Cloud-Native Deployment
Azure Container Apps (via Aspire)
# Install Azure Developer CLI
winget install microsoft.azd # Windows
brew install azd # macOS
# Initialize and deploy
azd init
azd provision # Creates Azure resources from Aspire manifest
azd deploy # Deploys all services
Dockerfile (Multi-stage)
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
WORKDIR /src
# Copy and restore
COPY *.sln .
COPY */*.csproj ./
RUN for file in *.csproj; do mkdir -p ${file%.*}/ && mv $file ${file%.*}/; done
RUN dotnet restore
# Build and publish
COPY . .
RUN dotnet publish src/MyApp.Web/MyApp.Web.csproj -c Release -o /app/publish --no-restore
# Runtime
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS runtime
WORKDIR /app
EXPOSE 8080
ENV ASPNETCORE_URLS=http://+:8080
COPY --from=build /app/publish .
ENTRYPOINT ["dotnet", "MyApp.Web.dll"]
Docker Compose
services:
web:
build:
context: .
dockerfile: src/MyApp.Web/Dockerfile
ports:
- "8080:8080"
environment:
- ConnectionStrings__Default=Host=db;Database=myapp;Username=postgres;Password=postgres
- ASPNETCORE_ENVIRONMENT=Development
depends_on:
db:
condition: service_healthy
db:
image: postgres:16
environment:
POSTGRES_DB: myapp
POSTGRES_PASSWORD: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
redis:
image: redis:7-alpine
ports:
- "6379:6379"
volumes:
postgres_data:
GitHub Actions CI/CD
name: CI/CD
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
DOTNET_VERSION: '10.0.x'
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- run: dotnet restore
- run: dotnet build --no-restore -c Release -warnaserror
- run: dotnet test --no-build -c Release --logger trx --results-directory TestResults
- uses: actions/upload-artifact@v4
if: always()
with:
name: test-results
path: TestResults
deploy:
needs: build-and-test
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- run: |
dotnet publish -c Release -o ./publish
az webapp deploy --resource-group myapp-rg --name myapp-web --src-path ./publish
Environment Configuration
// Program.cs - environment-specific config
builder.Configuration
.AddJsonFile("appsettings.json")
.AddJsonFile($"appsettings.{builder.Environment.EnvironmentName}.json", optional: true)
.AddEnvironmentVariables()
.AddUserSecrets<Program>(optional: true); // Development only
// Health check endpoint for load balancer
app.MapHealthChecks("/health");
Azure App Service Deployment (from official docs)
Azure CLI (one command)
az login
az webapp up --sku F1 --name <app-name> --os-type linux
# --sku: F1 (free), B1 (basic), S1 (standard), P1v3 (premium)
# app-name must be globally unique (a-z, 0-9, -)
Azure Developer CLI (fastest)
azd init --template https://github.com/Azure-Samples/quickstart-deploy-aspnet-core-app-service.git
azd up # Provisions + deploys
azd down # Cleanup all resources
PowerShell Deployment
Connect-AzAccount
dotnet publish --configuration Release
Compress-Archive -Path bin\Release\net10.0\publish\* -DestinationPath deploy.zip
Publish-AzWebApp -ResourceGroupName myRG -Name <app-name> -ArchivePath deploy.zip -Force
Azure SDK Pattern (from official docs)
// 4-step pattern: Locate → Install → Create client → Call methods
// Blob Storage
using Azure.Storage.Blobs;
var client = new BlobContainerClient(
new Uri("https://<account>.blob.core.windows.net/<container>"),
new DefaultAzureCredential());
await client.UploadBlobAsync("file.txt", File.OpenRead("local.txt"));
// Key Vault
using Azure.Security.KeyVault.Secrets;
var kvClient = new SecretClient(
new Uri("https://<vault>.vault.azure.net/"),
new DefaultAzureCredential());
var secret = await kvClient.GetSecretAsync("my-secret");
// Service Bus
using Azure.Messaging.ServiceBus;
var sbClient = new ServiceBusClient("<connection-string>");
var sender = sbClient.CreateSender("queue-name");
await sender.SendMessageAsync(new ServiceBusMessage("Hello"));
Key Azure Services for .NET (from official docs)
| Use Case | Azure Service | NuGet Package | |----------|--------------|---------------| | Web apps, APIs | App Service | - | | Serverless microservices | Container Apps | - | | Event-driven functions | Azure Functions | Azure.Functions | | Relational data | Azure SQL | Microsoft.Data.SqlClient | | Global NoSQL | Cosmos DB | Azure.Cosmos | | File/blob storage | Blob Storage | Azure.Storage.Blobs | | Messaging queues | Service Bus | Azure.Messaging.ServiceBus | | Secrets management | Key Vault | Azure.Security.KeyVault.Secrets | | Authentication | Entra ID | Microsoft.Identity.Web | | Caching | Redis | StackExchange.Redis |
App Service Migration Gotchas (from official docs)
- Only HTTP (80) and HTTPS (443) ports supported - remove custom ports
- No GAC support - deploy dependencies in
\binfolder - No COM/COM+ - rewrite in managed code
- No physical filesystem - use Azure Files (SMB) or Blob Storage
- Azure AD requires paid tier (Basic+) - free tier doesn't support it
- Move connection strings to Azure Key Vault in production
Cross-Platform Targeting (from official docs)
<!-- Single target (recommended for apps) -->
<TargetFramework>net10.0</TargetFramework>
<!-- Multi-target (for NuGet libraries needing broad reach) -->
<TargetFrameworks>net10.0;netstandard2.0;net462</TargetFrameworks>
Anti-pattern: Don't target netstandard1.x - creates massive dependency graph.