Extended Syllabus - Web Applications with C#

Course: Web Applications with C#
Code: ICD0024
ECTS: 6 (156 student hours)
SIS/ÕIS: Web Applications with C# (ICD0024)
Duration: 16 weeks + 1 extra defense day
Course year: 2nd year
Semester: Spring (4th semester)
Format: Flipped classroom
Students: ~115
TAs: 5
Language: English if any Erasmus/exchange students are enrolled; otherwise Estonian. Q&A Estonian and English
Written language: English (slides, comments, code, etc...)
Contact: Friday 13:00-16:00, ICO-221 (Weeks 1-16) — optional clinic/demo; 0-3h depending on attendance + extra day Week 17
Attendance: Friday sessions are optional. Defense attendance is mandatory (remote by prior arrangement).
Teacher: Andres Käver
Email: andres.kaver@taltech.ee

Student Quick Start

Weekly workflow: Watch pre-recorded video lectures (~1.5h) before the Friday session. Attend optional clinic/demo Friday 13:00-16:00 (ICO-221). Work on assignments during the week (~5-8h). Use MS Teams CSharp Web channel for questions.

Deadlines: Code must be committed and pushed to git by 23:59:59 on Thursday evening (the day before Friday defense sessions in weeks 5, 10, and 15), serving as the code-freeze deadline.

Defense weeks: D1 = Week 5-6, D2 = Week 10-11, D3 = Week 15-17. Retakes on weeks 7, 12, and 17.

Passing rules: Each defense must score >50% of its points. You must pass ALL three defenses to pass the course. One retake allowed across all defenses (capped at 75% of original points).

Attendance: Weekly Friday sessions are optional clinic/demo sessions. Defense attendance is mandatory. Remote defense by prior arrangement only.

If code does not compile at defense: You may fall back to the last working commit in your repository, or you will be given a 10-minute hotfix window to resolve compilation issues. If neither produces a running application, the assignment receives 0 points. See "Defense Logistics" for full details.

AI usage: AI tools are encouraged (semi-mandatory). You must document prompts and modifications. You must be able to explain every line of your code without AI assistance at defense.

Grade scale: 5 (90-120), 4 (80-89), 3 (70-79), 2 (60-69), 1 (50-59), 0 (<50 or failed defense). Maximum 120 points (100 base + 20 bonus).

What counts as a "client app": A working application that consumes your backend REST API (Vue/React from JS course, Blazor, Razor Pages via HttpClient, or any other technology) is mandatory. Swagger UI, Bruno, and Postman do NOT count.

Goals (from ÕIS)

To introduce modern web applications (MVC, REST API, JS) and possibilities for their creation.
To develop software development skills with .NET framework tools.

Learning Outcomes (from ÕIS)

L01 - Uses JSON markup language for storing complex structured data and presenting data in a structured form.
L02 - Creates simple client applications for common web services with the help of publicly available instructions.
L03 - Creates simple web services using .NET Framework technologies and tools.
L04 - Under normal circumstances uses technologies and tools used to secure web services.
L05 - Describes and uses the areas of use of web applications and their architectures.

General competencies course develops (not graded)

TalTech General Competencies

1.1 Self-management and learning competence

self-management
self-regulation
learning skills

1.2 Critical thinking

critical information acquisition skills
analytical skills
problem-solving skills
argumentation skills
self-assessment skills

1.4 Communication competence

self-expression in different forms
adaptation of communication style
giving feedback

Communication 2025/2026 spring

Main channel - MS Teams
Teacher Andres Käver - andres.kaver@taltech.ee (SLA: response in 2 office days)
Office hours - by appointment (room ICO-521B)
TA-s
- Mikk Raba - mikk.raba@taltech.ee
- Karl Rudolf Õigus - kaoigu@taltech.ee
- Jürgen Marten Kuusik - jurkuu@taltech.ee
- Illimar Reinbusch - ilrein@taltech.ee
- Stella Tukia - sttuki@taltech.ee
Course materials
Moodle (when needed) Key: cweb26spring
GitLab. Use group 2025-2026-spring, create your repository with name <uniid>-<yourproject>
Echo
Defence slot allocation - link in course materials (and in moodle)
Contact session every Friday 13:00-16:00, ICO-221 (16 weeks, from 06.02.2026) — optional clinic/demo (defense attendance mandatory)

Pre-Requirements

Students should have mastered the following before taking this course:

Programming Fundamentals

Variables, data types, operators
Control structures (if/else, loops, switch)
Functions (parameters, return values, scope)
Arrays and basic data structures
Object-oriented programming basics (classes, objects, inheritance)
Debugging techniques

C# Fundamentals

Classes, interfaces, abstract classes
Generics basics
LINQ basics (Where, Select, OrderBy)
Nullable types
Exception handling (try/catch/finally)

Web Fundamentals

HTML5 (semantic elements, forms, tables, multimedia)
CSS3 (selectors, box model, flexbox, grid, responsive design, media queries)
How HTTP works (request/response cycle, status codes, headers)
Client-server architecture concepts
Browser developer tools usage

Development Tools

Git version control (clone, commit, push, pull, branches, merge, resolving conflicts)
Command line/terminal basics (navigation, file operations, running commands)
Code editor proficiency (VS Code or JetBrains Rider recommended)
.NET SDK and dotnet CLI concept (will be taught, but understanding the concept helps)
Package managers concept (NuGet)

Database Basics

Relational database concepts (tables, rows, columns, keys)
Basic SQL (SELECT, INSERT, UPDATE, DELETE, JOINs)
ER diagrams understanding

Literature

Workload Distribution

Component	Hours
Video lectures	24
Weekly assignments	96
Defense preparation	20
Self-study	14
Defense	2
Contact sessions (practices, Q and A) (16 weeks)	0-48 (optional)
Total	156

Course Structure Overview

Core Theme: Architecture Progression

This course is built around two phases of project work:

A1 (Weeks 1–3): Each student works on a teacher-assigned project to rapidly establish N-tier MVC fundamentals, Identity, i18n, htmx/Alpine.js, and testing practices.
A2–A5 (Weeks 4–15): Each student proposes and builds their own project from scratch, progressively applying increasingly sophisticated architectural patterns:

Clean/Onion Architecture → REST API + Client → Docker/CI/CD → Modular Monolith → Microservices

A2–A5 are cumulative — students build one application and iteratively refactor its architecture. The focus is on understanding WHY each architectural pattern exists, WHEN to apply it, and the trade-offs involved — not just memorizing the structure.

Core Curriculum (Weeks 1-9)

Week	Topic	Assignment	Defense
1	C# Refresher + ASP.NET Core MVC + EF Core + AI Dev Tools	A1: N-Tier MVC App	-
2	Identity + i18n + htmx + Alpine.js + N-Tier Patterns	A1 cont.	-
3	Testing (Unit + Integration + E2E + Mocking)	A1 cont.	-
4	Clean Architecture Principles + Domain Layer	A2: Clean Arch + REST API + Client	-
5	Application Layer + CQRS-lite + MediatR + Mappers	A2 cont.	D1 start (A1)
6	Infrastructure Layer + Repository + Unit of Work	A2 cont.	-
7	REST API + JWT Authentication + Swagger	A2 cont.	-
8	Client App Integration + Business Rules + Validation	A2 cont.	-
9	Docker + CI/CD + VPS Deployment	A3: DevOps	-

Advanced Architecture (Weeks 10-15)

Week	Topic	Assignment	Defense
10	Modular Monolith Fundamentals + DDD Basics	A4: Modular Monolith	D2 starts (A2+A3)
11	Module Structure in .NET + Bounded Contexts	A4 cont.	-
12	Inter-Module Communication + Message Queues + Shared Kernel	A4 cont.	-
13	Microservice Patterns + Service Extraction	A5: Simple Microservices	-
14	Service Communication + Data Ownership	A5 cont.	-
15	API Gateway + Architecture Review + Comparison	A5 cont.	D3 starts (A3+A4+A5+Demo)
16	Buffer / Retakes	-	Retakes
17	Extra Defense Day	-	Final retakes + consultation

Week 17 (Extra Defense Day): One additional contact day after semester end for final retakes and consultation. This replaces a separate theory/practical exam - all assessment is done through assignment defenses.

Teacher discretion: If class progression requires more time on core material, Microservice weeks may be condensed. Decision made by Week 12 based on defense pass rates and assignment completion.

N-Tier assumption: Students are expected to have a working understanding of N-tier architecture (DAL, BLL, UI separation) from previous courses. Weeks 1-3 are a rapid setup using familiar patterns, enhanced with htmx and Alpine.js for lightweight frontend interactivity in MVC views.

Testing from day one: Testing is introduced as part of A1 and is a cross-cutting requirement for ALL subsequent assignments. Every assignment must maintain and extend test coverage — unit tests, integration tests, and E2E tests. There is no separate testing week or assignment; testing is woven into the development process from the start.

Cross-cutting patterns (weave throughout):

Mediator pattern — introduced in Clean Architecture (Week 5) for decoupling handlers from controllers, reused in Modular Monolith for inter-module messaging
Message queues — introduced in Modular Monolith (Week 12) for inter-module async communication, carried into Microservices
Eventual consistency — introduced in Modular Monolith (Week 12), deepened in Microservices (Week 14) — same problem at different scales

Cross-course integration: Students concurrently enrolled in "JavaScript" (ICD0006) use their ASP.NET Core backend (from this course) as the backend for assignments in the JS course, reinforcing cross-course learning.

Client application requirement: All students MUST have a working client application consuming the REST API for A2. Students in the JS course use their Vue/React frontend. Students NOT in the JS course should build a client in another ASP.NET Core project (e.g., Blazor, Razor Pages consuming the API via HttpClient) or any technology of their choice. Swagger UI or API testing tools (Bruno, Postman) do NOT count as a client application.

Note: A1 is a standalone foundational exercise using a teacher-assigned project. Starting from A2, students propose their own project and all subsequent assignments (A2–A5) are cumulative, building on the SAME student-proposed application. Each phase refactors and extends the previous architecture. This simulates real-world software evolution.

Assignment deadlines

Code must be committed and pushed to git by 23:59:59 on Thursday evening (the day before Friday defense sessions in weeks 5, 10, and 15), serving as the code-freeze deadline.

How the course works

Before session: videos, personal preparation
During session: demo and Q&A with teacher, clinics and defense with TA's
After session: assignment work + support channels
Gitlab, VPS, AI access, etc. provided by course
Expected time per week: 8–10h (videos ~1.5h, r&d ~5–8h, optional demos and clinic ~0–3h)

Grading Overview

Assessment Model: All grading is done through assignment defenses. No separate theory or practical exam.

Defense Points (100 total + 20 bonus)

Defense	Points	Passing (>50%)
D1: N-Tier MVC + htmx/Alpine + Testing (A1)	25	>12.5
D2: Clean Architecture + REST API + Client + DevOps (A2+A3)	35	>17.5
D3: Modular Monolith + Microservices + Full Demo (A3+A4+A5)	40	>20
Total	100	>50
Bonus points (TA/Teacher discretion)	+20
Maximum possible	120

D1 points (0–25) = 25 × (A1/100)
D2 points (0–35) = 35 × (0.7×A2 + 0.3×A3)/100
D3 points (0–40) = 40 × (0.2×A3 + 0.4×A4 + 0.4×A5)/100

Passing Requirements

Each defense must achieve >50% of its points to pass
Must pass ALL defenses to pass the course
Overall course grade based on total points earned

Retake Penalty

Retakes only available for failed defenses (<50%)
Retake maximum is 75% of original points
One retake allowed total
In case of technical issues (e.g., Gitlab or VPS outage) contact teacher

Bonus Points (up to 20) TAs and teacher may award bonus points for:

Exceptional code quality or architecture
Going beyond requirements
Outstanding documentation
Creative solutions
Helping other students
Active participation

Grade Scale

Grade	Points
A (5)	90-120
B (4)	80-89
C (3)	70-79
D (2)	60-69
E (1)	50-59
F (0)	<50 or failed defense

Learning Outcomes ↔ Assessment Alignment

Learning Outcome	Primary Assessment
LO1: Uses JSON for structured data	A2 REST API (JSON I/O), all assignments via API testing
LO2: Creates client applications for web services	A2 client app, A5 inter-service communication
LO3: Creates web services using .NET	A1 MVC, A2 REST API, A4 Modular API, A5 Microservice API
LO4: Uses technologies to secure web services	A1 Identity, A2 JWT, A3 SSL/deployment
LO5: Describes and uses web application architectures	A1-A5 progressive architecture + D1/D2/D3 defense

For the detailed mapping including teaching weeks and evidence requirements, see the Learning Outcomes ↔ Assessment Mapping section in Assignments.md.

Reduced Curriculum (If Modular Monolith/Microservices Dropped)

If teacher decides to drop extended curriculum, defense points redistribute:

Without Microservices (D1 + D2 + partial D3)

D1: 25 points
D2: 35 points
D3 (DevOps + Modular Monolith + Full App Demo): 40 points
Bonus: +20

D1 points (0–25) = 25 × (A1/100) D2 points (0–35) = 35 × (0.7×A2 + 0.3×A3)/100 D3 points (0–40) = 40 × (0.3×A3 + 0.7×A4)/100

Defense Logistics

Schedule (Full Curriculum)

D1 (Week 5): N-Tier MVC + htmx/Alpine + Testing - A1 (25 points)
D2 (Week 10): Clean Architecture + REST API + Client + DevOps - A2 + A3 (35 points)
D3 (Week 15): Modular Monolith + Microservices + Full App Demo - A3 + A4 + A5 (40 points)
Week 16: Buffer / Retakes
Week 17: Extra Defense Day (final retakes + consultation)
Code must compile and run at defense. If the latest commit does not compile or the application does not start:
1. Fallback: The student may request to use the earlier commit in their repository. Students are encouraged to tag a known-good commit before each defense.
2. Hotfix window: If no tagged commit exists, the student has a one-time 10-minute window to fix compilation issues on the spot. The timer starts when the TA identifies the issue.
3. If neither produces a running application: The assignment receives 0 points for that defense.
- Note: The defense-ready tag must be pushed to the remote repository before the defense deadline (Thursday 23:59:59). Tagging during the defense session is not permitted.
Code defense is done using the student's own laptop and VPS
Defense slots are available for allocation via Moodle or other similar system
Students must bring their own laptop to defense
5 TA-s are working in parallel, be prepared to wait for your turn
remote defense or off the hours defense are possible, but require prior agreement

Format

D1: 15-20 minutes per student (N-Tier MVC + htmx/Alpine + Testing)
D2: 15-25 minutes per student (Clean Architecture + REST API + Client + DevOps)
D3: 15-30 minutes per student (Modular Monolith + Microservices + architecture evolution demo)
Student presents work (5-10 min)
TA asks questions
Points awarded immediately after defense
Points are recorded in Moodle gradebook within 2 working days
If a student disagrees with the awarded points, they must contact the teacher (not the TA) within 5 working days via email (andres.kaver@taltech.ee). The teacher will review the code, git history, and if necessary conduct a brief re-defense. The teacher's decision is final.
Overall course grade is published in ÕIS after all defenses (including retakes) are complete

D3 Full Application Demo Requirements

Application must be deployed and accessible
Student demonstrates architecture evolution live (Clean Architecture → Modular Monolith → Microservice) and can explain N-Tier concepts from A1
No slides - show the actual working application and code structure
Be prepared for TA to request specific scenarios
Explain trade-offs at each architectural stage

Defense Assessment Rubric

All defenses are assessed using these five dimensions:

Dimension	What TAs evaluate
Architecture correctness	Proper layer separation, dependency direction, pattern application
Security & authentication	Identity/JWT implementation, authorization, data isolation
Testing	Test coverage, test quality, appropriate test types
Code quality	Naming, conventions, project organization, clean code
Explanation & understanding	Ability to explain decisions, trade-offs, and code without AI assistance

TA Calibration: All TAs use the same rubric and scoring guidelines. Before each defense period, TAs complete a calibration session with the teacher using sample submissions. Borderline cases (within 2 points of a pass/fail threshold) are escalated to the teacher for a second review if needed.

Passing Rules

Each defense requires >50% of its points to pass
Failing ANY defense = failing the course (regardless of total points)

Retake Policy

Only ONE retake allowed in total (across all defenses)
Retake is only possible if defense failed (<50%)
Retake penalty: maximum 75% of original points available
Retake must be completed before the next defense period starts:
- D1 retake: must complete before D2 (Week 10)
- D2 retake: must complete before D3 (Week 15)
- D3 retake: Week 16 or Week 17 (Extra Defense Day)
Students needing retakes should aim for bonus points to compensate for the penalty
Retake is on following week after the regular defense (one day only)

For example: Student passes D1, fails D2, uses retake, then fails D3 → course fail (because no retake left + must pass all defenses).

Bonus Points (up to 20)

Awarded at TA/teacher discretion throughout the course
Can be given during any defense or for overall performance
Bonus points added to final total after all defenses complete

Students with special needs

Students with special needs are encouraged to contact the instructor at the beginning of the course. If special needs may affect participation or assessment, the instructor should be informed at the beginning of the course so appropriate accommodation can be arranged. Students may also contact the university support services for accessibility arrangements. All requests will be handled confidentially.

AI Usage Policy

Encouraged (semi mandatory)

Using AI for code generation with proper specifications (Claude Code, GitHub Copilot, etc.)
Spec-driven development: write specifications first, let AI generate implementation
Learning from AI explanations of architectural patterns
Debugging with AI assistance
Documentation generation

Required documentation

Keep prompts/specs used
Note what AI got wrong
Describe your modifications
Alternative solutions considered
Architecture decision records (ADRs) where applicable

Not acceptable (defense fail)

Submitting AI code without actual understanding
Copying without verification
Unable to explain your codebase without AI assistance
Cannot explain WHY a particular architecture pattern was chosen

Academic Integrity

You are allowed to use any source for your work, citations are not mandatory. Wide usage of AI is allowed (expected). Self organized group work is allowed (each student must maintain their own code repository). You are allowed to use external code (ai, external help, etc.). Personal requirements apply - code in git, vps deployment, ci/cd, etc. Third-party code/assets must follow their license terms.

But you must be able to explain your work/code individually in minute details and defend it in front of the teacher and TA's - without external/ai help.

No animals were harmed during the making of this course. Except my dog, who was harmed by me not having enough time to play with him.

Planned Lectures Content (Prerecorded Videos)

Week 1: C# Refresher + ASP.NET Core MVC + EF Core + AI Dev Tools (4 videos, ~120 min total)

Video 1.1: C# Refresher & Modern Features (30 min)

C# 12/13 features overview (primary constructors, collection expressions, raw string literals)
Async/await patterns and Task-based programming
LINQ refresher (method syntax, query syntax, deferred execution)
Nullable reference types and null safety
Pattern matching enhancements
Record types and value objects

Video 1.2: ASP.NET Core MVC Introduction (30 min)

ASP.NET Core project structure and startup
Program.cs and minimal hosting model
MVC pattern: Controllers, Views, Models
Razor syntax basics
Tag Helpers overview
Routing conventions
Model binding and validation basics

Video 1.3: Entity Framework Core + Database Design (35 min)

Code First approach, DbContext configuration
Entity configuration: Data Annotations vs Fluent API
Designing entity relationships (one-to-many, many-to-many)
Navigation properties and foreign keys
Creating and applying migrations
Seeding initial data

Video 1.4: Spec-Driven Development with AI (25 min)

Writing effective specifications for code generation
AI coding tools: Claude Code, GitHub Copilot, JetBrains AI
Specification → implementation → review cycle
Iterative refinement workflow
When AI helps vs. when it hurts
Documentation generation with AI

Week 2: Identity + i18n + htmx + Alpine.js + N-Tier Patterns (4 videos, ~160 min)

Video 2.1: ASP.NET Core Identity + Authorization (30 min)

Adding Identity to an existing project
Custom ApplicationUser and ApplicationRole
Cookie-based authentication flow
Login, registration, logout
Role-based authorization ([Authorize(Roles = "Admin")])
User data isolation (filtering by UserId)
Seeding admin user and roles

Video 2.2: Internationalization with Resource Files (25 min)

.resx resource files structure
IStringLocalizer and IHtmlLocalizer
View localization and Data Annotations localization
Culture provider configuration (cookie, query string, accept-language)
Culture switching UI element

Video 2.3: htmx (30 min)

htmx philosophy: HTML over the wire, not JSON
Core attributes: hx-get, hx-post, hx-swap, hx-trigger, hx-target
Partial views in ASP.NET Core for htmx responses
Inline editing, search-as-you-type, load-more pagination
Loading indicators with hx-indicator
hx-boost for progressive enhancement of existing links/forms
Error handling and fallback behavior
When htmx makes sense vs. when you need a full SPA

Video 2.4: Alpine.js (35 min)

Alpine.js philosophy: lightweight, declarative reactivity
Core directives: x-data, x-show, x-bind, x-on, x-model, x-for
Interactive components: dropdowns, modals, toggle panels, confirmation dialogs
Combining htmx + Alpine.js for rich server-rendered UIs

Video 2.5: N-Tier Patterns (35 min)

N-Tier solution structure deep dive (DAL, BLL, Web projects)
Generic repository pattern, service layer patterns
Code quality and clean code basics

Week 3: Testing (Unit + Integration + E2E + Mocking) (4 videos, ~120 min)

Video 3.1: Unit Testing with xUnit (30 min)

xUnit project setup and test project structure
Test structure: Arrange, Act, Assert
[Fact] and [Theory] attributes
Mocking with Moq or NSubstitute
Testing BLL services (business logic, validation)
Testing mappers and data transformations
Code coverage reports and thresholds

Video 3.2: Integration Testing (30 min)

WebApplicationFactory<T> for MVC/API testing
In-memory database vs test containers
Testing controller actions via HTTP client
Testing authentication flows (register, login, logout)
Testing authorization (accessing other user's data)
Test data setup and cleanup

Video 3.3: E2E Testing (25 min)

Playwright setup for ASP.NET Core apps
Page Object Model pattern
Testing user registration and login
Testing CRUD workflows through the UI
Testing navigation and authorization redirects
Screenshots on failure

Video 3.4: Error Handling & Test Strategy (35 min)

Global exception handling middleware
ProblemDetails standard
Structured logging with Serilog basics
Testing as a cross-cutting concern
Test organization patterns (per layer, per feature)
When to write which type of test
Code coverage: what to measure, what to ignore

Week 4: Clean Architecture Principles + Domain Layer (3 videos, ~90 min)

Video 4.1: Clean Architecture Principles (30 min)

Problems with traditional N-tier (coupling, dependency direction)
Onion Architecture / Clean Architecture / Hexagonal Architecture comparison
The Dependency Rule: dependencies point inward
Layer responsibilities and boundaries
When Clean Architecture is worth the complexity
Trade-offs vs simpler architectures

Video 4.2: Domain Layer Design (35 min)

Entities vs Value Objects
Domain enums and constants
Domain interfaces (what belongs in the domain)
Base entity classes (Id, audit fields)
Domain events concept
Aggregate roots (brief DDD introduction)
Rich domain models vs anemic domain models

Video 4.3: Dependency Inversion in Practice (25 min)

Interface segregation for repositories
Restructuring project references (removing DAL reference from Web)
Composition root pattern (wiring in Web/Program.cs)
Microsoft.Extensions.DependencyInjection in practice
Service lifetimes: Scoped, Transient, Singleton
Verifying no layer violations (architecture tests concept)

Week 5: Application Layer + CQRS-lite + MediatR + Mappers (3 videos, ~90 min)

Video 5.1: Application Layer & Use Cases (30 min)

Application layer responsibilities
Service interfaces and implementations
Use case pattern (single responsibility per operation)
Input/output DTOs for each operation
Application-level exceptions
Orchestrating domain operations

Video 5.2: DTOs & Mappers (35 min)

Why DTOs at every boundary
Manual mapping (extension methods, static mappers)
AutoMapper setup and profiles
Mapping domain ↔ DTO ↔ ViewModel
Nested object mapping
Collection mapping
Performance considerations

Video 5.3: CQRS-lite + MediatR (30 min)

Command Query Responsibility Segregation concept
Read models vs write models
Separate DTOs for create/update/read operations
MediatR setup: IRequest<T>, IRequestHandler<TRequest, TResponse>
Decoupling controllers from application logic via MediatR
Commands and queries as MediatR requests
Pipeline behaviors (logging, validation, transaction management)
When MediatR adds value vs unnecessary indirection
Practical CQRS without event sourcing

Week 6: Infrastructure Layer + Repository + Unit of Work (3 videos, ~90 min)

Video 6.1: Infrastructure Layer (30 min)

Infrastructure layer responsibilities
EF Core as infrastructure implementation
Repository implementations behind interfaces
External service adapters (email, file storage)
Infrastructure registration in DI

Video 6.2: Repository & Unit of Work (35 min)

Generic repository implementation with EF Core
Unit of Work pattern with EF Core (DbContext as UoW)
Custom Unit of Work interface
Transaction management
Repository method patterns (GetAll, GetById, Add, Update, Remove)
Specification pattern introduction

Video 6.3: EF Core Advanced (25 min)

Global query filters (soft delete, multi-tenancy)
SaveChanges override for audit fields
Interceptors for cross-cutting concerns
Query performance (eager loading, explicit loading, projections)
Raw SQL and stored procedures when needed
Concurrency handling (RowVersion)

Week 7: REST API + JWT Authentication + Swagger (3 videos, ~90 min)

Video 7.1: REST API Design + Web API Controllers (30 min)

REST principles and conventions
API controllers vs MVC controllers ([ApiController] attribute)
Route design (/api/v1/products/{id})
HTTP methods: GET, POST, PUT, DELETE, PATCH
Status codes: 200, 201, 204, 400, 401, 403, 404, 409
Content negotiation
API-specific DTOs (separate from MVC ViewModels)

Video 7.2: Swagger & OpenAPI (25 min)

Swashbuckle setup and configuration
XML comments for API documentation
Swagger UI customization
API versioning strategies (URL path, header, query string)
Documenting authentication in Swagger
Generating API clients from OpenAPI spec

Video 7.3: JWT Authentication in ASP.NET Core (35 min)

JWT structure: header, payload, signature
Access token vs refresh token strategy
ASP.NET Core JWT Bearer authentication setup
Token generation service
Password hashing with ASP.NET Core Identity
[Authorize] on API controllers
Claims-based authorization in APIs
Extracting user info from JWT in controllers

Week 8: Client App Integration + Business Rules + Validation (3 videos, ~90 min)

Video 8.1: Refresh Token Flow (30 min)

RefreshToken entity and database storage
Refresh endpoint implementation
Token rotation: invalidate old token, issue new pair
Logout: invalidate refresh token
Security considerations: token theft, XSS, CSRF
Token cleanup (expired token removal)

Video 8.2: Client App Integration & CORS (35 min)

CORS configuration in ASP.NET Core
Connecting a JavaScript SPA to the API
Axios/fetch interceptors for auth headers
Automatic token refresh on 401 response
Protected routes in the client
Environment-based API URL configuration
Alternative: ASP.NET Core client consuming API via HttpClient

Video 8.3: Business Rules & Validation (25 min)

FluentValidation setup and usage
Validation in the Application layer (not in controllers)
Complex validation rules (cross-field, database-dependent)
Result pattern for operation outcomes
ProblemDetails for API error responses
Consistent error handling across MVC and API

Week 9: Docker + CI/CD + VPS Deployment (4 videos, ~120 min)

Video 9.1: Docker Fundamentals for .NET (30 min)

Docker concepts and architecture
Dockerfile for ASP.NET Core apps
Multi-stage builds: SDK build → runtime image
.dockerignore best practices
Development vs production images
Image size optimization

Video 9.2: Docker Compose (25 min)

docker-compose.yml structure
Multi-container setup (ASP.NET Core app + PostgreSQL)
Volumes for database persistence
Networking between containers
Environment variables and secrets
Local development workflow with Docker

Video 9.3: GitLab CI/CD (35 min)

.gitlab-ci.yml structure
Pipeline stages: lint, test, build, deploy
Variables and secrets management
Docker-in-Docker for building images
Container registry integration
Deployment triggers and manual gates
Caching NuGet packages

Video 9.4: VPS Deployment (30 min)

SSH key configuration
Basic server hardening (ufw, fail2ban)
Nginx as reverse proxy for ASP.NET Core
SSL with Let's Encrypt (certbot)
docker-compose in production
Health check endpoints
Environment variable management on VPS

Advanced Architecture

Week 10: Modular Monolith Fundamentals + DDD Basics (3 videos, ~90 min)

Video 10.1: Modular Monolith Concepts (30 min)

What is a modular monolith and why
Monolith → modular monolith → microservices progression
Benefits over traditional monolith (team autonomy, deployability, bounded complexity)
Benefits over premature microservices (simplicity, performance, transactions)
Real-world examples and case studies
When to stay monolith vs when to modularize

Video 10.2: Domain-Driven Design Strategic Patterns (35 min)

Bounded contexts: identifying domain boundaries
Ubiquitous language per context
Context mapping: shared kernel, customer-supplier, conformist, anti-corruption layer
Event storming: discovering domain events and commands
Aggregates and aggregate roots
Practical DDD without the ceremony

Video 10.3: Identifying Modules from Your Domain (25 min)

Analyzing your existing application for natural boundaries
Common module patterns: Catalog, Orders, Identity, Notifications, Inventory
Signs of incorrect boundaries (excessive cross-module communication)
Documenting module decisions with Architecture Decision Records (ADRs)
Module dependency rules: what can depend on what

Week 11: Module Structure in .NET + Bounded Contexts (3 videos, ~90 min)

Video 11.1: Module Project Structure (30 min)

Each module as a mini clean architecture
Modules.Catalog.Domain, .Application, .Infrastructure, .Api
Feature folders vs layer folders within modules
Module assembly scanning and registration
Preventing accidental cross-module dependencies (ArchUnit tests)

Video 11.2: Shared Kernel Design (35 min)

What belongs in the shared kernel (base classes, common interfaces, utilities)
What does NOT belong (domain logic, business rules)
SharedKernel project structure
Common infrastructure: logging, auth helpers, middleware
Shared kernel versioning considerations
When the shared kernel grows too large — warning signs

Video 11.3: Database per Module (25 min)

Separate DbContext per module
Schema separation within a shared database
Module-specific migrations
Cross-module data: API calls vs data duplication vs events
EF Core owned types and value objects per module
Handling Identity context shared across modules

Week 12: Inter-Module Communication + Message Queues + Integration Patterns (3 videos, ~90 min)

Video 12.1: Inter-Module Communication Patterns + Message Queues (35 min)

Direct method calls via interfaces (synchronous)
Integration events (asynchronous, in-process)
MediatR for in-process messaging (INotification, INotificationHandler)
Request/response vs fire-and-forget patterns
In-process messaging (MediatR) vs out-of-process messaging (message queues)
Message queue concepts: producers, consumers, exchanges, queues
RabbitMQ introduction (MassTransit as .NET abstraction)
When to use in-process events vs message queues
Transitioning from MediatR notifications to queue-based messaging

Video 12.2: Integration Events + Eventual Consistency (35 min)

Defining integration events (contracts between modules)
Publishing events from one module
Subscribing to events in another module
Event ordering and idempotency
Eventual consistency in modular monoliths — why it matters even with a single deployment
Handling stale reads across module boundaries
Compensating actions when operations fail
Outbox pattern for reliable event delivery
Testing module interactions

Video 12.3: Module Registration + API Organization (25 min)

IServiceCollection.AddCatalogModule() pattern
Module-specific middleware and filters
API endpoints organized by module (/api/v1/catalog/, /api/v1/orders/)
Module-specific Swagger grouping
Health checks per module
Debugging cross-module communication

Week 13: Microservice Patterns + Service Extraction (3 videos, ~90 min)

Video 13.1: Microservice Patterns Overview (30 min)

When microservices make sense (and when they don't)
Conway's Law and team structure
Service boundaries and data ownership
12-factor app principles
Communication patterns: synchronous (HTTP/gRPC) vs asynchronous (message queues)
CAP theorem awareness

Video 13.2: Service Extraction from Modular Monolith (35 min)

Strangler Fig pattern
Choosing which module to extract first (independence, team ownership, scaling needs)
Creating a separate ASP.NET Core service
Shared contracts via NuGet package or shared project
Database migration: splitting data between services
Maintaining backwards compatibility during extraction

Video 13.3: API Gateway & Routing (25 min)

API Gateway pattern (YARP, Ocelot, or Nginx-based)
Request routing to appropriate service
Authentication at the gateway level
Rate limiting and throttling
Health aggregation across services
Service discovery basics (configuration-based)

Week 14: Service Communication + Data Ownership (3 videos, ~90 min)

Video 14.1: Service Communication in Practice (30 min)

HttpClient and typed clients in .NET
Refit for typed HTTP APIs
gRPC for internal service communication
Retry policies with Polly (exponential backoff)
Circuit breaker pattern
Timeout handling

Video 14.2: Data Ownership & Eventual Consistency (35 min)

Each service owns its data (no shared databases)
Eventual consistency: same concept from Modular Monolith (Week 12), now across network boundaries
How message queues (from Week 12) evolve into inter-service messaging
Comparing in-process eventual consistency vs distributed eventual consistency
Saga pattern awareness (orchestration vs choreography)
Data duplication and synchronization strategies
Handling distributed transactions (or avoiding them)
Idempotency in service communication

Video 14.3: Resilience & Graceful Degradation (25 min)

What happens when a service is down
Fallback strategies (cached data, default responses, feature flags)
Bulkhead pattern
Health checks and liveness/readiness probes
Centralized logging with Serilog + seq/ELK
Distributed tracing awareness (OpenTelemetry)

Week 15: Architecture Review + Comparison (3 videos, ~90 min)

Video 15.1: Multi-Service Docker Compose (30 min)

Docker compose for multiple ASP.NET Core services
Service networking and DNS resolution
Database containers per service
Environment configuration per service
Docker compose profiles for different deployment scenarios
Production considerations (orchestrators, Kubernetes awareness)

Video 15.2: Testing Distributed Systems (35 min)

Contract testing between services
Integration testing with test containers
Testing resilience (simulating service failures)
Load testing basics
Monitoring and observability in production
Testing strategies comparison across architectures

Video 15.3: Architecture Review & Comparison (25 min)

Comparing all architectural approaches side by side:
- N-Tier: simple, fast to build, tight coupling
- Clean Architecture: testable, flexible, more ceremony
- Modular Monolith: team-scalable, bounded complexity, single deployment
- Microservices: independently deployable, complex operations
Decision framework: when to use which
Real-world evolution stories
Course retrospective: what patterns will serve you in the industry

Assignments (A1–A5) and grading

The course is assessed through five practical assignments (A1–A5). Each assignment is graded on a 0–100 scale and later recalculated into course points according to the defense weighting. Minimum 50 points are required to pass each assignment. Grading is done by the TA and/or teacher; in case of dispute, the teacher’s decision is final.
Testing is cross-cutting: testing is introduced in A1 and must be maintained and extended in all subsequent assignments (unit/integration/E2E as appropriate). There is no separate testing assignment.

Detailed technical requirements, checklists and rubrics are published in the course home page for each assignment.

A1 – N-Tier MVC application (Weeks 1–3)

Goal: Build a server-rendered ASP.NET Core MVC web application with proper N-tier architecture, Identity authentication, internationalization, lightweight frontend interactivity, and test coverage from the start.

Scope note: The project/topic is assigned by the teacher at the start of the course.

Evidence (submission): repository + README, database schema diagram, test evidence, and development progression in Git.

Expected submission time: end of Week 3.

A2 – Clean Architecture + REST API + client app (Weeks 4–8)

Goal: Build a new application from scratch using Clean/Onion Architecture with a REST API layer, JWT authentication, and a working client application. This is the student’s own project (separate from A1). A2–A5 are cumulative, i.e., later assignments build on this same project.

Prerequisite (pass/fail): a project proposal (PDF) must be submitted and approved before implementation begins.

Evidence (submission): source code, API documentation (Swagger), key diagrams (DB/architecture/auth flow) and short AI usage log.

Expected submission time: end of Week 8.

A3 – DevOps (Week 9)

Goal: Containerize, deploy, and establish CI/CD for the full-stack application. Testing is not graded as a separate component here, but the CI pipeline must run the existing tests.

Evidence (submission): docker setup, CI/CD configuration, working production URL, and deployment documentation.

Expected submission time: end of Week 9.

A4 – Modular monolith (Weeks 10–12)

Goal: Refactor the clean architecture application into a modular monolith with clear module boundaries and internal structure.

Evidence (submission): updated codebase plus architecture documentation (e.g., context map / module dependency diagram) and boundary rationale.

Expected submission time: end of Week 12.

A5 – Simple microservices (Weeks 13–15)

Goal: Extract one module from the modular monolith into a separate microservice and demonstrate service decomposition patterns.

Evidence (submission): multi-service runnable setup (e.g., docker-compose), updated architecture diagram, and reflection on trade-offs.

Expected submission time: end of Week 15.

Learning Outcomes ↔ Assessment Mapping

Learning Outcome (from ÕIS)	Where Taught	Where Assessed	Evidence
LO1: Uses JSON markup language for storing complex structured data and presenting data in a structured form	Week 5 (DTOs/mappers), Week 7 (REST API + JSON)	A2: REST API (JSON request/response), A1-A5: API testing with JSON payloads	Working API endpoints returning/accepting JSON; Swagger documentation; test assertions on JSON responses
LO2: Creates simple client applications for common web services with the help of publicly available instructions	Week 8 (Client app integration)	A2: Client app consuming REST API; A5: inter-service HTTP communication	Deployed client app performing CRUD via API; inter-service HTTP calls in A5
LO3: Creates simple web services using .NET Framework technologies and tools	Weeks 1-3 (MVC), Weeks 4-8 (REST API), Weeks 10-12 (Modular API), Weeks 13-15 (Microservice API)	A1: MVC web app; A2: REST API; A4: modular API endpoints; A5: microservice API	Running web services at each architectural stage; Swagger docs; deployment on VPS
LO4: Under normal circumstances uses technologies and tools used to secure web services	Week 2 (Identity), Week 7 (JWT), Week 9 (SSL/deployment)	A1: Identity auth + role-based access; A2: JWT + refresh tokens; A3: SSL + secure deployment	Login/registration flows; JWT token lifecycle; HTTPS deployment; authorization tests
LO5: Describes and uses the areas of use of web applications and their architectures	Weeks 1-15 (progressive architecture)	A1-A5: progressive architecture implementation; D1/D2/D3: defense questioning on trade-offs	Architecture diagrams; defense explanations of N-Tier vs Clean vs Modular vs Microservices; documented trade-offs

Note on "simple" in LO2/LO3: The ÕIS learning outcomes use the word "simple" to define the minimum competency threshold. This course deliberately exceeds that threshold — students build progressively complex systems to deeply understand the architectural patterns. The "simple" baseline is achieved by A1-A2; subsequent assignments develop mastery beyond the minimum.

Student Quick Start​

Goals (from ÕIS)​

Learning Outcomes (from ÕIS)​

General competencies course develops (not graded)​

Communication 2025/2026 spring​

Pre-Requirements​

Literature​

Workload Distribution​

Course Structure Overview​

Core Theme: Architecture Progression​

Core Curriculum (Weeks 1-9)​

Advanced Architecture (Weeks 10-15)​

Grading Overview​

Defense Points (100 total + 20 bonus)​

Grade Scale​

Learning Outcomes ↔ Assessment Alignment​

Reduced Curriculum (If Modular Monolith/Microservices Dropped)​

Defense Logistics​

Students with special needs​

AI Usage Policy​

Academic Integrity​

Planned Lectures Content (Prerecorded Videos)​

Week 1: C# Refresher + ASP.NET Core MVC + EF Core + AI Dev Tools (4 videos, ~120 min total)​

Week 2: Identity + i18n + htmx + Alpine.js + N-Tier Patterns (4 videos, ~160 min)​

Week 3: Testing (Unit + Integration + E2E + Mocking) (4 videos, ~120 min)​

Week 4: Clean Architecture Principles + Domain Layer (3 videos, ~90 min)​

Week 5: Application Layer + CQRS-lite + MediatR + Mappers (3 videos, ~90 min)​

Week 6: Infrastructure Layer + Repository + Unit of Work (3 videos, ~90 min)​

Week 7: REST API + JWT Authentication + Swagger (3 videos, ~90 min)​

Week 8: Client App Integration + Business Rules + Validation (3 videos, ~90 min)​

Week 9: Docker + CI/CD + VPS Deployment (4 videos, ~120 min)​

Advanced Architecture​

Week 10: Modular Monolith Fundamentals + DDD Basics (3 videos, ~90 min)​

Week 11: Module Structure in .NET + Bounded Contexts (3 videos, ~90 min)​

Week 12: Inter-Module Communication + Message Queues + Integration Patterns (3 videos, ~90 min)​

Week 13: Microservice Patterns + Service Extraction (3 videos, ~90 min)​

Week 14: Service Communication + Data Ownership (3 videos, ~90 min)​

Week 15: Architecture Review + Comparison (3 videos, ~90 min)​

Assignments (A1–A5) and grading​

A1 – N-Tier MVC application (Weeks 1–3)​

A2 – Clean Architecture + REST API + client app (Weeks 4–8)​

A3 – DevOps (Week 9)​

A4 – Modular monolith (Weeks 10–12)​

A5 – Simple microservices (Weeks 13–15)​

Learning Outcomes ↔ Assessment Mapping​