Best Practices in Architecture and .NET Development

Best practices represent proven methods and approaches that have established themselves in professional software development. They embody the collective knowledge of the developer community and help create high-quality, maintainable, and performant code.

In the .NET Ecosystem

This collection covers best practices across various areas including code quality with Clean Code and SOLID principles, architecture with design patterns and scalable solutions, testing strategies like TDD and quality assurance, DevOps practices with CI/CD pipelines and Azure DevOps automation, performance optimization techniques, and security-by-design approaches.

Best practices are not rigid rules but context-dependent guidelines that evolve with technology and should be critically evaluated.

Your Incident Response Plan Is a Lie. Here's How to Fix It.

Your Incident Response Plan Is a Lie. Here's How to Fix It.

That incident response plan in your Confluence? Nobody reads it. The on-call engineer can’t find it. And when your production API is bleeding at 3 AM, you’ll improvise—badly. ISO 27001 A.16 doesn’t care about your documentation theater. It demands procedures that work. GitHub Actions turns incident response from compliance fiction into executable reality.
Stop Hoarding Personal Data in Entity Framework

Stop Hoarding Personal Data in Entity Framework

The classic monolithic User entity—stuffed with birth dates, phone numbers, employment history, and marital status “just in case”—turns into a compliance nightmare the moment someone requests data deletion. You can’t delete without breaking referential integrity. You can’t keep the data without violating GDPR. You can’t anonymize without retaining fields that should never have existed. The solution isn’t complex: separate operational data from personal data, make consent-based fields nullable and purpose-documented, implement soft deletes with query filters, and validate your API boundaries with integration tests that fail when unnecessary fields leak through. Data minimization isn’t regulatory overhead—it’s architectural hygiene that makes your deletion logic straightforward and your audit responses honest.
Audit Logging That Survives Your Next Security Incident

Audit Logging That Survives Your Next Security Incident

Your audit logs probably won’t survive a real security incident. Most implementations log too much, protect too little, and provide zero value when something breaks at 2 AM. Here’s how to fix that with structured logging that actually works.
Your [Authorize] Attribute Is Compliance Theater

Your [Authorize] Attribute Is Compliance Theater

Your [Authorize] attributes give you a false sense of security. ISO 27001 auditors see right through it.

I’ve reviewed dozens of ASP.NET Core apps that authenticate flawlessly — then scatter role strings across business logic, skip audit logs, and wonder why they fail compliance. Here’s the pattern that kills audits, and how to actually fix it.

Real Professional Software Engineering in the AI Era

Real Professional Software Engineering in the AI Era

Throughout this series, we’ve established that AI-generated code without understanding creates productivity illusions that collapse in production (Part 1), and that the feedback loop between code and reality—compilation, testing, profiling, production—sharpens thinking in ways AI can’t replicate (Part 2). Now we confront the practical question: What defines professional software engineering when code generation becomes trivial? This final part examines the irreplaceable skillset: understanding execution characteristics (recognizing allocation patterns that cause GC pressure before deployment), asking questions AI can’t formulate (What’s the failure mode when this service is unavailable?), recognizing when plausible AI solutions diverge from correct ones, debugging production failures AI has no execution model to reason about, and evaluating maintainability for code that becomes tomorrow’s burden. We explore why prompt engineering optimizes for speed while architecture optimizes for survival, why “AI productivity” often means faster technical debt accumulation, and why the economic reality favors organizations that measure system reliability over lines of code generated. The feedback loop can’t be automated because closing it requires learning from production failures and applying that knowledge to prevent future ones—the irreplaceable discipline that defines real professionals in 2026 and beyond.
The Feedback Loop That AI Can't Replace

The Feedback Loop That AI Can't Replace

In the first part of this series, we established that AI-generated code without understanding creates an illusion of productivity that collapses under production load. The differentiator isn’t typing speed—it’s the feedback loop where code meets reality and exposes incomplete thinking. But what exactly is this feedback loop, and why can’t AI replicate it? Modern compilers validate logical consistency, catching gaps pure thought leaves unresolved. Profilers expose the 75x performance difference between “seems reasonable” and “actually performs.” Production environments reveal every assumption abstract thinking deferred—scale, concurrency, failure modes. This article explores the mechanisms that transform vague reasoning into concrete understanding: compilation validates logic instantly, testing catches behavioral mismatches, profiling measures what abstract analysis guesses, and production exposes the cost of every deferred decision. Real professionals don’t just write code—they master the iterative discipline of watching it fail, understanding why, and refining their thinking. AI participates in parts of this loop, but it can’t close it. That’s where professionals remain irreplaceable.
Kehrwoche: What Swabian Cleaning Teaches About Technical Debt

Kehrwoche: What Swabian Cleaning Teaches About Technical Debt

Kehrwoche—a Swabian cleaning tradition—is scarier than breaking the build on Friday afternoon. At least the build doesn’t remember next Tuesday. Mrs. Schmid from the second floor does, and she remembers well. What does a weekly cleaning schedule in southern Germany have to do with technical debt? More than most software teams want to admit.
Alphabet Soup: The Format Buffet Nobody Ordered

Format Buffet Nobody Ordered

Developers wanted one format. We got twenty. CSV mangles data, XML drowns in tags, JSON forbids comments, YAML punishes spaces. TOML tried fixing it. TAML went minimal. TOON optimized for AI. CCL brought category theory. Result? Five formats per project, three parsers, and debugging why NO became false. AI can’t save us either. Welcome to format hell.
Why Real Professionals Will Never Be Replaced by AI

Why Real Professionals Will Never Be Replaced by AI

The elephant everyone ignores: AI can generate code faster than you can type. GitHub Copilot autocompletes entire functions. ChatGPT builds APIs from prompts. Typing is dead. So why will real professionals never be replaced? Because “vibe coding”—describe what you want, ship what AI generates—is a productivity illusion that collapses spectacularly in production. When code generation becomes trivial, understanding what that code costs, where it fails, why it breaks under load becomes everything. AI generates syntax. Professionals understand execution, failure modes, operational cost, and production consequences. The differentiator isn’t typing speed—it’s mastering the feedback loop: write code, watch it fail, understand why, refine thinking. This discipline can’t be automated. Prompt engineers generate code. Real professionals ensure it survives contact with reality.
.NET CLI 10 – Microsoft Finally Realizes DevOps Exists

.NET CLI 10 – Microsoft Finally Realizes DevOps Exists

The .NET CLI? Reliable. Boring. You run dotnet build, dotnet test, dotnet publish, done. Real DevOps work happens in Dockerfiles, CI/CD configs, and specialized tools. The CLI does its job but was never built for actual operational workflows.

.NET 10 changes this. Four additions that sound minor but fix real problems I’ve hit in production pipelines for years: native container publishing, ephemeral tool execution, better cross-platform packaging, and machine-readable schemas. Not flashy. Not keynote material. But they’re the kind of improvements that save hours every week once you’re running them at scale.

Will they replace your current workflow? Depends on what you’re building. Let’s look at what actually changed.

Why Your Logging Strategy Fails in Production

Why Your Logging Strategy Fails in Production

Let me tell you what I’ve learned over the years from watching teams deploy logging strategies that looked great on paper and failed spectacularly at 3 AM when production burned.

It’s not that they didn’t know the theory. They’d read the Azure documentation. They’d seen the structured logging samples. They’d studied distributed tracing. The real problem was different: they knew what to do but had no idea why it mattered until production broke catastrophically.

Stop Typing: The .NET CLI Tab Completion You've Been Missing

Stop Typing: The .NET CLI Tab Completion You've Been Missing

One command to transform your .NET CLI workflow—tab completion so responsive you’ll wonder how you survived without it Finally, a productivity boost that’s actually worth your time