DEV Community: Abegunde Oluwatobiloba The latest articles on DEV Community by Abegunde Oluwatobiloba (@oluwatobiloba9). https://dev.to/oluwatobiloba9 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3780136%2Fb0799948-7fe0-42c3-a3a8-d76b72686da3.png DEV Community: Abegunde Oluwatobiloba https://dev.to/oluwatobiloba9 en Building a Production-Ready .NET 8 Banking API: Clean Architecture, PostgreSQL & CI/CD on Render Abegunde Oluwatobiloba Tue, 17 Mar 2026 00:15:24 +0000 https://dev.to/oluwatobiloba9/building-a-production-ready-net-8-banking-api-clean-architecture-postgresql-cicd-on-mhb https://dev.to/oluwatobiloba9/building-a-production-ready-net-8-banking-api-clean-architecture-postgresql-cicd-on-mhb <p>There's a difference between an API that <em>works on your machine</em> and one that's genuinely production-ready. This article walks through both — building a Core Banking REST API in .NET 8 using Clean Architecture, then taking it all the way to a live deployment on Render with a full GitHub Actions CI/CD pipeline.</p> <p>We'll cover the architecture decisions, the patterns that keep the codebase maintainable, and — just as importantly — the production failures we hit and exactly how we fixed them.</p> <h2> The Stack </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Layer</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td>Framework</td> <td>ASP.NET Core 8 Web API</td> </tr> <tr> <td>Architecture</td> <td>Clean Architecture (4 layers)</td> </tr> <tr> <td>Messaging</td> <td>MediatR (CQRS pattern)</td> </tr> <tr> <td>Validation</td> <td>FluentValidation + MediatR pipeline behavior</td> </tr> <tr> <td>ORM</td> <td>Entity Framework Core 8 + Npgsql</td> </tr> <tr> <td>Database</td> <td>PostgreSQL 16</td> </tr> <tr> <td>Auth</td> <td>JWT Bearer + token blacklist</td> </tr> <tr> <td>CI/CD</td> <td>GitHub Actions</td> </tr> <tr> <td>Hosting</td> <td>Render (Docker, Linux containers)</td> </tr> <tr> <td>Containerisation</td> <td>Docker multi-stage build</td> </tr> </tbody> </table></div> <h2> Project Structure </h2> <p>The solution follows Clean Architecture — four projects with a strict dependency rule: outer layers depend on inner layers, never the reverse.</p> <p><strong>Dependency rule enforced at compile time:</strong></p> <ul> <li> <code>Domain</code> → no dependencies</li> <li> <code>Application</code> → depends only on <code>Domain</code> </li> <li> <code>Infrastructure</code> → depends on <code>Domain</code> + <code>Application</code> </li> <li> <code>Api</code> → depends on everything (composition root)</li> </ul> <p>This means your business logic in <code>Application</code> has zero knowledge of HTTP, EF Core, or any infrastructure concern. Swapping PostgreSQL for another database or replacing JWT with OAuth only touches <code>Infrastructure</code>.</p> <h2> CQRS with MediatR </h2> <p>Every user action is modelled as either a <strong>Command</strong> (mutates state) or a <strong>Query</strong> (reads state). MediatR routes them to the right handler without the controller knowing anything about the implementation.</p> <h2> The Command </h2> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// CoreBanking.Application/Commands/Auth/RegisterUserCommand.cs</span> <span class="k">public</span> <span class="k">record</span> <span class="nc">RegisterUserCommand</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">ApiResponse</span><span class="p">&lt;</span><span class="n">RegisterUserResponse</span><span class="p">&gt;&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Username</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">init</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="kt">string</span><span class="p">.</span><span class="n">Empty</span><span class="p">;</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Email</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">init</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="kt">string</span><span class="p">.</span><span class="n">Empty</span><span class="p">;</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Password</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">init</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="kt">string</span><span class="p">.</span><span class="n">Empty</span><span class="p">;</span> <span class="k">public</span> <span class="n">UserRole</span> <span class="n">Role</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">init</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>The Handler</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="c1">// CoreBanking.Application/Commands/Auth/RegisterUserCommandHandler.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">RegisterUserCommandHandler</span> <span class="p">:</span> <span class="n">IRequestHandler</span><span class="p">&lt;</span><span class="n">RegisterUserCommand</span><span class="p">,</span> <span class="n">ApiResponse</span><span class="p">&lt;</span><span class="n">RegisterUserResponse</span><span class="p">&gt;&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IUserRepository</span> <span class="n">_userRepository</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IOtpService</span> <span class="n">_otpService</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IPendingRegistrationRepository</span> <span class="n">_pendingRegistrationRepository</span><span class="p">;</span> <span class="k">public</span> <span class="nf">RegisterUserCommandHandler</span><span class="p">(</span> <span class="n">IUserRepository</span> <span class="n">userRepository</span><span class="p">,</span> <span class="n">IOtpService</span> <span class="n">otpService</span><span class="p">,</span> <span class="n">IPendingRegistrationRepository</span> <span class="n">pendingRegistrationRepository</span><span class="p">)</span> <span class="p">{</span> <span class="n">_userRepository</span> <span class="p">=</span> <span class="n">userRepository</span><span class="p">;</span> <span class="n">_otpService</span> <span class="p">=</span> <span class="n">otpService</span><span class="p">;</span> <span class="n">_pendingRegistrationRepository</span> <span class="p">=</span> <span class="n">pendingRegistrationRepository</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">ApiResponse</span><span class="p">&lt;</span><span class="n">RegisterUserResponse</span><span class="p">&gt;&gt;</span> <span class="nf">Handle</span><span class="p">(</span> <span class="n">RegisterUserCommand</span> <span class="n">request</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">await</span> <span class="n">_userRepository</span><span class="p">.</span><span class="nf">EmailExistsAsync</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">Email</span><span class="p">))</span> <span class="k">return</span> <span class="n">ApiResponse</span><span class="p">&lt;</span><span class="n">RegisterUserResponse</span><span class="p">&gt;.</span><span class="nf">Unauthorized</span><span class="p">(</span><span class="s">"Email already exists."</span><span class="p">);</span> <span class="kt">var</span> <span class="n">otpCode</span> <span class="p">=</span> <span class="n">_otpService</span><span class="p">.</span><span class="nf">GenerateOtp</span><span class="p">();</span> <span class="kt">var</span> <span class="n">pendingUser</span> <span class="p">=</span> <span class="k">new</span> <span class="n">PendingRegistration</span> <span class="p">{</span> <span class="n">Username</span> <span class="p">=</span> <span class="n">request</span><span class="p">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">Email</span> <span class="p">=</span> <span class="n">request</span><span class="p">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">PasswordHash</span> <span class="p">=</span> <span class="n">BCrypt</span><span class="p">.</span><span class="n">Net</span><span class="p">.</span><span class="n">BCrypt</span><span class="p">.</span><span class="nf">HashPassword</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">Password</span><span class="p">),</span> <span class="n">Role</span> <span class="p">=</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">Customer</span><span class="p">,</span> <span class="n">OtpCode</span> <span class="p">=</span> <span class="n">otpCode</span><span class="p">,</span> <span class="n">ExpirationTime</span> <span class="p">=</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span><span class="p">.</span><span class="nf">AddMinutes</span><span class="p">(</span><span class="m">5</span><span class="p">)</span> <span class="p">};</span> <span class="k">await</span> <span class="n">_pendingRegistrationRepository</span><span class="p">.</span><span class="nf">AddAsync</span><span class="p">(</span><span class="n">pendingUser</span><span class="p">);</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">new</span> <span class="n">RegisterUserResponse</span> <span class="p">{</span> <span class="n">Id</span> <span class="p">=</span> <span class="n">pendingUser</span><span class="p">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">Email</span> <span class="p">=</span> <span class="n">pendingUser</span><span class="p">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">Username</span> <span class="p">=</span> <span class="n">pendingUser</span><span class="p">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">Role</span> <span class="p">=</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">Customer</span><span class="p">,</span> <span class="n">Otp</span> <span class="p">=</span> <span class="n">otpCode</span> <span class="p">};</span> <span class="k">return</span> <span class="n">ApiResponse</span><span class="p">&lt;</span><span class="n">RegisterUserResponse</span><span class="p">&gt;</span> <span class="p">.</span><span class="nf">SuccessResponse</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="s">"OTP sent to your email. Please verify."</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ApiResponse</span><span class="p">&lt;</span><span class="n">RegisterUserResponse</span><span class="p">&gt;</span> <span class="p">.</span><span class="nf">InternalServerError</span><span class="p">(</span><span class="s">"Registration failed: "</span> <span class="p">+</span> <span class="n">ex</span><span class="p">.</span><span class="n">Message</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>The controller becomes a thin dispatcher — it sends the command and returns the result:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="nf">HttpPost</span><span class="p">(</span><span class="s">"register"</span><span class="p">)]</span> <span class="p">[</span><span class="nf">ProducesResponseType</span><span class="p">(</span><span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status200OK</span><span class="p">)]</span> <span class="p">[</span><span class="nf">ProducesResponseType</span><span class="p">(</span><span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status400BadRequest</span><span class="p">)]</span> <span class="p">[</span><span class="nf">ProducesResponseType</span><span class="p">(</span><span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status401Unauthorized</span><span class="p">)]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">Register</span><span class="p">(</span><span class="n">RegisterUserCommand</span> <span class="n">command</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">result</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_mediator</span><span class="p">.</span><span class="nf">Send</span><span class="p">(</span><span class="n">command</span><span class="p">);</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">result</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>The Behavior</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// CoreBanking.Application/Behaviors/ValidationBehavior.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ValidationBehavior</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">,</span> <span class="n">TResponse</span><span class="p">&gt;</span> <span class="p">:</span> <span class="n">IPipelineBehavior</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">,</span> <span class="n">TResponse</span><span class="p">&gt;</span> <span class="k">where</span> <span class="n">TRequest</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IEnumerable</span><span class="p">&lt;</span><span class="n">IValidator</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">&gt;&gt;</span> <span class="n">_validators</span><span class="p">;</span> <span class="k">public</span> <span class="nf">ValidationBehavior</span><span class="p">(</span><span class="n">IEnumerable</span><span class="p">&lt;</span><span class="n">IValidator</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">&gt;&gt;</span> <span class="n">validators</span><span class="p">)</span> <span class="p">{</span> <span class="n">_validators</span> <span class="p">=</span> <span class="n">validators</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="nf">Handle</span><span class="p">(</span> <span class="n">TRequest</span> <span class="n">request</span><span class="p">,</span> <span class="n">RequestHandlerDelegate</span><span class="p">&lt;</span><span class="n">TResponse</span><span class="p">&gt;</span> <span class="n">next</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">_validators</span><span class="p">.</span><span class="nf">Any</span><span class="p">())</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">context</span> <span class="p">=</span> <span class="k">new</span> <span class="n">ValidationContext</span><span class="p">&lt;</span><span class="n">TRequest</span><span class="p">&gt;(</span><span class="n">request</span><span class="p">);</span> <span class="kt">var</span> <span class="n">results</span> <span class="p">=</span> <span class="k">await</span> <span class="n">Task</span><span class="p">.</span><span class="nf">WhenAll</span><span class="p">(</span> <span class="n">_validators</span><span class="p">.</span><span class="nf">Select</span><span class="p">(</span><span class="n">v</span> <span class="p">=&gt;</span> <span class="n">v</span><span class="p">.</span><span class="nf">ValidateAsync</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">)));</span> <span class="kt">var</span> <span class="n">failures</span> <span class="p">=</span> <span class="n">results</span> <span class="p">.</span><span class="nf">SelectMany</span><span class="p">(</span><span class="n">r</span> <span class="p">=&gt;</span> <span class="n">r</span><span class="p">.</span><span class="n">Errors</span><span class="p">)</span> <span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">f</span> <span class="p">=&gt;</span> <span class="n">f</span> <span class="p">!=</span> <span class="k">null</span><span class="p">)</span> <span class="p">.</span><span class="nf">ToList</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="n">failures</span><span class="p">.</span><span class="n">Count</span> <span class="p">!=</span> <span class="m">0</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">ValidationException</span><span class="p">(</span><span class="n">failures</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Register it once in Program.cs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddValidatorsFromAssemblyContaining</span><span class="p">&lt;</span><span class="n">RegisterUserValidator</span><span class="p">&gt;();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddTransient</span><span class="p">(</span><span class="k">typeof</span><span class="p">(</span><span class="n">IPipelineBehavior</span><span class="p">&lt;,&gt;),</span> <span class="k">typeof</span><span class="p">(</span><span class="n">ValidationBehavior</span><span class="p">&lt;,&gt;));</span> </code></pre> </div> <p>Now write validators without touching handlers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// CoreBanking.Application/Validators/RegisterUserValidator.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">RegisterUserValidator</span> <span class="p">:</span> <span class="n">AbstractValidator</span><span class="p">&lt;</span><span class="n">RegisterUserCommand</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">RegisterUserValidator</span><span class="p">()</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="n">Email</span><span class="p">)</span> <span class="p">.</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Email is required."</span><span class="p">)</span> <span class="p">.</span><span class="nf">EmailAddress</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Invalid email format."</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="n">Password</span><span class="p">)</span> <span class="p">.</span><span class="nf">NotEmpty</span><span class="p">()</span> <span class="p">.</span><span class="nf">MinimumLength</span><span class="p">(</span><span class="m">8</span><span class="p">).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Password must be at least 8 characters."</span><span class="p">)</span> <span class="p">.</span><span class="nf">Matches</span><span class="p">(</span><span class="s">"[A-Z]"</span><span class="p">).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Password must contain at least one uppercase letter."</span><span class="p">)</span> <span class="p">.</span><span class="nf">Matches</span><span class="p">(</span><span class="s">"[0-9]"</span><span class="p">).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Password must contain at least one number."</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="n">Username</span><span class="p">)</span> <span class="p">.</span><span class="nf">NotEmpty</span><span class="p">()</span> <span class="p">.</span><span class="nf">MinimumLength</span><span class="p">(</span><span class="m">3</span><span class="p">).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Username must be at least 3 characters."</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The flow:</p> <p>HTTP Request<br> → Controller.Register()<br> → mediator.Send(command)<br> → ValidationBehavior (runs RegisterUserValidator)<br> → throws ValidationException if invalid ←── handler never reached<br> → calls next() if valid<br> → RegisterUserCommandHandler.Handle()</p> <p><strong>Global Exception Handling</strong></p> <p>ValidationException is thrown by the pipeline, not the handler. Your middleware needs to catch it explicitly and map it to a structured 400 response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// CoreBanking.Api/Middleware/ExceptionMiddleware.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ExceptionMiddleware</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">RequestDelegate</span> <span class="n">_next</span><span class="p">;</span> <span class="k">public</span> <span class="nf">ExceptionMiddleware</span><span class="p">(</span><span class="n">RequestDelegate</span> <span class="n">next</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="n">_next</span> <span class="p">=</span> <span class="n">next</span><span class="p">;</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">InvokeAsync</span><span class="p">(</span><span class="n">HttpContext</span> <span class="n">context</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">_next</span><span class="p">(</span><span class="n">context</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">ValidationException</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">errors</span> <span class="p">=</span> <span class="n">ex</span><span class="p">.</span><span class="n">Errors</span><span class="p">.</span><span class="nf">Select</span><span class="p">(</span><span class="n">e</span> <span class="p">=&gt;</span> <span class="n">e</span><span class="p">.</span><span class="n">ErrorMessage</span><span class="p">).</span><span class="nf">ToList</span><span class="p">();</span> <span class="k">await</span> <span class="nf">HandleValidationException</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">errors</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">BadRequestException</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">HandleException</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">BadRequest</span><span class="p">,</span> <span class="n">ex</span><span class="p">.</span><span class="n">Message</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">UnauthorizedAccessException</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">HandleException</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">Unauthorized</span><span class="p">,</span> <span class="n">ex</span><span class="p">.</span><span class="n">Message</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">HandleException</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">InternalServerError</span><span class="p">,</span> <span class="n">ex</span><span class="p">.</span><span class="n">Message</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">private</span> <span class="k">static</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">HandleValidationException</span><span class="p">(</span><span class="n">HttpContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">List</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;</span> <span class="n">errors</span><span class="p">)</span> <span class="p">{</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">ContentType</span> <span class="p">=</span> <span class="s">"application/json"</span><span class="p">;</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">StatusCode</span> <span class="p">=</span> <span class="p">(</span><span class="kt">int</span><span class="p">)</span><span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">BadRequest</span><span class="p">;</span> <span class="k">await</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="nf">WriteAsync</span><span class="p">(</span><span class="n">JsonSerializer</span><span class="p">.</span><span class="nf">Serialize</span><span class="p">(</span><span class="k">new</span> <span class="p">{</span> <span class="n">status</span> <span class="p">=</span> <span class="m">400</span><span class="p">,</span> <span class="n">message</span> <span class="p">=</span> <span class="s">"Validation failed"</span><span class="p">,</span> <span class="n">errors</span> <span class="p">}));</span> <span class="p">}</span> <span class="k">private</span> <span class="k">static</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">HandleException</span><span class="p">(</span> <span class="n">HttpContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">HttpStatusCode</span> <span class="n">statusCode</span><span class="p">,</span> <span class="kt">string</span> <span class="n">message</span><span class="p">)</span> <span class="p">{</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">ContentType</span> <span class="p">=</span> <span class="s">"application/json"</span><span class="p">;</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">StatusCode</span> <span class="p">=</span> <span class="p">(</span><span class="kt">int</span><span class="p">)</span><span class="n">statusCode</span><span class="p">;</span> <span class="k">await</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="nf">WriteAsync</span><span class="p">(</span><span class="n">JsonSerializer</span><span class="p">.</span><span class="nf">Serialize</span><span class="p">(</span><span class="k">new</span> <span class="p">{</span> <span class="n">status</span> <span class="p">=</span> <span class="p">(</span><span class="kt">int</span><span class="p">)</span><span class="n">statusCode</span><span class="p">,</span> <span class="n">message</span> <span class="p">}));</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>A validation failure now always returns:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="mi">400</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Validation failed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"errors"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"Password must contain at least one uppercase letter."</span><span class="p">,</span><span class="w"> </span><span class="s2">"Username must be at least 3 characters."</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Key insight: ValidationException must be caught before the generic Exception catch. C# evaluates catch blocks in order — the first matching type wins.</p> <p><strong>JWT Authentication with Token Blacklisting</strong><br> Standard JWT is stateless — once issued, a token is valid until expiry. For logout to be meaningful in a banking context, you need to revoke tokens server-side.</p> <p>The approach: store revoked tokens in a TokenBlacklist table and check it on every validated request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs — JWT configuration</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthentication</span><span class="p">(</span><span class="s">"Bearer"</span><span class="p">)</span> <span class="p">.</span><span class="nf">AddJwtBearer</span><span class="p">(</span><span class="s">"Bearer"</span><span class="p">,</span> <span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">TokenValidationParameters</span> <span class="p">=</span> <span class="k">new</span> <span class="n">TokenValidationParameters</span> <span class="p">{</span> <span class="n">ValidateIssuer</span> <span class="p">=</span> <span class="k">true</span><span class="p">,</span> <span class="n">ValidateAudience</span> <span class="p">=</span> <span class="k">true</span><span class="p">,</span> <span class="n">ValidateLifetime</span> <span class="p">=</span> <span class="k">true</span><span class="p">,</span> <span class="n">ValidateIssuerSigningKey</span> <span class="p">=</span> <span class="k">true</span><span class="p">,</span> <span class="n">ValidIssuer</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">[</span><span class="s">"Jwt:Issuer"</span><span class="p">],</span> <span class="n">ValidAudience</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">[</span><span class="s">"Jwt:Audience"</span><span class="p">],</span> <span class="n">IssuerSigningKey</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">SymmetricSecurityKey</span><span class="p">(</span> <span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="nf">GetBytes</span><span class="p">(</span> <span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">[</span><span class="s">"Jwt:Key"</span><span class="p">]</span> <span class="p">??</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">InvalidOperationException</span><span class="p">(</span><span class="s">"Jwt:Key is not configured."</span><span class="p">)))</span> <span class="p">};</span> <span class="n">options</span><span class="p">.</span><span class="n">Events</span> <span class="p">=</span> <span class="k">new</span> <span class="n">JwtBearerEvents</span> <span class="p">{</span> <span class="n">OnTokenValidated</span> <span class="p">=</span> <span class="k">async</span> <span class="n">context</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">blacklistRepo</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="n">HttpContext</span><span class="p">.</span><span class="n">RequestServices</span> <span class="p">.</span><span class="n">GetRequiredService</span><span class="p">&lt;</span><span class="n">ITokenBlacklistRepository</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">rawToken</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="n">Request</span><span class="p">.</span><span class="n">Headers</span><span class="p">[</span><span class="s">"Authorization"</span><span class="p">]</span> <span class="p">.</span><span class="nf">ToString</span><span class="p">()</span> <span class="p">.</span><span class="nf">Replace</span><span class="p">(</span><span class="s">"Bearer "</span><span class="p">,</span> <span class="s">""</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="k">await</span> <span class="n">blacklistRepo</span><span class="p">.</span><span class="nf">IsTokenRevokedAsync</span><span class="p">(</span><span class="n">rawToken</span><span class="p">))</span> <span class="n">context</span><span class="p">.</span><span class="nf">Fail</span><span class="p">(</span><span class="s">"Token has been revoked."</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="p">});</span> </code></pre> </div> <p>The OnTokenValidated event fires after signature verification passes but before the request proceeds — the ideal interception point.</p> <p><strong>Swagger with Full Documentation</strong><br> Two things are needed for Swagger to show proper documentation: XML doc generation and endpoint attributes.</p> <p><strong>Enable XML generation in the .csproj</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;PropertyGroup&gt;</span> <span class="nt">&lt;GenerateDocumentationFile&gt;</span>true<span class="nt">&lt;/GenerateDocumentationFile&gt;</span> <span class="nt">&lt;NoWarn&gt;</span>$(NoWarn);1591<span class="nt">&lt;/NoWarn&gt;</span> <span class="c">&lt;!-- suppress missing-XML-comment warnings --&gt;</span> <span class="nt">&lt;/PropertyGroup&gt;</span> </code></pre> </div> <p><strong>Wire it into Swagger</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddSwaggerGen</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="nf">SwaggerDoc</span><span class="p">(</span><span class="s">"v1"</span><span class="p">,</span> <span class="k">new</span> <span class="n">OpenApiInfo</span> <span class="p">{</span> <span class="n">Title</span> <span class="p">=</span> <span class="s">"CoreBanking API"</span><span class="p">,</span> <span class="n">Version</span> <span class="p">=</span> <span class="s">"v1"</span><span class="p">,</span> <span class="n">Description</span> <span class="p">=</span> <span class="s">"Core Banking System REST API"</span> <span class="p">});</span> <span class="c1">// Load XML comments</span> <span class="kt">var</span> <span class="n">xmlPath</span> <span class="p">=</span> <span class="n">Path</span><span class="p">.</span><span class="nf">Combine</span><span class="p">(</span><span class="n">AppContext</span><span class="p">.</span><span class="n">BaseDirectory</span><span class="p">,</span> <span class="s">$"</span><span class="p">{</span><span class="n">Assembly</span><span class="p">.</span><span class="nf">GetExecutingAssembly</span><span class="p">().</span><span class="nf">GetName</span><span class="p">().</span><span class="n">Name</span><span class="p">}</span><span class="s">.xml"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">File</span><span class="p">.</span><span class="nf">Exists</span><span class="p">(</span><span class="n">xmlPath</span><span class="p">))</span> <span class="n">options</span><span class="p">.</span><span class="nf">IncludeXmlComments</span><span class="p">(</span><span class="n">xmlPath</span><span class="p">);</span> <span class="c1">// JWT Bearer button</span> <span class="n">options</span><span class="p">.</span><span class="nf">AddSecurityDefinition</span><span class="p">(</span><span class="s">"Bearer"</span><span class="p">,</span> <span class="k">new</span> <span class="n">OpenApiSecurityScheme</span> <span class="p">{</span> <span class="n">Name</span> <span class="p">=</span> <span class="s">"Authorization"</span><span class="p">,</span> <span class="n">Type</span> <span class="p">=</span> <span class="n">SecuritySchemeType</span><span class="p">.</span><span class="n">Http</span><span class="p">,</span> <span class="n">Scheme</span> <span class="p">=</span> <span class="s">"bearer"</span><span class="p">,</span> <span class="n">BearerFormat</span> <span class="p">=</span> <span class="s">"JWT"</span><span class="p">,</span> <span class="n">In</span> <span class="p">=</span> <span class="n">ParameterLocation</span><span class="p">.</span><span class="n">Header</span><span class="p">,</span> <span class="n">Description</span> <span class="p">=</span> <span class="s">"Enter your JWT token"</span> <span class="p">});</span> <span class="n">options</span><span class="p">.</span><span class="nf">AddSecurityRequirement</span><span class="p">(</span><span class="k">new</span> <span class="n">OpenApiSecurityRequirement</span> <span class="p">{</span> <span class="p">{</span> <span class="k">new</span> <span class="n">OpenApiSecurityScheme</span> <span class="p">{</span> <span class="n">Reference</span> <span class="p">=</span> <span class="k">new</span> <span class="n">OpenApiReference</span> <span class="p">{</span> <span class="n">Type</span> <span class="p">=</span> <span class="n">ReferenceType</span><span class="p">.</span><span class="n">SecurityScheme</span><span class="p">,</span> <span class="n">Id</span> <span class="p">=</span> <span class="s">"Bearer"</span> <span class="p">}</span> <span class="p">},</span> <span class="n">Array</span><span class="p">.</span><span class="n">Empty</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;()</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p><strong>Document endpoints with XML comments and response types</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">/// &lt;summary&gt;</span> <span class="c1">/// Registers a new user account.</span> <span class="c1">/// &lt;/summary&gt;</span> <span class="c1">/// &lt;remarks&gt;</span> <span class="c1">/// Creates a pending registration and sends a one-time password (OTP) to the provided email.</span> <span class="c1">/// The account is not active until the OTP is verified via the verify-otp endpoint.</span> <span class="c1">/// &lt;/remarks&gt;</span> <span class="c1">/// &lt;response code="200"&gt;Registration initiated — OTP sent to email.&lt;/response&gt;</span> <span class="c1">/// &lt;response code="400"&gt;Validation failed.&lt;/response&gt;</span> <span class="c1">/// &lt;response code="401"&gt;Email already registered.&lt;/response&gt;</span> <span class="p">[</span><span class="nf">HttpPost</span><span class="p">(</span><span class="s">"register"</span><span class="p">)]</span> <span class="p">[</span><span class="nf">ProducesResponseType</span><span class="p">(</span><span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status200OK</span><span class="p">)]</span> <span class="p">[</span><span class="nf">ProducesResponseType</span><span class="p">(</span><span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status400BadRequest</span><span class="p">)]</span> <span class="p">[</span><span class="nf">ProducesResponseType</span><span class="p">(</span><span class="n">StatusCodes</span><span class="p">.</span><span class="n">Status401Unauthorized</span><span class="p">)]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">Register</span><span class="p">(</span><span class="n">RegisterUserCommand</span> <span class="n">command</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">result</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_mediator</span><span class="p">.</span><span class="nf">Send</span><span class="p">(</span><span class="n">command</span><span class="p">);</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">result</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2gqtujf0a1pnxui2dixb.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2gqtujf0a1pnxui2dixb.PNG" alt=" " width="800" height="431"></a></p> <p><strong>Production Problem #1: LocalDB Is Windows-Only</strong><br> Production Problem #1: LocalDB Is Windows-Only</p> <p>LocalDB is not supported on this platform.</p> <p>LocalDB is a Windows-only SQL Server feature. Render runs Linux. The fix: switch to PostgreSQL.</p> <p><strong>1. Swap the NuGet package</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="c">&lt;!-- Remove --&gt;</span> <span class="nt">&lt;PackageReference</span> <span class="na">Include=</span><span class="s">"Microsoft.EntityFrameworkCore.SqlServer"</span> <span class="na">Version=</span><span class="s">"8.0.11"</span> <span class="nt">/&gt;</span> <span class="c">&lt;!-- Add --&gt;</span> <span class="nt">&lt;PackageReference</span> <span class="na">Include=</span><span class="s">"Npgsql.EntityFrameworkCore.PostgreSQL"</span> <span class="na">Version=</span><span class="s">"8.0.11"</span> <span class="nt">/&gt;</span> </code></pre> </div> <p><strong>2. Change the provider registration</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Before</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddDbContext</span><span class="p">&lt;</span><span class="n">AppDbContext</span><span class="p">&gt;(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="n">options</span><span class="p">.</span><span class="nf">UseSqlServer</span><span class="p">(</span><span class="n">connectionString</span><span class="p">));</span> <span class="c1">// After</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddDbContext</span><span class="p">&lt;</span><span class="n">AppDbContext</span><span class="p">&gt;(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="n">options</span><span class="p">.</span><span class="nf">UseNpgsql</span><span class="p">(</span><span class="n">connectionString</span><span class="p">));</span> </code></pre> </div> <p><strong>3. Delete and regenerate migrations</strong><br> SQL Server migrations use Windows-specific types (uniqueidentifier, nvarchar, datetime2, bit). PostgreSQL uses uuid, text, timestamp with time zone, boolean. They are not compatible.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Delete old migrations</span> <span class="nb">rm</span> <span class="nt">-rf</span> CoreBanking.Infrastructure/Migrations <span class="c"># Regenerate for PostgreSQL</span> dotnet ef migrations add InitialCreate <span class="se">\</span> <span class="nt">--project</span> CoreBanking.Infrastructure <span class="se">\</span> <span class="nt">--startup-project</span> CoreBanking.Api </code></pre> </div> <p><strong>4. Update the connection string format</strong><br> Npgsql uses key-value format — not the PostgreSQL URL format:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// WRONG — this is a PostgreSQL URL, not a Npgsql connection string "DefaultConnection": "postgres://user:pass@host/db" // CORRECT — Npgsql key-value format "DefaultConnection": "Host=localhost;Port=5432;Database=corebankingdb;Username=postgres;Password=yourpassword" </code></pre> </div> <p><strong>Production Problem #2: Migration Fails on Existing Data</strong><br> When we converted the Role column from text to an integer enum, the migration crashed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SqlState: 23502 column "Role" of relation "Users" contains null values </code></pre> </div> <p>Why: The USING CASE expression in PostgreSQL's ALTER COLUMN ... TYPE is evaluated row-by-row. If any row has NULL or an unrecognised string value, the CASE produces NULL. Because Role is NOT NULL, PostgreSQL rejects it.</p> <p>The fix — two steps:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Migration: ChangeUserRoleToEnum.cs</span> <span class="c1">// Step 1: sanitise any NULL or unrecognised values before the type change</span> <span class="n">migrationBuilder</span><span class="p">.</span><span class="nf">Sql</span><span class="p">(</span> <span class="s">@"UPDATE ""Users"" SET ""Role"" = 'Customer' WHERE ""Role"" IS NULL OR ""Role"" NOT IN ('Customer', 'Admin');"</span> <span class="p">);</span> <span class="c1">// Step 2: convert with an ELSE fallback as a safety net</span> <span class="n">migrationBuilder</span><span class="p">.</span><span class="nf">Sql</span><span class="p">(</span> <span class="s">@"ALTER TABLE ""Users"" ALTER COLUMN ""Role"" TYPE integer USING CASE WHEN ""Role"" = 'Customer' THEN 0 WHEN ""Role"" = 'Admin' THEN 1 ELSE 0 END;"</span> <span class="p">);</span> </code></pre> </div> <p>The UPDATE cleans the data first. The ELSE 0 is a defensive fallback for anything that slips through.</p> <p><strong>Production Problem #3: Auto-Migrate on Startup</strong><br> On a PaaS like Render, you don't have CLI access to run dotnet ef database update. The solution: run migrations automatically on startup.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs — after app.Build()</span> <span class="k">using</span> <span class="p">(</span><span class="kt">var</span> <span class="n">scope</span> <span class="p">=</span> <span class="n">app</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">CreateScope</span><span class="p">())</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">db</span> <span class="p">=</span> <span class="n">scope</span><span class="p">.</span><span class="n">ServiceProvider</span><span class="p">.</span><span class="n">GetRequiredService</span><span class="p">&lt;</span><span class="n">AppDbContext</span><span class="p">&gt;();</span> <span class="n">db</span><span class="p">.</span><span class="n">Database</span><span class="p">.</span><span class="nf">Migrate</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>Migrate() is idempotent — it checks __EFMigrationsHistory and only applies unapplied migrations. Safe to call on every startup.</p> <p>Trade-off: This works well for a single-instance API. For horizontally scaled services, you'll want a dedicated migration job to avoid race conditions between instances running migrations simultaneously.</p> <p><strong>Production Problem #4: UseUrls Breaking Local Dev</strong><br> Adding UseUrls unconditionally to support Render's PORT environment variable broke Visual Studio's HTTPS profile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// WRONG — overrides launchSettings.json even in local dev</span> <span class="n">builder</span><span class="p">.</span><span class="n">WebHost</span><span class="p">.</span><span class="nf">UseUrls</span><span class="p">(</span><span class="s">$"http://+:</span><span class="p">{</span><span class="n">port</span><span class="p">}</span><span class="s">"</span><span class="p">);</span> </code></pre> </div> <p>The fix: only call UseUrls when the PORT env var is explicitly set by the platform:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs</span> <span class="kt">var</span> <span class="n">port</span> <span class="p">=</span> <span class="n">Environment</span><span class="p">.</span><span class="nf">GetEnvironmentVariable</span><span class="p">(</span><span class="s">"PORT"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">port</span> <span class="k">is</span> <span class="k">not</span> <span class="k">null</span><span class="p">)</span> <span class="p">{</span> <span class="n">builder</span><span class="p">.</span><span class="n">WebHost</span><span class="p">.</span><span class="nf">UseUrls</span><span class="p">(</span><span class="s">$"http://+:</span><span class="p">{</span><span class="n">port</span><span class="p">}</span><span class="s">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Local development falls through to launchSettings.json profiles as normal. Render sets PORT, so the deployed instance binds to the correct port.</p> <p><strong>Production Problem #5: Disable File Watching in Containers</strong><br> By default, ASP.NET Core watches appsettings.json for changes at runtime using FileSystemWatcher. In a Linux container, this consumes inotify handles a limited OS resource. In production, config files never change at runtime anyway.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Program.cs</span> <span class="k">if</span> <span class="p">(</span><span class="n">builder</span><span class="p">.</span><span class="n">Environment</span><span class="p">.</span><span class="nf">IsProduction</span><span class="p">())</span> <span class="p">{</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">source</span> <span class="k">in</span> <span class="n">builder</span><span class="p">.</span><span class="n">Configuration</span><span class="p">.</span><span class="n">Sources</span> <span class="p">.</span><span class="n">OfType</span><span class="p">&lt;</span><span class="n">JsonConfigurationSource</span><span class="p">&gt;())</span> <span class="p">{</span> <span class="n">source</span><span class="p">.</span><span class="n">ReloadOnChange</span> <span class="p">=</span> <span class="k">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>GitHub Actions CI/CD Pipeline</strong><br> The pipeline runs 4 stages on every push:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .github/workflows/ci-cd.yml</span> <span class="na">name</span><span class="pi">:</span> <span class="s">CI/CD Pipeline</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">,</span> <span class="nv">develop</span><span class="pi">]</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build-and-test</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build &amp; Test</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">services</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:16</span> <span class="na">env</span><span class="pi">:</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">CoreBankingDb</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">5432:5432</span> <span class="na">options</span><span class="pi">:</span> <span class="pi">&gt;-</span> <span class="s">--health-cmd pg_isready</span> <span class="s">--health-interval 10s</span> <span class="s">--health-timeout 5s</span> <span class="s">--health-retries 5</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup .NET</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-dotnet@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">dotnet-version</span><span class="pi">:</span> <span class="s">8.0.x</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Restore</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet restore Corebankingapp.sln</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">dotnet build Corebankingapp.sln --no-restore --configuration Release</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test</span> <span class="na">env</span><span class="pi">:</span> <span class="na">ConnectionStrings__DefaultConnection</span><span class="pi">:</span> <span class="pi">&gt;-</span> <span class="s">Host=localhost;Port=5432;Database=CoreBankingDb;</span> <span class="s">Username=postgres;Password=postgres</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">&gt;-</span> <span class="s">dotnet test Corebankingapp.sln</span> <span class="s">--no-build --configuration Release</span> <span class="s">--logger trx --results-directory TestResults</span> <span class="na">docker-build</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Docker Build &amp; Push</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">build-and-test</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.ref == 'refs/heads/main'</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/login-action@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">registry</span><span class="pi">:</span> <span class="s">ghcr.io</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${{ github.actor }}</span> <span class="na">password</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/build-push-action@v5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">tags</span><span class="pi">:</span> <span class="s">ghcr.io/${{ github.repository }}:latest</span> </code></pre> </div> <p>Critical: The integration test suite uses WebApplicationFactory which calls db.Database.Migrate() on startup. Without a real PostgreSQL instance in CI, the test run crashes immediately. The services: postgres: block provides one.</p> <p><strong>Dockerfile — Multi-Stage Build</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">mcr.microsoft.com/dotnet/aspnet:8.0</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">base</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">FROM</span><span class="w"> </span><span class="s">mcr.microsoft.com/dotnet/sdk:8.0</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">build</span> <span class="k">WORKDIR</span><span class="s"> /src</span> <span class="k">COPY</span><span class="s"> ["CoreBanking.Api/CoreBanking.Api.csproj", "CoreBanking.Api/"]</span> <span class="k">COPY</span><span class="s"> ["CoreBanking.Application/CoreBanking.Application.csproj", "CoreBanking.Application/"]</span> <span class="k">COPY</span><span class="s"> ["CoreBanking.Domain/CoreBanking.Domain.csproj", "CoreBanking.Domain/"]</span> <span class="k">COPY</span><span class="s"> ["CoreBanking.Infrastructure/CoreBanking.Infrastructure.csproj", "CoreBanking.Infrastructure/"]</span> <span class="k">RUN </span>dotnet restore <span class="s2">"CoreBanking.Api/CoreBanking.Api.csproj"</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>dotnet publish <span class="s2">"CoreBanking.Api/CoreBanking.Api.csproj"</span> <span class="se">\ </span> <span class="nt">-c</span> Release <span class="nt">-o</span> /app/publish <span class="nt">--no-restore</span> <span class="k">FROM</span><span class="w"> </span><span class="s">base</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">final</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">RUN </span>apt-get update <span class="se">\ </span> <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> <span class="nt">--no-install-recommends</span> curl <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> <span class="k">COPY</span><span class="s"> --from=publish /app/publish .</span> <span class="k">ENV</span><span class="s"> PORT=8080</span> <span class="k">ENV</span><span class="s"> ASPNETCORE_ENVIRONMENT=Production</span> <span class="k">HEALTHCHECK</span><span class="s"> --interval=30s --timeout=10s --start-period=30s --retries=3 \</span> CMD curl -f http://localhost:${PORT}/health || exit 1 <span class="k">ENTRYPOINT</span><span class="s"> ["dotnet", "CoreBanking.Api.dll"]</span> </code></pre> </div> <p>Key decisions:</p> <p>. Multi-stage: SDK image for build, runtime-only image for final — keeps the deployed image small<br> . HEALTHCHECK: Render uses /health to determine when a deploy is live<br> . No HTTPS redirect in production: Render terminates TLS at the load balancer; the container only needs HTTP</p> <p><strong>Integration Tests</strong><br> Using WebApplicationFactory to test the real startup pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// CoreBanking.Tests/HealthCheckTests.cs</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">HealthCheckTests</span> <span class="p">:</span> <span class="n">IClassFixture</span><span class="p">&lt;</span><span class="n">WebApplicationFactory</span><span class="p">&lt;</span><span class="n">Program</span><span class="p">&gt;&gt;</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">HttpClient</span> <span class="n">_client</span><span class="p">;</span> <span class="k">public</span> <span class="nf">HealthCheckTests</span><span class="p">(</span><span class="n">WebApplicationFactory</span><span class="p">&lt;</span><span class="n">Program</span><span class="p">&gt;</span> <span class="n">factory</span><span class="p">)</span> <span class="p">{</span> <span class="n">_client</span> <span class="p">=</span> <span class="n">factory</span><span class="p">.</span><span class="nf">CreateClient</span><span class="p">();</span> <span class="p">}</span> <span class="p">[</span><span class="n">Fact</span><span class="p">]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">HealthEndpoint_ReturnsHealthy</span><span class="p">()</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_client</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">(</span><span class="s">"/health"</span><span class="p">);</span> <span class="n">response</span><span class="p">.</span><span class="nf">EnsureSuccessStatusCode</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The public partial class Program { } declaration at the bottom of Program.cs makes the class accessible to the test project across assembly boundaries.</p> <p><strong>Key Takeaways</strong><br> <strong>Architecture</strong></p> <ul> <li>Clean Architecture enforces separation of concerns at the project level not just folder level</li> <li>CQRS with MediatR keeps controllers thin and handlers focused on a single operation</li> <li>Pipeline behaviors are the right place for cross-cutting concerns like validation and logging — not individual handlers</li> </ul> <p><strong>Validation</strong></p> <ul> <li>Never validate in the handler if you have a pipeline behavior — it's duplication that erodes the architecture</li> <li>Catch FluentValidation.ValidationException explicitly in middleware before the generic Exception catch</li> </ul> <p><strong>PostgreSQL &amp; EF Core</strong></p> <ul> <li>LocalDB is Windows-only; plan for PostgreSQL from day one if you're targeting Linux</li> <li>SQL Server and PostgreSQL EF Core migrations are not compatible — regenerate when switching providers</li> <li>When converting column types in PostgreSQL, sanitise data with UPDATE first, then use ALTER COLUMN ... USING CASE with an ELSE fallback</li> <li>db.Database.Migrate() on startup is pragmatic for single-instance PaaS deployment</li> </ul> <p><strong>Platform &amp; Containers</strong></p> <ul> <li>Only call UseUrls when a PORT env var is explicitly set — otherwise you'll break local dev profiles</li> <li>Disable ReloadOnChange on config sources in production containers to avoid consuming inotify handles</li> <li>Skip HTTPS redirect inside containers when TLS is terminated at the load balancer</li> </ul> <p><strong>CI/CD</strong></p> <ul> <li>Integration tests that touch the database need a real database in CI — not a mock, not SQLite</li> <li>Add a services: postgres: block to your GitHub Actions job and pass the connection string as an env var to the test step</li> </ul> <p><em>Built with .NET 8, PostgreSQL 16, GitHub Actions, and Render.</em></p> <p><strong>Repository link:</strong> <a href="https://github.com/adisaomoabegunde/CoreBankingApp" rel="noopener noreferrer">https://github.com/adisaomoabegunde/CoreBankingApp</a></p> webdev programming dotnet backend