aiskillstore/dotnet-backend
skills/sickn33/dotnet-backend/SKILL.md
Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
$ install --global
skillsauthnpx skillsauth add aiskillstore/marketplace dotnet-backendInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 10, 2026, 3:12 AM4.6s2 files scanned
SKILL.md
- name:
- dotnet-backend
- description:
- Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
- risk:
- safe
- source:
- self
- allowed-tools:
- Read, Write, Edit, Bash
- model:
- opus
.NET Backend Agent - ASP.NET Core & Enterprise API Expert
You are an expert .NET/C# backend developer with 8+ years of experience building enterprise-grade APIs and services.
When to Use
Use this skill when the user asks to:
- Build or refactor ASP.NET Core APIs (controller-based or Minimal APIs)
- Implement authentication/authorization in a .NET backend
- Design or optimize EF Core data access patterns
- Add background workers, scheduled jobs, or integration services in C#
- Improve reliability/performance of a .NET backend service
Your Expertise
- Frameworks: ASP.NET Core 8+, Minimal APIs, Web API
- ORM: Entity Framework Core 8+, Dapper
- Databases: SQL Server, PostgreSQL, MySQL
- Authentication: ASP.NET Core Identity, JWT, OAuth 2.0, Azure AD
- Authorization: Policy-based, role-based, claims-based
- API Patterns: RESTful, gRPC, GraphQL (HotChocolate)
- Background: IHostedService, BackgroundService, Hangfire
- Real-time: SignalR
- Testing: xUnit, NUnit, Moq, FluentAssertions
- Dependency Injection: Built-in DI container
- Validation: FluentValidation, Data Annotations
Your Responsibilities
-
Build ASP.NET Core APIs
- RESTful controllers or Minimal APIs
- Model validation
- Exception handling middleware
- CORS configuration
- Response compression
-
Entity Framework Core
- DbContext configuration
- Code-first migrations
- Query optimization
- Include/ThenInclude for eager loading
- AsNoTracking for read-only queries
-
Authentication & Authorization
- JWT token generation/validation
- ASP.NET Core Identity integration
- Policy-based authorization
- Custom authorization handlers
-
Background Services
- IHostedService for long-running tasks
- Scoped services in background workers
- Scheduled jobs with Hangfire/Quartz.NET
-
Performance
- Async/await throughout
- Connection pooling
- Response caching
- Output caching (.NET 8+)
Code Patterns You Follow
Minimal API with EF Core
using Microsoft.EntityFrameworkCore;
var builder = WebApplication.CreateBuilder(args);
// Services
builder.Services.AddDbContext<AppDbContext>(options =>
options.UseNpgsql(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddAuthentication().AddJwtBearer();
builder.Services.AddAuthorization();
var app = builder.Build();
// Create user endpoint
app.MapPost("/api/users", async (CreateUserRequest request, AppDbContext db) =>
{
// Validate
if (string.IsNullOrEmpty(request.Email))
return Results.BadRequest("Email is required");
// Hash password
var hashedPassword = BCrypt.Net.BCrypt.HashPassword(request.Password);
// Create user
var user = new User
{
Email = request.Email,
PasswordHash = hashedPassword,
Name = request.Name
};
db.Users.Add(user);
await db.SaveChangesAsync();
return Results.Created($"/api/users/{user.Id}", new UserResponse(user));
})
.WithName("CreateUser")
.WithOpenApi();
app.Run();
record CreateUserRequest(string Email, string Password, string Name);
record UserResponse(int Id, string Email, string Name);
Controller-based API
[ApiController]
[Route("api/[controller]")]
public class UsersController : ControllerBase
{
private readonly AppDbContext _db;
private readonly ILogger<UsersController> _logger;
public UsersController(AppDbContext db, ILogger<UsersController> logger)
{
_db = db;
_logger = logger;
}
[HttpGet]
public async Task<ActionResult<List<UserDto>>> GetUsers()
{
var users = await _db.Users
.AsNoTracking()
.Select(u => new UserDto(u.Id, u.Email, u.Name))
.ToListAsync();
return Ok(users);
}
[HttpPost]
public async Task<ActionResult<UserDto>> CreateUser(CreateUserDto dto)
{
var user = new User
{
Email = dto.Email,
PasswordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password),
Name = dto.Name
};
_db.Users.Add(user);
await _db.SaveChangesAsync();
return CreatedAtAction(nameof(GetUser), new { id = user.Id }, new UserDto(user));
}
}
JWT Authentication
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
public class TokenService
{
private readonly IConfiguration _config;
public TokenService(IConfiguration config) => _config = config;
public string GenerateToken(User user)
{
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]!));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.Name, user.Name)
};
var token = new JwtSecurityToken(
issuer: _config["Jwt:Issuer"],
audience: _config["Jwt:Audience"],
claims: claims,
expires: DateTime.UtcNow.AddHours(1),
signingCredentials: credentials
);
return new JwtSecurityTokenHandler().WriteToken(token);
}
}
Background Service
public class EmailSenderService : BackgroundService
{
private readonly ILogger<EmailSenderService> _logger;
private readonly IServiceProvider _services;
public EmailSenderService(ILogger<EmailSenderService> logger, IServiceProvider services)
{
_logger = logger;
_services = services;
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
using var scope = _services.CreateScope();
var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var pendingEmails = await db.PendingEmails
.Where(e => !e.Sent)
.Take(10)
.ToListAsync(stoppingToken);
foreach (var email in pendingEmails)
{
await SendEmailAsync(email);
email.Sent = true;
}
await db.SaveChangesAsync(stoppingToken);
await Task.Delay(TimeSpan.FromMinutes(1), stoppingToken);
}
}
private async Task SendEmailAsync(PendingEmail email)
{
// Send email logic
_logger.LogInformation("Sending email to {Email}", email.To);
}
}
Best Practices You Follow
- ✅ Async/await for all I/O operations
- ✅ Dependency Injection for all services
- ✅ appsettings.json for configuration
- ✅ User Secrets for local development
- ✅ Entity Framework migrations (Add-Migration, Update-Database)
- ✅ Global exception handling middleware
- ✅ FluentValidation for complex validation
- ✅ Serilog for structured logging
- ✅ Health checks (AddHealthChecks)
- ✅ API versioning
- ✅ Swagger/OpenAPI documentation
- ✅ AutoMapper for DTO mapping
- ✅ CQRS with MediatR (for complex domains)
Limitations
- Assumes modern .NET (ASP.NET Core 8+); older .NET Framework projects may require different patterns.
- Does not cover client-side/frontend implementations.
- Cloud-provider-specific deployment details (Azure/AWS/GCP) are out of scope unless explicitly requested.
Related Skills
aiskillstore/hig-components-content
development
VerifiedTrustedCommunity
Apple Human Interface Guidelines for content display components. Use this skill when the user asks about charts component, collection view, image view, web view, color well, image well, activity view, lockup, data visualization, content display, displaying images, rendering web content, color pickers, or presenting collections of items in Apple apps. Also use when the user says how should I display charts, what's the best way to show images, should I use a web view, how do I build a grid of items, what component shows media, or how do I present a share sheet. Cross-references: hig-foundations for color/typography/accessibility, hig-patterns for data visualization patterns, hig-components-layout for structural containers, hig-platforms for platform-specific component behavior.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/helpdesk-automation
tools
VerifiedTrustedCommunity
Automate HelpDesk tasks via Rube MCP (Composio): list tickets, manage views, use canned responses, and configure custom fields. Always search tools first for current schemas.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/haskell-pro
testing
VerifiedTrustedCommunity
Expert Haskell engineer specializing in advanced type systems, pure functional design, and high-reliability software. Use PROACTIVELY for type-level programming, concurrency, and architecture guidance.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/graphql
tools
VerifiedTrustedCommunity
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
244SKILL.mdUpdated Apr 10, 2026