Md Mominul Islam | Software and Data Enginnering | SQL Server, .NET, Power BI, Azure Blog

Mominul's Blog

while(!(succeed=try()));

LinkedIn Portfolio Banner

    • Latest

    Home Top Ad

    Responsive Ads Here

    Post Top Ad

    Responsive Ads Here

    Tuesday, September 2, 2025

    Home asp-net-core-6 asp-net-core-configuration asp-net-core-guide c-sharp-tutorial dotnet-core program-cs program-cs-setup software-architecture startup-cs startup-cs-migration Web-Development A Guide to the Program.cs and Startup.cs Class in ASP.NET Core 6+

    A Guide to the Program.cs and Startup.cs Class in ASP.NET Core 6+

     

    Introduction: Why Program.cs and Startup.cs Are Central to ASP.NET Core

    Imagine you’re building a customer management API for a startup, needing to configure services, middleware, and hosting for a scalable, secure app. In ASP.NET Core, Program.cs (and Startup.cs in pre-6 versions) is where this magic happens. ASP.NET Core 6+ streamlines configuration into Program.cs, while Startup.cs was the standard in earlier versions. This guide covers both, from basics to advanced setups, using a real-world customer API example. With interactive “Try It Yourself” challenges, code examples, pros/cons, alternatives, and best practices aligned with Microsoft and OWASP standards, you’ll master these files. Let’s dive in with ASP.NET Core 8.0 (latest as of September 2, 2025) using Visual Studio or VS Code!

    Prerequisites

    • ASP.NET Core SDK (8.0 or later).
    • Visual Studio or VS Code.
    • Basic C# knowledge.
    • Optional: ASP.NET Core 5 or earlier knowledge for Startup.cs.

    Topic 1: Understanding Program.cs and Startup.cs

    What Are They?

    • Program.cs: The app’s entry point in ASP.NET Core 6+, handling host setup, service registration, and middleware configuration using a minimal hosting model.
    • Startup.cs: Used in ASP.NET Core 5 and earlier to separate service (ConfigureServices) and middleware (Configure) configuration.

    Evolution in ASP.NET Core 6+

    Pre-6, Program.cs set up the host, and Startup.cs handled services and middleware. ASP.NET Core 6+ merges these into Program.cs, reducing boilerplate with top-level statements.

    Real-Life Scenario

    For a customer API, Program.cs configures dependency injection (DI) for a CustomerService, sets up a database, and adds authentication middleware. In older projects, you’d split this between Program.cs and Startup.cs.

    Why It Matters

    • Program.cs: Simplifies setup, reduces files, modern syntax.
    • Startup.cs: Explicit, familiar to legacy .NET devs, but verbose.

    Pros and Cons

    • Pros (Program.cs): Minimal code, single file, supports top-level statements.
    • Cons (Program.cs): Less structured for large apps; new syntax may confuse legacy devs.
    • Pros (Startup.cs): Clear separation of concerns; suits complex setups.
    • Cons (Startup.cs): More files, more boilerplate.
    • Alternatives: Third-party hosting frameworks (e.g., Autofac hosting; Pros: Advanced features; Cons: Adds dependencies).

    Best Practices

    • Use Program.cs for new ASP.NET Core 6+ projects.
    • Follow Microsoft’s minimal hosting model.
    • Standard: OWASP A05:2021 for secure configuration.

    Try It Yourself: Create a new ASP.NET Core Web API (dotnet new webapi) and open Program.cs. Notice its streamlined structure compared to older templates.

    Topic 2: Exploring Program.cs in ASP.NET Core 6+

    Let’s build a customer management API to understand Program.cs.

    Structure of Program.cs

    • Create Builder: WebApplication.CreateBuilder initializes the host and configuration.
    • Configure Services: builder.Services registers DI services.
    • Build App: builder.Build() creates the WebApplication.
    • Configure Middleware: app.Use* methods set up the request pipeline.
    • Run App: app.Run() starts the server.

    Example Code: Basic Program.cs

    csharp
    // Program.cs
    var builder = WebApplication.CreateBuilder(args);
    // Add services
    builder.Services.AddControllers();
    builder.Services.AddScoped<ICustomerService, CustomerService>();
    builder.Services.AddLogging(logging => logging.AddConsole());
    // Build app
    var app = builder.Build();
    // Configure pipeline
    app.UseHttpsRedirection();
    app.UseAuthorization();
    app.MapControllers();
    app.Run();
    // ICustomerService.cs
    public interface ICustomerService
    {
    Task<List<string>> GetCustomersAsync();
    }
    // CustomerService.cs
    public class CustomerService : ICustomerService
    {
    public async Task<List<string>> GetCustomersAsync()
    {
    return await Task.FromResult(new List<string> { "Customer 1", "Customer 2" });
    }
    }
    // CustomersController.cs
    [ApiController]
    [Route("api/[controller]")]
    public class CustomersController : ControllerBase
    {
    private readonly ICustomerService _customerService;
    public CustomersController(ICustomerService customerService)
    {
    _customerService = customerService;
    }
    [HttpGet]
    public async Task<IActionResult> Get()
    {
    var customers = await _customerService.GetCustomersAsync();
    return Ok(customers);
    }
    }

    Explanation

    • Builder: Sets up hosting, configuration, and DI.
    • Services: Registers MVC and custom services.
    • Middleware: Secures and routes requests.
    • Run: Launches the app.

    Real-Life Scenario

    In a startup’s customer API, this setup enabled rapid DI and middleware configuration, meeting a tight launch deadline.

    Pros and Cons

    • Pros: Concise, modern, DI-ready.
    • Cons: Can get cluttered in large apps.

    Best Practices

    • Keep Program.cs lean; use extension methods for complex logic.
    • Use environment-specific configs (e.g., appsettings.Development.json).
    • Standard: Microsoft minimal hosting guidelines.

    Try It Yourself: Run the app (dotnet run), hit GET /api/customers, and verify the output. Add a new service (e.g., ILogger) and log a message.

    Topic 3: Diving into Startup.cs in ASP.NET Core 5 and Earlier

    For context, let’s explore Startup.cs in pre-6 versions.

    Structure of Startup.cs

    • ConfigureServices: Registers DI services.
    • Configure: Defines the middleware pipeline.

    Example Code: Startup.cs

    csharp
    // Startup.cs (ASP.NET Core 5)
    public class Startup
    {
    public IConfiguration Configuration { get; }
    public Startup(IConfiguration configuration)
    {
    Configuration = configuration;
    }
    public void ConfigureServices(IServiceCollection services)
    {
    services.AddControllers();
    services.AddScoped<ICustomerService, CustomerService>();
    services.AddLogging(logging => logging.AddConsole());
    }
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
    if (env.IsDevelopment())
    {
    app.UseDeveloperExceptionPage();
    }
    app.UseHttpsRedirection();
    app.UseRouting();
    app.UseAuthorization();
    app.UseEndpoints(endpoints => endpoints.MapControllers());
    }
    }
    // Program.cs (ASP.NET Core 5)
    public class Program
    {
    public static void Main(string[] args)
    {
    CreateHostBuilder(args).Build().Run();
    }
    public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
    .ConfigureWebHostDefaults(webBuilder =>
    {
    webBuilder.UseStartup<Startup>();
    });
    }
    // ICustomerService.cs, CustomerService.cs, CustomersController.cs (same as above)

    Explanation

    • ConfigureServices: Adds controllers and custom services to DI.
    • Configure: Sets up middleware, with environment-specific logic.
    • Program.cs: Initializes the host and links to Startup.cs.

    Real-Life Scenario

    In a legacy CRM app on ASP.NET Core 3.1, Startup.cs separated concerns, making it easier for a large team to manage configurations.

    Pros and Cons

    • Pros: Clear structure, familiar to .NET Framework devs.
    • Cons: More files, verbose boilerplate.

    Best Practices

    • Use Startup.cs for maintaining pre-6 projects.
    • Modularize with extension methods for clarity.
    • Standard: Microsoft hosting guidelines (pre-6).

    Try It Yourself: If you have ASP.NET Core 5, create a project (dotnet new webapi -f net5.0) and compare Startup.cs to the 6+ Program.cs.

    Topic 4: Migrating from Startup.cs to Program.cs

    Upgrading to ASP.NET Core 6+ requires moving Startup.cs logic to Program.cs.

    Migration Steps

    1. Move Services: Transfer ConfigureServices to builder.Services.
    2. Move Middleware: Transfer Configure to app methods.
    3. Remove Startup: Update Program.cs to use WebApplication.

    Example Code: Migrated Program.cs

    csharp
    // Program.cs (migrated from Startup.cs)
    var builder = WebApplication.CreateBuilder(args);
    // From ConfigureServices
    builder.Services.AddControllers();
    builder.Services.AddScoped<ICustomerService, CustomerService>();
    builder.Services.AddLogging(logging => logging.AddConsole());
    // Build app
    var app = builder.Build();
    // From Configure
    if (app.Environment.IsDevelopment())
    {
    app.UseDeveloperExceptionPage();
    }
    app.UseHttpsRedirection();
    app.UseRouting();
    app.UseAuthorization();
    app.MapControllers();
    app.Run();

    Real-Life Scenario

    A team upgrading a customer portal from ASP.NET Core 3.1 to 6.0 consolidated Startup.cs into Program.cs, reducing maintenance and aligning with modern .NET.

    Pros and Cons

    • Pros: Simplifies codebase, modernizes app.
    • Cons: Requires learning new syntax; needs testing.

    Best Practices

    • Test migrations with integration tests.
    • Use dotnet migrate for large projects.
    • Standard: Microsoft migration guidelines.

    Try It Yourself: Migrate the Startup.cs example to Program.cs and verify identical behavior.

    Topic 5: Intermediate Setup - Adding EF Core and Authentication

    Enhance the customer API with Entity Framework Core (EF Core) and JWT authentication in Program.cs.

    Example Code: Program.cs with EF Core and JWT

    csharp
    // Customer.cs
    public class Customer
    {
    public int Id { get; set; }
    public string Name { get; set; }
    }
    // CustomerDbContext.cs
    public class CustomerDbContext : DbContext
    {
    public DbSet<Customer> Customers { get; set; }
    public CustomerDbContext(DbContextOptions<CustomerDbContext> options) : base(options) { }
    }
    // ICustomerService.cs
    public interface ICustomerService
    {
    Task<List<Customer>> GetCustomersAsync();
    }
    // CustomerService.cs
    public class CustomerService : ICustomerService
    {
    private readonly CustomerDbContext _context;
    public CustomerService(CustomerDbContext context)
    {
    _context = context;
    }
    public async Task<List<Customer>> GetCustomersAsync()
    {
    return await _context.Customers.ToListAsync();
    }
    }
    // Program.cs
    using Microsoft.EntityFrameworkCore;
    using Microsoft.AspNetCore.Authentication.JwtBearer;
    using Microsoft.IdentityModel.Tokens;
    using System.Text;
    var builder = WebApplication.CreateBuilder(args);
    // Add services
    builder.Services.AddControllers();
    builder.Services.AddDbContext<CustomerDbContext>(options =>
    options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
    builder.Services.AddScoped<ICustomerService, CustomerService>();
    builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
    options.TokenValidationParameters = new TokenValidationParameters
    {
    ValidateIssuer = true,
    ValidateAudience = true,
    ValidateLifetime = true,
    ValidateIssuerSigningKey = true,
    ValidIssuer = "your-issuer",
    ValidAudience = "your-audience",
    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-secret-key"))
    };
    });
    // Build app
    var app = builder.Build();
    // Configure pipeline
    if (app.Environment.IsDevelopment())
    {
    app.UseDeveloperExceptionPage();
    }
    app.UseHttpsRedirection();
    app.UseAuthentication();
    app.UseAuthorization();
    app.MapControllers();
    app.Run();
    // appsettings.json
    {
    "ConnectionStrings": {
    "DefaultConnection": "Server=localhost;Database=CustomersDb;User Id=sa;Password=StrongPass123;TrustServerCertificate=True;"
    }
    }

    Setup Notes

    • Install packages: dotnet add package Microsoft.EntityFrameworkCore.SqlServer, dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer.
    • Run migrations: dotnet ef migrations add InitialCreate, dotnet ef database update.
    • Secure JWT key in environment variables for production.

    Real-Life Scenario

    In a CRM app, this setup enabled secure customer data access with JWT and EF Core, ensuring scalability and security for a growing user base.

    Pros and Cons

    • Pros: Integrates DI, DB, and security seamlessly.
    • Cons: Program.cs can grow large without modularization.

    Best Practices

    • Use AddScoped for DbContext.
    • Store JWT secrets securely (e.g., environment variables).
    • Standard: Microsoft EF Core and authentication guidelines.

    Try It Yourself: Set up SQL Server, apply migrations, add a JWT token, and secure the API. Test GET /api/customers.

    Topic 6: Advanced Setup - Modularizing Program.cs

    For large apps, modularize Program.cs with extension methods to improve readability.

    Example Code: Modularized Program.cs

    csharp
    // ServiceCollectionExtensions.cs
    public static class ServiceCollectionExtensions
    {
    public static IServiceCollection AddAppServices(this IServiceCollection services, IConfiguration configuration)
    {
    services.AddControllers();
    services.AddDbContext<CustomerDbContext>(options =>
    options.UseSqlServer(configuration.GetConnectionString("DefaultConnection")));
    services.AddScoped<ICustomerService, CustomerService>();
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
    options.TokenValidationParameters = new TokenValidationParameters
    {
    ValidateIssuer = true,
    ValidateAudience = true,
    ValidateLifetime = true,
    ValidateIssuerSigningKey = true,
    ValidIssuer = "your-issuer",
    ValidAudience = "your-audience",
    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-secret-key"))
    };
    });
    return services;
    }
    }
    // WebApplicationExtensions.cs
    public static class WebApplicationExtensions
    {
    public static WebApplication ConfigurePipeline(this WebApplication app)
    {
    if (app.Environment.IsDevelopment())
    {
    app.UseDeveloperExceptionPage();
    }
    app.UseHttpsRedirection();
    app.UseAuthentication();
    app.UseAuthorization();
    app.MapControllers();
    return app;
    }
    }
    // Program.cs
    using Microsoft.AspNetCore.Authentication.JwtBearer;
    var builder = WebApplication.CreateBuilder(args);
    // Add services
    builder.Services.AddAppServices(builder.Configuration);
    // Build and configure
    var app = builder.Build().ConfigurePipeline();
    app.Run();

    Real嘉宾

    Real-Life Scenario In a SaaS customer platform, modularizing Program.cs improved team collaboration and maintainability for complex configurations.

    Pros and Cons

    • Pros: Cleaner, reusable, testable code.
    • Cons: Adds files, slight setup overhead.

    Best Practices

    • Group related configurations in extensions.
    • Ensure extensions are focused and testable.
    • Standard: Microsoft modular configuration guidelines.

    Try It Yourself: Refactor the EF Core example into extensions, run the app, and verify identical behavior.

    Topic 7: Best Practices, Standards, and Alternatives

    Best Practices

    • Keep Program.cs Lean: Use extensions for large apps.
    • Secure Configurations: Store secrets in environment variables or Azure Key Vault.
    • Environment Awareness: Use IWebHostEnvironment for environment-specific logic.
    • Validate Setup: Log service registrations in dev.

    Standards

    • Microsoft hosting model guidelines.
    • OWASP A05:2021 for secure configuration.

    Alternatives

    • Startup.cs (Pre-6): For legacy maintenance (Pros: Familiar; Cons: Verbose).
    • Third-Party Hosts: E.g., Autofac hosting (Pros: Advanced features; Cons: Dependencies).

    Pros and Cons of Program.cs

    • Pros: Minimal, modern, streamlined.
    • Cons: Can feel cramped without modularization.

    Conclusion: Mastering Program.cs and Startup.cs for ASP.NET Core

    You’ve built a customer API, explored Program.cs and Startup.cs, and learned to modularize for scalability. These skills will make your ASP.NET Core apps robust and maintainable. Experiment with the code, try modularization, and share your experiences in the comments. What’s your next ASP.NET Core project?

    Tags
    Share This
    Author Image

    About Md Mominul Islam

    By at
    Category: , , , , , , , , , ,

    No comments:

    Post a Comment

    Thanks for your valuable comment...........
    Md. Mominul Islam

    Subscribe to: Post Comments (Atom)

    Post Bottom Ad

    Responsive Ads Here

    Author Details

    Md Mominul Islam S/W Development Lead | Project Mgmt | DBA | Data Engineering Microsoft-certified professional with 16+ years experience delivering 40+ enterprise solutions across diverse industries.