Back to Details

dotnet-webapi

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

ASP.NET Core Web API

ASP.NET Core Web API

Produce well-structured ASP.NET Core Web API endpoints with proper HTTP semantics, OpenAPI documentation, and error handling.
创建结构规范的ASP.NET Core Web API端点,确保遵循正确的HTTP语义、OpenAPI文档规范与错误处理机制。

When to Use

适用场景

Use this skill when working on ASP.NET Core HTTP APIs, including:
  • adding or modifying Web API endpoints implemented with controllers or minimal APIs;
  • wiring up OpenAPI/Swagger metadata and endpoint documentation;
  • defining request/response DTOs and consistent HTTP status code behavior;
  • adding 
    .http
    files or similar request-based API testing artifacts;
  • configuring centralized API error handling middleware or exception mapping.
在开发ASP.NET Core HTTP API时使用本技能,包括:
  • 添加或修改基于控制器或Minimal APIs实现的Web API端点;
  • 配置OpenAPI/Swagger元数据与端点文档;
  • 定义请求/响应DTO(数据传输对象),并统一HTTP状态码行为;
  • 添加
    .http
    文件或类似的基于请求的API测试工件;
  • 配置集中式API错误处理中间件或异常映射规则。

When Not to Use

不适用场景

Do not use this skill for:
  • general C# coding style or non-API refactoring;
  • EF Core data modeling or query optimization work; use 
    optimizing-ef-core-queries
    ;
  • frontend, Razor, or Blazor UI changes;
  • gRPC services;
  • SignalR hubs or real-time messaging flows.
请勿将本技能用于以下场景:
  • 通用C#编码风格优化或非API重构;
  • EF Core数据建模或查询优化工作(请使用
    optimizing-ef-core-queries
    技能);
  • 前端、Razor或Blazor界面修改;
  • gRPC服务开发;
  • SignalR集线器或实时消息流开发。

Inputs / prerequisites

输入/前提条件

Before applying this skill, gather the project context needed to match the existing API style and wiring:
  • the ASP.NET Core entry point, typically 
    Program.cs
    ;
  • any existing controllers, especially classes inheriting 
    ControllerBase
    or using 
    [ApiController]
    ;
  • any existing minimal API registrations such as 
    app.MapGet
    , 
    app.MapPost
    , 
    app.MapPut
    , or 
    app.MapDelete
    ;
  • related DTO, model, validation, and error-handling types already used by the project;
  • available build, run, and test commands so changes can be verified.
If the user asks for a new endpoint, inspect the current project structure first so the implementation follows the established conventions rather than mixing styles.
应用本技能前,请收集匹配现有API风格与配置所需的项目上下文:
  • ASP.NET Core入口文件,通常为
    Program.cs
  • 所有现有控制器,尤其是继承
    ControllerBase
    或标记
    [ApiController]
    特性的类;
  • 所有现有Minimal API注册代码,如
    app.MapGet
    app.MapPost
    app.MapPut
    app.MapDelete
  • 项目已使用的相关DTO、模型、验证与错误处理类型;
  • 可用的构建、运行与测试命令,以便验证修改效果。
如果用户要求创建新端点,请先检查当前项目结构,确保实现遵循已有的约定,避免混合不同风格。

Workflow

工作流程

Step 1: Determine the API style

步骤1:确定API风格

Scan the project for existing endpoint patterns before writing any code.
  1. Search for classes inheriting 
    ControllerBase
    or decorated with 
    [ApiController]
    .
  2. Search 
    Program.cs
    or endpoint files for 
    app.MapGet
    , 
    app.MapPost
    , etc.
  3. If the project already uses controllers, continue with controllers.
  4. If the project already uses minimal APIs, continue with minimal APIs.
  5. If neither exists (new project), default to minimal APIs unless the user explicitly requests controllers.
Do not mix styles in the same project.
在编写任何代码前,先扫描项目中的现有端点模式。
  1. 搜索继承
    ControllerBase
    或标记
    [ApiController]
    特性的类;
  2. Program.cs
    或端点文件中搜索
    app.MapGet
    app.MapPost
    等方法;
  3. 如果项目已使用控制器,则继续使用控制器风格;
  4. 如果项目已使用Minimal APIs,则继续使用Minimal APIs风格;
  5. 如果两者都不存在(新项目),默认使用Minimal APIs,除非用户明确要求使用控制器。
请勿在同一项目中混合使用两种风格。

Step 2: Define request and response types

步骤2:定义请求与响应类型

Create dedicated types for API input and output. Never expose EF Core entities directly in request or response bodies.
Use 
sealed record
for all DTOs. Records enforce immutability, provide value-based equality, and produce concise code. Seal them to prevent unintended inheritance and enable JIT devirtualization (CA1852).
Naming convention:
RoleConventionExample
Input (create)
Create{Entity}Request
CreateProductRequest
Input (update)
Update{Entity}Request
UpdateProductRequest
Output (single)
{Entity}Response
ProductResponse
Output (list)
{Entity}ListResponse
ProductListResponse
XML doc comments on all DTOs: Add 
<summary>
XML doc comments to every request and response type exposed in the API. These comments are automatically included in the generated OpenAPI specification, producing richer documentation without extra metadata calls.
Reference: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/openapi/openapi-comments
Date and time values — use 
DateTimeOffset
: When a DTO includes a date or time property, always use 
DateTimeOffset
instead of 
DateTime
. 
DateTimeOffset
preserves the UTC offset, avoids ambiguous timezone conversions, and serializes to ISO 8601 with offset information in JSON — which is what API consumers expect.
Reference: https://learn.microsoft.com/en-us/dotnet/api/system.datetimeoffset JSON serialization options — preserve existing behavior by default: For existing APIs, do not introduce stricter serialization/deserialization settings unless the project already uses them or the user explicitly asks for them. Settings such as case-sensitive property matching and strict number handling can break existing clients. For new projects, or when strict JSON handling is explicitly requested, configure options like the following to minimize the potential of processing malicious requests:
csharp
// Apply these settings only for new projects, when the existing project already
// uses them, or when the user explicitly requests stricter JSON behavior.
builder.Services.ConfigureHttpJsonOptions(options =>
{
    // disallow reading numbers from JSON strings
    options.SerializerOptions.NumberHandling = JsonNumberHandling.Strict;
    // match properties with exact casing during deserialization
    options.SerializerOptions.PropertyNameCaseInsensitive = false;
    // reject duplicate JSON property names during deserialization
    options.SerializerOptions.AllowDuplicateProperties = false;
    // omit null properties from serialized output
    options.SerializerOptions.DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull;
});
Enum properties — serialize as strings by default: Unless the user explicitly requests integer serialization, all enum properties should be serialized as strings. String-serialized enums are human-readable, less fragile when values are reordered, and produce better OpenAPI documentation. See Step 4 for the 
JsonStringEnumConverter
configuration.
Response DTOs — use positional sealed records for concise, immutable output:
csharp
/// <summary>Represents a product returned by the API.</summary>
public sealed record ProductResponse(
    int Id,
    string Name,
    decimal Price,
    Category Category,
    bool IsAvailable,
    DateTimeOffset CreatedAt);
Request DTOs — use sealed records with 
init
properties so data annotations work naturally:
csharp
/// <summary>Payload for creating a new product.</summary>
public sealed record CreateProductRequest
{
    [Required, MaxLength(200)]
    public required string Name { get; init; }

    [Range(0.01, 999999.99)]
    public required decimal Price { get; init; }

    public required Category Category { get; init; }
}
Follow the same pattern for 
Update{Entity}Request
records, adding any additional properties the update requires (e.g., 
IsAvailable
).
Minimal API validation — register explicitly: Data-annotation validation (
[Required]
, 
[MaxLength]
, 
[Range]
, etc.) is automatic in MVC controllers, but minimal APIs require explicit opt-in. For .NET 10+ projects using minimal APIs, add the validation services in 
Program.cs
:
csharp
builder.Services.AddValidation();
This wires up an endpoint filter that validates parameters decorated with data annotations before the handler executes, returning a 
400 Bad Request
with a validation problem details response on failure.
Reference: https://learn.microsoft.com/aspnet/core/fundamentals/minimal-apis?view=aspnetcore-10.0
Do not use mutable classes (
{ get; set; }
) for DTOs. Mutable DTOs allow accidental modification after construction and lose the self-documenting immutability that records provide.
为API输入和输出创建专用类型,切勿直接在请求或响应体中暴露EF Core实体。
所有DTO使用
sealed record
类型。Record类型强制不可变性,提供基于值的相等性检查,并生成简洁的代码。密封类型可防止意外继承,并支持JIT去虚拟化(符合CA1852规则)。
命名约定:
角色约定示例
创建请求
Create{Entity}Request
CreateProductRequest
更新请求
Update{Entity}Request
UpdateProductRequest
单个输出
{Entity}Response
ProductResponse
列表输出
{Entity}ListResponse
ProductListResponse
所有DTO添加XML文档注释: 为API中暴露的每个请求和响应类型添加
<summary>
XML文档注释。这些注释会自动包含在生成的OpenAPI规范中,无需额外元数据调用即可生成更丰富的文档。
参考链接:https://learn.microsoft.com/en-us/aspnet/core/fundamentals/openapi/openapi-comments
日期时间值——使用
DateTimeOffset
 当DTO包含日期或时间属性时,始终使用
DateTimeOffset
而非
DateTime
DateTimeOffset
保留UTC偏移量,避免模糊的时区转换,并以带偏移信息的ISO 8601格式序列化为JSON,这是API消费者期望的格式。
参考链接:https://learn.microsoft.com/en-us/dotnet/api/system.datetimeoffset JSON序列化选项——默认保留现有行为: 对于现有API,除非项目已使用更严格的序列化/反序列化设置,或用户明确要求,否则不要引入此类设置。区分大小写的属性匹配、严格数字处理等设置可能会破坏现有客户端。对于新项目,或当明确要求严格JSON处理时,可配置以下选项以降低处理恶意请求的风险:
csharp
// 仅在新项目、现有项目已使用,或用户明确要求更严格JSON行为时应用这些设置。
builder.Services.ConfigureHttpJsonOptions(options =>
{
    // 禁止从JSON字符串中读取数字
    options.SerializerOptions.NumberHandling = JsonNumberHandling.Strict;
    // 反序列化时严格匹配属性大小写
    options.SerializerOptions.PropertyNameCaseInsensitive = false;
    // 反序列化时拒绝重复的JSON属性名
    options.SerializerOptions.AllowDuplicateProperties = false;
    // 序列化输出时忽略null属性
    options.SerializerOptions.DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull;
});
枚举属性——默认序列化为字符串: 除非用户明确要求整数序列化,否则所有枚举属性都应序列化为字符串。字符串序列化的枚举可读性更强,值重新排序时更稳定,并能生成更优质的OpenAPI文档。请查看步骤4中的
JsonStringEnumConverter
配置。
响应DTO——使用位置参数的密封record类型,实现简洁、不可变的输出:
csharp
/// <summary>API返回的产品信息。</summary>
public sealed record ProductResponse(
    int Id,
    string Name,
    decimal Price,
    Category Category,
    bool IsAvailable,
    DateTimeOffset CreatedAt);
请求DTO——使用带
init
属性的密封record类型,确保数据注释能正常工作:
csharp
/// <summary>创建新产品的请求负载。</summary>
public sealed record CreateProductRequest
{
    [Required, MaxLength(200)]
    public required string Name { get; init; }

    [Range(0.01, 999999.99)]
    public required decimal Price { get; init; }

    public required Category Category { get; init; }
}
Update{Entity}Request
record遵循相同模式,添加更新所需的额外属性(如
IsAvailable
)。
Minimal API验证——显式注册: MVC控制器中数据注释验证(
[Required]
[MaxLength]
[Range]
等)是自动的,但Minimal APIs需要显式启用。对于**.NET 10+**的Minimal API项目,在
Program.cs
中添加验证服务:
csharp
builder.Services.AddValidation();
这会配置一个端点过滤器,在处理程序执行前验证带有数据注释的参数,验证失败时返回
400 Bad Request
及验证问题详情响应。
参考链接:https://learn.microsoft.com/aspnet/core/fundamentals/minimal-apis?view=aspnetcore-10.0
请勿为DTO使用可变类(
{ get; set; }
)。可变DTO允许在构造后意外修改,并且失去了record类型提供的自文档化不可变性特性。

Step 3: Implement the endpoints

步骤3:实现端点

Whether using controllers or minimal APIs, follow these HTTP conventions consistently.
Organizing minimal API endpoints: For projects using minimal APIs, organize endpoints by resource using static classes with a static 
Map<Resource>
method. This pattern keeps endpoint definitions grouped by resource type, making the code more maintainable and easier to navigate as the API grows.
Pattern structure:
  1. Create one static class per resource (e.g., 
    ProductEndpoints
    , 
    CategoryEndpoints
    ).
  2. Define a static 
    Map<Resource>(this WebApplication app)
    extension method.
  3. Inside the method, call 
    MapGet
    , 
    MapPost
    , 
    MapPut
    , 
    MapDelete
    , etc. for that resource's endpoints.
  4. In 
    Program.cs
    , call each resource's 
    Map
    method in order.
Minimal API return types — prefer 
TypedResults
:
Always prefer 
TypedResults
over the 
Results
factory. 
TypedResults
embeds response type information in the method signature, giving the OpenAPI generator richer metadata automatically.
When a handler returns multiple result types (e.g., 
Ok
or 
NotFound
), annotate the lambda with an explicit 
Results<T1, T2>
return type. This lets you use 
TypedResults
while still giving the compiler a common type:
csharp
async Task<Results<Ok<ProductResponse>, NotFound>> (int id, ...) => ...
Do not use 
TypedResults.Ok(x)
and 
TypedResults.NotFound()
in a bare ternary without an explicit return type annotation. 
Ok<T>
and 
NotFound
are different types with no common base the compiler can infer, which causes 
CS1593: Delegate 'RequestDelegate' does not take N arguments
because the compiler falls back to matching 
RequestDelegate(HttpContext)
.
Fallback — 
Results
factory: If a handler has many conditional branches (7+ result types), you may use the 
Results
factory (
Results.Ok()
, 
Results.NotFound()
) which returns 
IResult
, sacrificing compile-time OpenAPI inference for simpler signatures.
Status codes:
OperationSuccessCommon errors
GET (single)
200 OK
404 Not Found
GET (list)
200 OK
POST (create)
201 Created
with 
Location
header
400 Bad Request
, 
409 Conflict
PUT (full update)
200 OK
400 Bad Request
, 
404 Not Found
PATCH (partial/action)
200 OK
400 Bad Request
, 
404 Not Found
DELETE
204 No Content
404 Not Found
, 
409 Conflict
POST 201 responses: Always return a 
Location
header pointing to the newly created resource.
  • Controllers: use 
    CreatedAtAction(nameof(GetById), new { id = ... }, response)
  • Minimal APIs: use 
    TypedResults.Created($"/api/products/{id}", response)
CancellationToken: Accept 
CancellationToken
in every endpoint signature and forward it through to all async calls (service methods, EF Core queries, 
HttpClient
calls). This allows the server to stop work when a client disconnects.
csharp
// Controller example
[HttpGet("{id}")]
public async Task<ActionResult<ProductResponse>> GetById(
    int id, CancellationToken cancellationToken)
{
    var product = await _productService.GetByIdAsync(id, cancellationToken);
    return product is null ? NotFound() : Ok(product);
}

// Minimal API example — TypedResults with explicit return type (recommended)
app.MapGet("/api/products/{id}", async Task<Results<Ok<ProductResponse>, NotFound>> (
    int id, IProductService service, CancellationToken cancellationToken) =>
{
    var product = await service.GetByIdAsync(id, cancellationToken);
    return product is null ? TypedResults.NotFound() : TypedResults.Ok(product);
});
无论使用控制器还是Minimal APIs,都要始终遵循以下HTTP约定。
Minimal API端点组织: 对于使用Minimal APIs的项目,按资源类型使用静态类及静态
Map<Resource>
方法组织端点。此模式将端点定义按资源类型分组,随着API规模增长,代码会更易于维护和导航。
模式结构:
  1. 为每个资源创建一个静态类(如
    ProductEndpoints
    CategoryEndpoints
    );
  2. 定义一个静态扩展方法
    Map<Resource>(this WebApplication app)
  3. 在方法内部,为该资源的端点调用
    MapGet
    MapPost
    MapPut
    MapDelete
    等方法;
  4. Program.cs
    中按顺序调用每个资源的
    Map
    方法。
Minimal API返回类型——优先使用
TypedResults
始终优先使用
TypedResults
而非
Results
工厂。
TypedResults
将响应类型信息嵌入方法签名,能自动为OpenAPI生成器提供更丰富的元数据。
当处理程序返回多种结果类型(如
Ok
NotFound
)时,为lambda表达式标注显式的
Results<T1, T2>
返回类型。这样可在使用
TypedResults
的同时,为编译器提供通用类型:
csharp
async Task<Results<Ok<ProductResponse>, NotFound>> (int id, ...) => ...
请勿在未标注显式返回类型的三元表达式中使用
TypedResults.Ok(x)
TypedResults.NotFound()
Ok<T>
NotFound
是不同类型,编译器无法推断出共同的基类,这会导致
CS1593: Delegate 'RequestDelegate' does not take N arguments
错误,因为编译器会回退匹配
RequestDelegate(HttpContext)
备选方案——
Results
工厂: 如果处理程序有多个条件分支(7种以上结果类型),可使用
Results
工厂(
Results.Ok()
Results.NotFound()
),它返回
IResult
类型,以牺牲编译时OpenAPI推断能力换取更简洁的签名。
状态码规范:
操作成功状态码常见错误状态码
GET(单个资源)
200 OK
404 Not Found
GET(资源列表)
200 OK
POST(创建资源)
201 Created
(带
Location
头)
400 Bad Request
, 
409 Conflict
PUT(全量更新)
200 OK
400 Bad Request
, 
404 Not Found
PATCH(部分更新/操作)
200 OK
400 Bad Request
, 
404 Not Found
DELETE(删除资源)
204 No Content
404 Not Found
, 
409 Conflict
POST 201响应: 必须返回指向新创建资源的
Location
头。
  • 控制器:使用
    CreatedAtAction(nameof(GetById), new { id = ... }, response)
  • Minimal APIs:使用
    TypedResults.Created($"/api/products/{id}", response)
CancellationToken: 在每个端点签名中接收
CancellationToken
,并将其传递给所有异步调用(服务方法、EF Core查询、
HttpClient
调用)。这样当客户端断开连接时,服务器可停止工作。
csharp
// 控制器示例
[HttpGet("{id}")]
public async Task<ActionResult<ProductResponse>> GetById(
    int id, CancellationToken cancellationToken)
{
    var product = await _productService.GetByIdAsync(id, cancellationToken);
    return product is null ? NotFound() : Ok(product);
}

// Minimal API示例——推荐使用带显式返回类型的TypedResults
app.MapGet("/api/products/{id}", async Task<Results<Ok<ProductResponse>, NotFound>> (
    int id, IProductService service, CancellationToken cancellationToken) =>
{
    var product = await service.GetByIdAsync(id, cancellationToken);
    return product is null ? TypedResults.NotFound() : TypedResults.Ok(product);
});

Step 4: Wire up OpenAPI

步骤4:配置OpenAPI

Every ASP.NET Core Web API should have OpenAPI documentation. Check whether the project already has OpenAPI configured before adding it.
For .NET 9+ projects, use the built-in ASP.NET Core OpenAPI support (
builder.Services.AddOpenApi()
+ 
app.MapOpenApi()
in development). This is all that is needed — no additional packages required.
Do NOT add any 
Swashbuckle.*
NuGet package (
Swashbuckle.AspNetCore
, 
Swashbuckle.AspNetCore.SwaggerUI
, 
Swashbuckle.AspNetCore.SwaggerGen
, etc.) to .NET 9+ projects. Swashbuckle has known compatibility issues with .NET 9+ and .NET 10 OpenAPI types. For projects targeting .NET 8 or earlier, Swashbuckle is acceptable. If the project already has Swashbuckle installed, keep it unless the user asks to remove it.
Reference: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/openapi/overview
OpenAPI metadata on endpoints: Add descriptive metadata so the generated documentation is useful, not just a list of routes. For minimal APIs, chain the metadata methods:
csharp
app.MapGet("/api/products/{id}", handler)
    .WithName("GetProductById")
    .WithSummary("Get a product by ID")
    .WithDescription("Returns the full product details including category.")
    .Produces<ProductResponse>(StatusCodes.Status200OK)
    .Produces(StatusCodes.Status404NotFound);
Enum serialization (strings by default): Configure JSON serialization so enums appear as readable strings in both API responses and OpenAPI schemas. Always add this configuration unless the user explicitly requests integer enum serialization. Configure it for both minimal APIs and controllers, as they use different option types:
csharp
// Minimal APIs
builder.Services.ConfigureHttpJsonOptions(options =>
    options.SerializerOptions.Converters.Add(new JsonStringEnumConverter()));

// Controllers / MVC
builder.Services.AddControllers()
    .AddJsonOptions(options =>
    {
        options.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter());
    });
每个ASP.NET Core Web API都应配备OpenAPI文档。在添加配置前,请检查项目是否已配置OpenAPI。
对于.NET 9+项目,使用内置的ASP.NET Core OpenAPI支持(开发环境中使用
builder.Services.AddOpenApi()
+ 
app.MapOpenApi()
)。仅需这两步即可,无需额外包。
请勿为.NET 9+项目添加任何
Swashbuckle.*
NuGet包(
Swashbuckle.AspNetCore
Swashbuckle.AspNetCore.SwaggerUI
Swashbuckle.AspNetCore.SwaggerGen
等)。Swashbuckle与.NET 9+及.NET 10的OpenAPI类型存在已知兼容性问题。对于目标框架为.NET 8或更早版本的项目,可使用Swashbuckle。如果项目已安装Swashbuckle,则保留它,除非用户要求移除。
参考链接:https://learn.microsoft.com/en-us/aspnet/core/fundamentals/openapi/overview
端点的OpenAPI元数据: 添加描述性元数据,使生成的文档更实用,而不仅仅是路由列表。对于Minimal APIs,链式调用元数据方法:
csharp
app.MapGet("/api/products/{id}", handler)
    .WithName("GetProductById")
    .WithSummary("通过ID获取产品")
    .WithDescription("返回产品的完整详情,包括分类信息。")
    .Produces<ProductResponse>(StatusCodes.Status200OK)
    .Produces(StatusCodes.Status404NotFound);
枚举序列化(默认字符串): 配置JSON序列化,使枚举在API响应和OpenAPI schema中显示为可读字符串。除非用户明确要求整数序列化,否则始终添加此配置。为Minimal APIs和控制器分别配置,因为它们使用不同的选项类型:
csharp
// Minimal APIs
builder.Services.ConfigureHttpJsonOptions(options =>
    options.SerializerOptions.Converters.Add(new JsonStringEnumConverter()));

// 控制器/MVC
builder.Services.AddControllers()
    .AddJsonOptions(options =>
    {
        options.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter());
    });

Step 5: Set up error handling

步骤5:设置错误处理

Use a global exception handler so that individual endpoints do not need try-catch blocks. Return RFC 7807 Problem Details for all error responses.
For .NET 8+ projects, prefer the built-in exception handler middleware:
csharp
builder.Services.AddProblemDetails();

app.UseExceptionHandler();
app.UseStatusCodePages();
If the project needs custom exception-to-status-code mapping (e.g., a 
NotFoundException
should return 404), implement 
IExceptionHandler
:
csharp
internal sealed class ApiExceptionHandler(ILogger<ApiExceptionHandler> logger)
    : IExceptionHandler
{
    public async ValueTask<bool> TryHandleAsync(
        HttpContext httpContext,
        Exception exception,
        CancellationToken cancellationToken)
    {
        var (statusCode, title) = exception switch
        {
            KeyNotFoundException => (StatusCodes.Status404NotFound, "Not Found"),
            ArgumentException => (StatusCodes.Status400BadRequest, "Bad Request"),
            InvalidOperationException => (StatusCodes.Status409Conflict, "Conflict"),
            _ => (0, (string?)null)
        };

        if (statusCode == 0)
            return false; // Let the default handler deal with it

        // Important: returning true below suppresses the exception diagnostics middleware
        // for this exception, so ensure it is logged/telemetrized before returning.
        logger.LogWarning(exception, "Handled API exception: {Title}", title);

        httpContext.Response.StatusCode = statusCode;
        await httpContext.Response.WriteAsJsonAsync(new ProblemDetails
        {
            Status = statusCode,
            Title = title,
            // Do not use exception.Message here — it may leak sensitive internal details.
            // Use a safe, user-facing message instead.
            Detail = title,
            Instance = httpContext.Request.Path
        }, cancellationToken);

        return true;
    }
}
Register it:
csharp
builder.Services.AddExceptionHandler<ApiExceptionHandler>();
builder.Services.AddProblemDetails();

app.UseExceptionHandler();
File placement: Always place exception handler classes in a 
Middleware/
folder to maintain consistent project organization. Do not place them at the project root.
使用全局异常处理程序,这样单个端点无需编写try-catch块。所有错误响应均返回RFC 7807问题详情格式。
对于.NET 8+项目,优先使用内置的异常处理中间件:
csharp
builder.Services.AddProblemDetails();

app.UseExceptionHandler();
app.UseStatusCodePages();
如果项目需要自定义异常到状态码的映射(例如
NotFoundException
应返回404),请实现
IExceptionHandler
csharp
internal sealed class ApiExceptionHandler(ILogger<ApiExceptionHandler> logger)
    : IExceptionHandler
{
    public async ValueTask<bool> TryHandleAsync(
        HttpContext httpContext,
        Exception exception,
        CancellationToken cancellationToken)
    {
        var (statusCode, title) = exception switch
        {
            KeyNotFoundException => (StatusCodes.Status404NotFound, "未找到资源"),
            ArgumentException => (StatusCodes.Status400BadRequest, "请求参数错误"),
            InvalidOperationException => (StatusCodes.Status409Conflict, "资源冲突"),
            _ => (0, (string?)null)
        };

        if (statusCode == 0)
            return false; // 交由默认处理程序处理

        // 重要:返回true会抑制此异常的诊断中间件,因此在返回前确保已记录日志/遥测数据。
        logger.LogWarning(exception, "已处理API异常:{Title}", title);

        httpContext.Response.StatusCode = statusCode;
        await httpContext.Response.WriteAsJsonAsync(new ProblemDetails
        {
            Status = statusCode,
            Title = title,
            // 请勿使用exception.Message——它可能泄露敏感内部信息。
            // 请使用安全的、面向用户的消息替代。
            Detail = title,
            Instance = httpContext.Request.Path
        }, cancellationToken);

        return true;
    }
}
注册该处理程序:
csharp
builder.Services.AddExceptionHandler<ApiExceptionHandler>();
builder.Services.AddProblemDetails();

app.UseExceptionHandler();
文件放置: 始终将异常处理程序类放在
Middleware/
文件夹中,以保持一致的项目结构。请勿将其放在项目根目录。

Step 6: Use a service layer

步骤6:使用服务层

Do not inject data stores directly into controllers or endpoint handlers. Create a service interface and a sealed implementation class that owns the data access logic and mapping between entities and request/response types.
Always define an interface for every service — this enables unit testing with mocks and follows the Dependency Inversion Principle:
csharp
// Services/IProductService.cs
public interface IProductService
{
    Task<IReadOnlyList<ProductResponse>> GetAllAsync(CancellationToken ct);
    Task<ProductResponse?> GetByIdAsync(int id, CancellationToken ct);
    Task<ProductResponse> CreateAsync(CreateProductRequest request, CancellationToken ct);
}

// Services/ProductService.cs
public sealed class ProductService(...) : IProductService
{
    // Data access logic, entity-to-DTO mapping
}
Register with the interface, not the concrete type:
csharp
// In Program.cs
builder.Services.AddScoped<IProductService, ProductService>();
For EF Core data access patterns (migrations, Fluent API configuration, 
AsNoTracking
, seed data), see the 
optimizing-ef-core-queries
skill.
请勿将数据存储直接注入控制器或端点处理程序。创建服务接口和密封实现类,由其负责数据访问逻辑以及实体与请求/响应类型之间的映射。
始终为每个服务定义接口——这支持使用模拟对象进行单元测试,并遵循依赖倒置原则:
csharp
// Services/IProductService.cs
public interface IProductService
{
    Task<IReadOnlyList<ProductResponse>> GetAllAsync(CancellationToken ct);
    Task<ProductResponse?> GetByIdAsync(int id, CancellationToken ct);
    Task<ProductResponse> CreateAsync(CreateProductRequest request, CancellationToken ct);
}

// Services/ProductService.cs
public sealed class ProductService(...) : IProductService
{
    // 数据访问逻辑、实体到DTO的映射
}
按接口注册,而非具体类型:
csharp
// 在Program.cs中
builder.Services.AddScoped<IProductService, ProductService>();
关于EF Core数据访问模式(迁移、Fluent API配置、
AsNoTracking
、种子数据),请查看
optimizing-ef-core-queries
技能。

Step 7: Create a .http test file

步骤7:创建.http测试文件

After implementing endpoints, create a 
.http
file in the project root that demonstrates how to call every new endpoint. This serves as living documentation and a quick manual test harness.
http
@baseUrl = http://localhost:5000
实现端点后,在项目根目录创建一个
.http
文件,演示如何调用每个新端点。这可作为活文档和快速手动测试工具。
http
@baseUrl = http://localhost:5000

Get all products

获取所有产品

GET {{baseUrl}}/api/products
GET {{baseUrl}}/api/products

Get product by ID

通过ID获取产品

GET {{baseUrl}}/api/products/1
GET {{baseUrl}}/api/products/1

Create a product

创建产品

POST {{baseUrl}}/api/products Content-Type: application/json
{ "name": "Wireless Mouse", "price": 29.99, "category": "Electronics" }
POST {{baseUrl}}/api/products Content-Type: application/json
{ "name": "无线鼠标", "price": 29.99, "category": "Electronics" }

Delete a product

删除产品

DELETE {{baseUrl}}/api/products/1

Include at least one request per endpoint with realistic bodies. Show error
paths (e.g., non-existent IDs). Match the port to `launchSettings.json`.
DELETE {{baseUrl}}/api/products/1

为每个端点至少包含一个带有真实请求体的请求。展示错误路径(例如不存在的ID)。端口号请与`launchSettings.json`匹配。

Step 8: Build and verify

步骤8:构建与验证

  1. Run 
    dotnet build
    — confirm zero errors and zero warnings.
  2. Start the app and verify the OpenAPI document loads (default: 
    /openapi/v1.json
    ).
  3. Run the requests in the 
    .http
    file and confirm correct status codes.
  1. 运行
    dotnet build
    ——确认零错误、零警告;
  2. 启动应用,验证OpenAPI文档可正常加载(默认地址:
    /openapi/v1.json
    );
  3. 运行
    .http
    文件中的请求,确认返回正确的状态码。

Validation

验证清单

  • All endpoints return correct HTTP status codes per the table in Step 3
  • POST endpoints return 
    201 Created
    with a 
    Location
    header
  • DELETE endpoints return 
    204 No Content
  • Every endpoint signature includes 
    CancellationToken
  • CancellationToken
    is forwarded to all downstream async calls
  • OpenAPI document is generated and includes all new endpoints
  • Endpoints have summary/description metadata for OpenAPI
  • Enum values appear as strings in JSON responses and OpenAPI schemas (unless user explicitly requested integer serialization)
  • Error responses use RFC 7807 Problem Details format
  • Domain entities are not exposed directly in API request/response bodies
  • All API-exposed DTOs have 
    <summary>
    XML doc comments
  • Date and time properties use 
    DateTimeOffset
    , not 
    DateTime
  • A 
    .http
    file exists with a request for every new endpoint
  • dotnet build
    passes with zero errors and zero warnings
  • All DTOs are 
    sealed record
    types (not mutable classes)
  • Minimal API handlers use 
    TypedResults
    with explicit 
    Results<T1, T2>
    return types
  • Every service has a corresponding interface registered in DI
  • Exception handlers are placed in the 
    Middleware/
    folder
  • 所有端点均返回步骤3表格中规定的正确HTTP状态码
  • POST端点返回
    201 Created
    并带有
    Location
  • DELETE端点返回
    204 No Content
  • 每个端点签名均包含
    CancellationToken
  • CancellationToken
    已传递给所有下游异步调用
  • 已生成OpenAPI文档,且包含所有新端点
  • 端点为OpenAPI添加了摘要/描述元数据
  • 枚举值在JSON响应和OpenAPI schema中显示为字符串(除非用户明确要求整数序列化)
  • 错误响应使用RFC 7807问题详情格式
  • 领域实体未直接暴露在API请求/响应体中
  • 所有API暴露的DTO都带有
    <summary>
    XML文档注释
  • 日期时间属性使用
    DateTimeOffset
    而非
    DateTime
  • 存在
    .http
    文件,且包含每个新端点的请求示例
  • dotnet build
    执行通过,零错误、零警告
  • 所有DTO均为
    sealed record
    类型(而非可变类)
  • Minimal API处理程序使用带显式
    Results<T1, T2>
    返回类型的
    TypedResults
  • 每个服务都有对应的接口,并已注册到依赖注入容器
  • 异常处理程序放置在
    Middleware/
    文件夹中

Common Pitfalls

常见陷阱与解决方案

PitfallSolution
Exposing domain entities as API responsesCreate separate 
sealed record
request/response types. Entities leak navigation properties and internal fields.
Forgetting 
CancellationToken
Add to every endpoint and forward through the entire async call chain.
Returning 
200 OK
from POST create		Return 
201 Created
with a 
Location
header.
Missing OpenAPI metadataChain 
.WithName()
, 
.WithSummary()
, 
.WithDescription()
, 
.Produces<T>()
on every endpoint.
Injecting data stores directly into endpointsUse a service layer with an interface for separation and testability.
Mixing controller and minimal API stylesPick one per project and be consistent.
TypedResults
in ternary without explicit return type
Ok<T>
and 
NotFound
have no common base — annotate with 
Task<Results<Ok<T>, NotFound>>
or fall back to 
Results
factory.
Using mutable classes for DTOsUse 
sealed record
with positional syntax (responses) or 
init
properties (requests).
Registering services without interfacesDefine 
IService
and register with 
AddScoped<IService, Service>()
.
Adding any 
Swashbuckle.*
package to new .NET 9+ projects		Use built-in 
AddOpenApi()
+ 
MapOpenApi()
. Do not add 
Swashbuckle.AspNetCore
, 
Swashbuckle.AspNetCore.SwaggerUI
, or any other Swashbuckle package.
Missing XML doc comments on DTOsAdd 
<summary>
XML doc comments to every request and response type. These flow into the generated OpenAPI spec automatically.
Using 
DateTime
for date/time properties		Use 
DateTimeOffset
instead — it preserves UTC offset, avoids timezone ambiguity, and serializes correctly in JSON.
Serializing enums as integersConfigure 
JsonStringEnumConverter
so enums serialize as strings by default. Only use integer serialization if the user explicitly requests it.
陷阱解决方案
将领域实体作为API响应暴露创建独立的
sealed record
请求/响应类型。实体会泄露导航属性和内部字段。
遗漏
CancellationToken
为每个端点添加该参数,并传递给整个异步调用链。
POST创建操作返回
200 OK
返回
201 Created
并带有
Location
头。
缺少OpenAPI元数据为每个端点链式调用
.WithName()
.WithSummary()
.WithDescription()
.Produces<T>()
方法。
将数据存储直接注入端点使用带接口的服务层,实现解耦与可测试性。
混合控制器与Minimal API风格每个项目选择一种风格并保持一致。
未标注显式返回类型的三元表达式中使用
TypedResults
Ok<T>
NotFound
无共同基类——标注
Task<Results<Ok<T>, NotFound>>
或改用
Results
工厂。
为DTO使用可变类使用带位置语法的
sealed record
(响应)或带
init
属性的
sealed record
(请求)。
注册服务时未使用接口定义
IService
并按
AddScoped<IService, Service>()
注册。
为.NET 9+新项目添加
Swashbuckle.*
使用内置的
AddOpenApi()
+ 
MapOpenApi()
。请勿添加
Swashbuckle.AspNetCore
Swashbuckle.AspNetCore.SwaggerUI
或其他Swashbuckle包。
DTO缺少XML文档注释为每个请求和响应类型添加
<summary>
XML文档注释。这些注释会自动流入生成的OpenAPI规范。
为日期时间属性使用
DateTime
使用
DateTimeOffset
替代——它保留UTC偏移量,避免时区歧义,并能正确序列化为JSON。
将枚举序列化为整数默认配置
JsonStringEnumConverter
使枚举序列化为字符串。仅当用户明确要求时才使用整数序列化。

More Info

更多参考