A common but dangerous anti-pattern in production systems is health checks that only verify the web server process is running, not whether the application can actually serve requests. This leads to load balancers routing traffic to dead instances while dashboards show green. The post covers implementing proper ASP.NET Core health checks with separate liveness and readiness endpoints, dependency-specific checks (SQL Server, Redis, Azure Service Bus, Application Insights), startup validation to block misconfigured deployments, secure endpoints that avoid information disclosure, Azure Monitor integration for alerting, and GitHub Actions deployment gates with automatic rollback. The approach is framed as an ISO 27001 security control, not just an operational nicety.
Table of contents
Why availability is a security controlThe fatal pattern: “Is the website responding?”The correct implementation: Comprehensive health checksIntegration with Azure Monitor and alertingGitHub Actions deployment gatesWhat I’ve learnedSort: