How ASP.NET Core Handles Requests
Level: Beginner
The request pipeline explains what happens after a browser, mobile app, or frontend sends a request. This is the foundation for middleware, routing, controllers, authentication, CORS, and error handling.
- HTTP request structure: Method, URL, Headers, Body (Student POST request example)
- HTTP response structure: Status code, Headers, Body (200 OK with JSON data)
- Request pipeline flow: Request → Middleware 1 → Middleware 2 → Routing → Handler → Response
- Middleware order matters: Exception handling (first) → Logging → Authentication → Routing (last)
- How routing matches URLs:
/students/{id}finds correct handler with parameters - Response traveling back through middleware in reverse order
- Common HTTP status codes: 200 (OK), 201 (Created), 400 (Bad Request), 401 (Unauthorized), 404 (Not Found), 500 (Error)
- Real School Management example: Teacher marks attendance → POST /attendance/mark → Handler processes → 200 OK response
- HTTP methods and meaning: GET (read), POST (create), PUT (update), PATCH (partial), DELETE (remove)
- Middleware can stop request: Authentication middleware blocks unauthorized users before routing
- Request context: HttpContext contains Request, Response, User, Items
- Debugging pipeline: Using logging middleware to trace request flow
Every web application does this:
Receive request -> Process request -> Send response
ASP.NET Core organizes that flow using the request pipeline.
What is a Request?
A request is a message sent from a client to the server.
The client can be:
- Browser
- React/Angular app
- Mobile app
- Postman
- Another backend system
School example:
POST /attendance/mark
Content-Type: application/json
{
"studentId": 101,
"date": "2026-05-27",
"isPresent": true
}
This request says:
Please mark attendance for student 101.
What is a Response?
A response is the server's answer.
Example:
HTTP/1.1 200 OK
Content-Type: application/json
{
"success": true,
"message": "Attendance marked"
}
The response tells the client whether the request succeeded or failed.
Request Pipeline in Simple Words
The request pipeline is the ordered list of steps a request passes through.
Request
v
Middleware 1
v
Middleware 2
v
Routing
v
Endpoint / Controller
v
Response
Response comes back in reverse order:
Endpoint creates response
v
Middleware 2 can inspect response
v
Middleware 1 can inspect response
v
Client receives response
Why Middleware Exists
Many tasks are needed for every request:
- Logging
- Error handling
- HTTPS redirection
- Static file handling
- CORS
- Authentication
- Authorization
Instead of writing these again in every route, ASP.NET Core uses middleware.
Real School Request Flow
Teacher clicks Mark Attendance.
1. Browser sends POST /attendance/mark
2. Logging middleware logs request
3. Error handling middleware prepares to catch errors
4. Authentication checks teacher is logged in
5. Authorization checks teacher has permission
6. Routing finds attendance endpoint
7. Endpoint validates data
8. Attendance service saves to database
9. Endpoint returns 200 OK
10. Logging middleware logs response
11. Browser shows success message
Code Example
var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
app.Use(async (context, next) =>
{
Console.WriteLine($"Request: {context.Request.Method} {context.Request.Path}");
await next();
Console.WriteLine($"Response: {context.Response.StatusCode}");
});
app.MapGet("/students/{id}", (int id) =>
{
return Results.Ok(new
{
Id = id,
Name = $"Student {id}"
});
});
app.Run();
What happens for /students/101:
Request log printed
Route handler runs
JSON response is created
Response log printed
Client receives JSON
Middleware Can Stop a Request
Middleware does not always call the next step.
Example:
app.Use(async (context, next) =>
{
bool isBlocked = context.Request.Path.StartsWithSegments("/blocked");
if (isBlocked)
{
context.Response.StatusCode = 403;
await context.Response.WriteAsync("Access denied");
return;
}
await next();
});
If the URL starts with /blocked, the request stops there.
HTTP Methods
| Method | Meaning | School Example |
|---|---|---|
| GET | Read data | Get student details |
| POST | Create data | Add a new student |
| PUT | Replace/update data | Update full student profile |
| PATCH | Partial update | Update only phone number |
| DELETE | Delete data | Remove old draft record |
HTTP Status Codes
| Code | Meaning | Example |
|---|---|---|
| 200 | OK | Student found |
| 201 | Created | New student added |
| 400 | Bad Request | Missing student name |
| 401 | Unauthorized | User not logged in |
| 403 | Forbidden | Student trying to access admin report |
| 404 | Not Found | Student id does not exist |
| 500 | Server Error | Unexpected exception |
Good Pipeline Order
Typical order:
app.UseExceptionHandler("/error");
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
Why order matters:
- Error handling should be early so it can catch later errors.
- Static files should run before expensive app logic.
- Authentication must run before authorization.
- Endpoints/controllers are mapped after middleware.
Common Beginner Mistakes
| Mistake | Problem |
|---|---|
| Thinking middleware and route handlers are the same | Middleware surrounds many requests; handlers process specific endpoints |
| Wrong auth order | Authorization cannot work correctly before authentication |
Forgetting await next() | Request may stop too early |
Calling next() twice | Can cause unexpected behavior |
| Not returning after blocking request | Later middleware may still run |
Summary
| Concept | Meaning |
|---|---|
| Request | Client asks server for something |
| Response | Server answers |
| Pipeline | Ordered request processing flow |
| Middleware | Reusable processing step |
| Routing | Finds matching endpoint |
| Endpoint | Your C# code that handles request |
Most ASP.NET Core features are easier after you understand the pipeline. Middleware, routing, controllers, CORS, authentication, authorization, and error handling all depend on this mental model.
Q: Explain the ASP.NET Core request pipeline.
Good Answer: "The request pipeline is the ordered flow an HTTP request follows inside an ASP.NET Core application. A request enters middleware one by one. Middleware can inspect, modify, stop, or pass the request to the next component. After middleware, routing selects the matching endpoint or controller action. The endpoint creates a response, and the response travels back through middleware before going to the client. Middleware order matters, especially for error handling, routing, authentication, and authorization."
Practice Before Next Article
- Explain request and response with a school attendance example.
- Write the correct order: authentication or authorization first?
- What happens if middleware does not call
next()? - List five common HTTP status codes.
- Explain why error handling middleware should be early.
Use ChatGPT, Claude, or Copilot to go deeper on ASP.NET Core request pipeline. Try these prompts:
"Explain the request pipeline like I am a beginner""Give me a real example of middleware stopping a request""Why does middleware order matter?""Create a diagram for request and response flow"
💡 Tip: After reading this article, paste your own code into AI and ask "What could go wrong here and why?" — fastest way to find edge cases and deepen understanding.