to client

Shutdown

Dispose services and resources gracefully

⚙️ Tools to Monitor Lifecycle

  • Serilog / NLog: Log app start/stop and requests
  • Middleware: Track requests/responses
  • MiniProfiler: Measure lifecycle performance

🧠 Final Thoughts

Understanding the ASP.NET Core lifecycle helps you:

Register services properly
 Control request processing
 Handle edge cases like cleanup and shutdown
 Debug and optimize performance

 

Comments

Post a Comment

Popular posts from this blog

Scrutor the built-in Dependency Injection (DI)

By Tareq Marji -
  Scrutor is a lightweight .NET library that extends the built-in Dependency Injection (DI) system in ASP.NET Core (or any .NET application that uses Microsoft.Extensions.DependencyInjection) by providing assembly scanning and automatic registration of services . Key Features of Scrutor Assembly Scanning Automatically registers services by scanning assemblies instead of manually specifying each one. This is helpful in large applications or when following clean architecture or DDD patterns. Service Registration by Convention You can register services based on naming conventions or interface implementation. For example, register all classes that implement a specific interface. Decorators Scrutor supports applying the decorator pattern easily through DI, allowing you to wrap services (e.g., for logging, validation, etc.) without modifying the core implementation.   Example Usage 1. Basic Scanning and Registratio...
Read more

πŸ§… Understanding the Onion Architecture: A Clean Approach to Building Scalable Applications

By Tareq Marji -
  When building modern, maintainable software applications, how you organize your code matters a lot. Over time, developers have learned that tightly coupled systems become hard to maintain, test, and evolve. Enter the Onion Architecture — a clean, layered architectural pattern that addresses many of these challenges by enforcing strict separation of concerns. πŸ“Œ What is Onion Architecture? The Onion Architecture , introduced by Jeffrey Palermo, is an architectural pattern designed to build maintainable, testable, and loosely coupled applications. Its core idea: The application is structured in concentric layers (like an onion), where dependencies always point inward toward the core. πŸ§… Layers of Onion Architecture Here’s a quick breakdown of the typical layers from inside out: 1. Core (Domain) Layer Holds the business logic , domain entities, and domain services. No dependencies on other layers. Contains pure domain models (POCOs). ...
Read more

πŸ”Œ Extension Methods in C#: Power Up Your Code Without Modifying It

By Tareq Marji -
Have you ever wanted to add a method to an existing class (like string, DateTime, or even your own types) — without changing its source code? That’s exactly what extension methods in C# are for. πŸš€ What Is an Extension Method? An extension method lets you "extend" an existing type (class or struct) with new methods , without modifying the type itself . ✅ It feels like you're adding a method to the type ✅ But you're really writing a static method with a special syntax πŸ§ͺ Real-Life Example Let’s say you want to capitalize the first letter of a string: ❌ Without Extension: csharp public static class StringUtils {     public static string Capitalize(string value)     {         if (string.IsNullOrEmpty(value)) return value;         return char.ToUpper(value[0]) + value.Substring(1);     } } Usage: csharp string name = "...
Read more

Understanding Dependency Injection: A Modern Guide for Developers

By Tareq Marji -
In today’s fast-paced software development world, building scalable, testable, and maintainable applications is a top priority. One of the core principles that help achieve this is Dependency Injection (DI) . Whether you're working in .NET, Java, Python, or another modern framework, DI is a foundational design pattern that every developer should master. What is Dependency Injection? Dependency Injection is a design pattern that deals with how components or objects acquire their dependencies. Rather than creating dependencies directly within a class, they are provided (injected) from the outside. In simple terms, instead of a class instantiating its own dependencies, they are passed to it — usually through the constructor, method parameters, or properties. Without DI (Tightly Coupled Code): csharp CopyEdit public class OrderService {     private readonly PaymentService _paymentService = new PaymentService();       public void Proce...
Read more

🌐 CORS in .NET Explained: Solving the Cross-Origin Problem Like a Pro

By Tareq Marji -
  Have you ever seen this error? Access to fetch at 'http://api.example.com/data' from origin 'http://localhost:4200' has been blocked by CORS policy πŸ˜– Frustrating, right? Don’t worry — it’s a CORS issue , and in this post, we’ll break it down and solve it . 🧠 What is CORS? CORS (Cross-Origin Resource Sharing) is a browser security feature that controls how web pages can make requests to a different domain than the one that served the web page. πŸ”’ Same-Origin Policy Browsers follow the Same-Origin Policy , which means: A frontend running on http://localhost:3000 Cannot make API calls to http://api.mysite.com (a different origin) Unless the server allows it via CORS headers 🧾 CORS in Real Life Imagine your Angular app runs at: http://localhost:4200 And your .NET Core Web API runs at: http://localhost:5000 By default, if you try to call the API from the frontend, the browser will block the request unless...
Read more

πŸ” JWT (JSON Web Token) Explained: Secure Your APIs the Modern Way

By Tareq Marji -
  If you're building APIs or modern web apps, you've probably heard of JWT . But what is it, really? In this post, we'll break down: What JWT is How it works Why and when to use it How to implement it in a .NET Core API πŸš€ What is JWT? JWT stands for JSON Web Token . It’s a compact, URL-safe token used to securely transmit information between two parties — typically between a client and a server. Unlike traditional session-based authentication (which stores session data on the server), JWT is stateless . All the information is stored in the token itself . 🧱 Structure of a JWT A JWT has three parts , separated by dots: xxxxx.yyyyy.zzzzz 1. Header Specifies the type of token and the algorithm used to sign it. json {   "alg": "HS256",   "typ": "JWT" } 2. Payload Contains the claims (data like user ID, roles, expiration, etc.). json {   "sub": "1234567...
Read more

πŸ—‚️ DROP vs DELETE vs TRUNCATE in SQL: What’s the Difference?

By Tareq Marji -
  When working with relational databases like SQL Server, MySQL, or PostgreSQL, managing your data correctly is crucial. Three common SQL commands used to remove data or tables are: πŸ”Ή DROP πŸ”Ή DELETE πŸ”Ή TRUNCATE While they might look similar, they are very different in terms of use, performance, and consequences. Let’s break them down and understand when to use which. ⚔️ Quick Comparison Feature DELETE TRUNCATE DROP Removes data ✅ Yes ✅ Yes ❌ No (removes table) Removes structure ❌ No ❌ No ✅ Yes Can filter rows ✅ Yes (WHERE) ❌ No (all rows) ❌ N/A Transaction-safe ✅ Yes ✅ Yes (mostly) ✅ Yes Can be rolled back ✅ Yes ✅ Yes (depends) ✅ Yes (in some DBs) Resets identity ...
Read more

Ensuring Data Integrity: The Backbone of Reliable Systems

By Tareq Marji -
  n the digital age, data is everything . But just having data isn’t enough — you need data that is accurate, consistent, and trustworthy . That’s where data integrity comes in. Whether you're managing a small application or an enterprise-level system, ensuring data integrity is critical for making reliable decisions, maintaining compliance, and providing a seamless user experience. In this blog, we’ll explore: What is data integrity? Types of data integrity Common threats How to implement and maintain data integrity Best practices πŸ“Œ What is Data Integrity? Data Integrity refers to the accuracy, consistency, and reliability of data throughout its lifecycle. It ensures that data remains correct, unchanged (unless properly updated), and usable — whether it's in a database, in transit, or archived. In short: Can you trust your data? If yes, it has integrity. 🧱 Types of Data Integrity Data integrity can be categorized into two mai...
Read more

πŸ”— SQL JOINs Explained: Mastering Table Relationships

By Tareq Marji -
 In real-world databases, information is often spread across multiple tables to reduce duplication and maintain normalization. JOINs allow you to combine this data logically for powerful querying. But many developers struggle with when and how to use the different types of JOINs. Let’s break it all down — visually and practically. 🧠 What is a JOIN? A JOIN in SQL is used to combine rows from two or more tables based on a related column between them. Example Scenario : You have: Customers table Orders table You want to list all orders along with customer names. That’s where JOINs come in. 🧩 Types of SQL JOINs JOIN Type Description INNER JOIN Only matching rows from both tables LEFT JOIN All rows from the left, and matched rows from the right RIGHT JOIN All rows from the right, and matched rows from the left FULL JOIN All rows from both tables (matched or not) CROSS JOIN Cartesian product (every row of A × every row of B) SELF JOIN Joining a table to itself...
Read more

πŸ›‘️ SIEM Logs Explained: How to Build Secure and Auditable .NET Apps

By Tareq Marji -
  In today’s security-conscious world, it’s no longer enough to just log errors and crashes. You need to log security-related events too — for compliance , auditing , and incident response . That’s where SIEM logs come in. 🧠 What is SIEM? SIEM (Security Information and Event Management) is a security solution that helps organizations collect, store, analyze, and alert on security-related logs and events. Popular SIEM platforms include: πŸ›‘️ Splunk πŸ“Š IBM QRadar ☁️ Microsoft Sentinel 🧭 Elastic SIEM πŸ” ArcSight πŸ“¦ What Are SIEM Logs? SIEM logs are not a specific format. They’re structured logs that contain security-relevant events , such as: User logins / logouts Failed login attempts Access to sensitive data Privilege escalation System configuration changes These logs are sent from apps and servers to a central SIEM system , where they are: Parsed Correlated Stored Alerted upon 🧱 Anatomy of a Good...
Read more