Single Responsibility Principle

In the early days of .NET, most projects had a handful of massive classes that did everything. A typical UserManager would handle authentication, profile updates, email notifications, and audit logging — all in one file. Why? Because splitting it up was painful. Without a DI framework, you had to manually create and pass dependencies everywhere.

If you extracted an EmailService from UserManager, you had to find every place that created a UserManager and also create an EmailService to pass in. In a large codebase, that could mean touching 50 files just to do the right thing. So people didn't.

LINQ changed how developers thought about code. Suddenly you could write expressive, composable queries — and that mindset started leaking into architecture. People began extracting "services" from God classes. An EmailService here, a UserRepository there. The pattern was emerging.

But without built-in DI, wiring these services together was still manual. Developers used "poor man's DI" — constructors with default parameters — or third-party containers like Autofac or Ninject. It worked, but it was boilerplate-heavy.

This was the game changer. ASP.NET Core shipped with a built-in dependency injection container. For the first time in .NET history, splitting a class into focused services was easy. You register each service in Program.cs, and the framework wires them together automatically. No manual instantiation. No third-party libraries required.

This single change made SRP practical for everyday developers — not just architecture astronauts. Extracting a responsibility became a 3-step process: create an interface, create a class, register it in DI. Done.

Minimal APIs stripped away even more ceremony. File-scoped namespaces removed a level of nesting. Records made DTOs trivial. Top-level statements meant a small service could be just a handful of lines. The result? Creating focused, single-responsibility classes became so lightweight that there was zero excuse not to.

Primary constructors arrived in .NET 8 for regular classes — not just records. This means your DI dependencies are declared right in the class declaration. Less boilerplate means even less friction for SRP. And keyed services let you register multiple implementations of the same interface, making it easy to have focused services for different contexts.

Before .NET Core, developers would new up loggers inside their classes — creating file writers, formatting messages, managing log levels. That's a logging responsibility mixed into business logic. The ILogger<T> abstraction flips this: your class says "I need to log things," and the DI container gives it a properly configured logger. Your class never decides where logs go (console? file? Seq?) or how they're formatted.

Reading config files, parsing JSON, handling environment variable overrides — that's a whole responsibility on its own. The IOptions<T> pattern separates it cleanly: you define a POCO (plain old C# object) that describes what settings you need, bind it in Program.cs, and your service receives strongly-typed, validated configuration. No File.ReadAllText. No JsonSerializer.Deserialize. No config parsing at all.

Making HTTP calls sounds simple, but managing connection pooling, DNS rotation, timeout policies, and retry logic is a whole subsystem. If your service creates new HttpClient() instances directly, it's taking on that responsibility. IHttpClientFactory extracts it: the factory manages the handler pool, rotates DNS entries, and applies Polly retry policies — your service just makes the call.

MediatR is a popular third-party library (but so widely used it's practically part of the ecosystem). It separates "what to do" from "who does it." Instead of a controller calling services directly, it sends a command or query object to a mediator, which routes it to the right handler. Each handler has exactly one job — handle that one command. This is SRP taken to its logical endpoint: one class, one operation.

OCP says "open for extension, closed for modification." If a class has three responsibilities, extending one of them risks modifying the others — which violates OCP. But if each responsibility lives in its own class, you can extend one without touching the rest. SRP makes OCP natural.

Example: A ReportService that handles data fetching, formatting, AND export. To add PDF export, you'd modify the class (violating OCP). But if export is extracted into an IReportExporter, you just add a new PdfExporter implementation — the existing code stays untouched.

LSP says "subtypes must be substitutable for their base types without breaking anything." When a class has one responsibility, its contract is narrow and clear — making correct substitution easier. When a class has five responsibilities, any subclass has to honor all five contracts, which makes LSP violations almost inevitable.

Example: A FileStorage class that handles both reading and writing. A ReadOnlyFileStorage subclass can't properly implement the write methods — it throws NotSupportedException, violating LSP. If reading and writing were separate interfaces from the start (SRP + ISP), this problem never arises.

SRP and ISP are two sides of the same coin. SRP splits classes so each has one responsibility. ISP splits interfaces so each has one role. When you practice SRP, your classes naturally implement small, focused interfaces — because a class with one responsibility only needs methods for that one responsibility.

Example: An IUserService interface with Authenticate, UpdateProfile, SendNotification, and GenerateReport. If you apply SRP to split the class, the interface splits too: IAuthService, IProfileService, INotificationService, IReportService. SRP on classes naturally leads to ISP on interfaces.

DIP says "depend on abstractions, not concretions." But here's the practical question: how do all those extracted, focused classes wire together? The answer is DI — dependency injection. DIP provides the mechanism that makes SRP practical. Without DI, splitting a God class into 5 focused classes creates a nightmare of manual instantiation. With DI, you register each class with the container and it wires them automatically.

Example: After applying SRP, UserService depends on IAuthService, IEmailService, and IAuditLogger. DIP means those dependencies are interfaces, not concrete classes. The DI container resolves them at runtime. DIP is the glue that holds SRP's extracted pieces together.

What Went Wrong: The UserService class handled both authentication (login, password hashing, session creation) and monthly reporting (user activity stats, growth metrics). Both features queried the Users table, but for completely different reasons. When the reporting developer added a WHERE IsActive = 1 filter to speed up the monthly report, they didn't realize the same GetUser private method was also used by the authentication flow. Inactive users could no longer log in to reactivate their accounts.

What Went Wrong: The NotificationService handled both email template rendering and notification delivery logic. Marketing was updating the welcome email copy. The backend team was adding retry logic to the SMTP sender. Both PRs modified the same file. The merge conflict fell on a Friday afternoon, and the resolver picked the wrong block — template rendering code got mixed with retry logic, causing the GetTemplate() method to return the wrong template for welcome emails.

What Went Wrong: An ApiController with 15 endpoints spanning three domains (users, orders, payments). The security team added a custom [Authorize] attribute to payment endpoints and, in the process, restructured the controller's class-level attributes. The CORS policy that the mobile app depended on was on a class-level attribute — removing it broke all user endpoints for the mobile app, even though the security team only intended to change payments.

What Went Wrong: A 3,000-line Helper.cs file with 60+ static methods used across the entire application. The reporting team needed dates formatted as "MMM yyyy" (for monthly headers). The developer changed FormatDate() from "yyyy-MM-dd" to "MMM yyyy." But the billing team used FormatDate() for invoice dates — which now showed "Apr 2026" instead of "2026-04-04." Invoices looked wrong, and downstream accounting systems rejected them.

What Went Wrong: An OrderProcessor class had two responsibilities: processing orders AND logging to a file. It created a StreamWriter in its constructor to append to a log file. The class was registered as Transient in DI (a new instance per request). Under load, hundreds of instances were created per minute, each holding an open file handle. The file handles were never closed because the class didn't implement IDisposable — it didn't know it needed to because logging wasn't supposed to be its job.

What Went Wrong: The ProductService handled data access (CRUD operations on products) AND caching (serialization, cache key management, TTL configuration). When the developer added DiscountPercent to the Product entity and updated the database query, they forgot that the caching logic in the same class was serializing products to JSON with a fixed schema. The new field wasn't included in the cache serialization. Products fetched from cache showed the old price (no discount), while products fetched from the database showed the correct discounted price.

When a class has one responsibility, its tests are straightforward. You mock only its direct dependencies — typically one or two. Each test method covers one behavior. The test file is short, readable, and fast.

Contrast this with a God class: to test the login method, you also need to set up mocks for email, reporting, caching, and other unrelated dependencies. Half your test setup is irrelevant noise. When a test fails, you can't immediately tell whether it's a real bug or a mock configuration issue.

SRP classes work together — and you need to verify that collaboration. Integration tests check that OrderService correctly calls PaymentService and InventoryService without getting tangled in implementation details.

The beauty of testing SRP classes is that each class is independently verified in unit tests. Integration tests only need to check the interactions — "did OrderService call PaymentService.Charge with the right amount?" — not the internal logic of each class.

Your tests themselves can reveal SRP violations. Here are four heuristics that reliably indicate a class is doing too much:

1. Mock count > 3: If your test constructor needs more than 3 mocks, the class has too many dependencies, which almost always means too many responsibilities.
2. Test file longer than implementation: When your test file is 500 lines but the class is 200 lines, you're spending most of the test on setup for unrelated responsibilities.
3. Unrelated test groups: If your test class has sections like "Login Tests," "Email Tests," "Report Tests" — those are three different responsibilities living in one class.
4. "Fragile test" syndrome: If changing how email is sent causes login tests to fail, those two concerns are coupled in the implementation.

When you need to split a God class, the safest approach is: write tests first, then extract. The existing tests verify current behavior. After you extract into focused classes, the same tests confirm nothing broke. Only then do you rewrite the tests to match the new structure.

1. Step 1 — Characterization tests: Write tests that capture the current behavior of the God class, even if the code is messy. These are your safety net.
2. Step 2 — Extract one responsibility: Move one actor's methods into a new class. The old class delegates to the new one. Run the characterization tests — everything should still pass.
3. Step 3 — Write focused tests: Now write proper unit tests for the extracted class with minimal mocks. Keep the old characterization tests until all responsibilities are extracted.
4. Step 4 — Repeat: Extract the next responsibility. Run all tests. Continue until the God class is either empty (delete it) or reduced to a thin orchestrator.

The fear sounds reasonable: more classes means more object allocations, more virtual dispatch, more DI resolution. But modern .NET is astonishingly good at handling this.

Let's look at the actual costs:

• Object creation: Allocating a small object in .NET takes about 20 nanoseconds. That's 0.00002 milliseconds. Creating 50 SRP classes for a request adds ~1 microsecond of overhead — invisible compared to any database call (1-10ms) or HTTP request (50-200ms).
• Method calls: The JIT compilerJust-In-Time compiler: .NET compiles your C# code to optimized machine code at runtime. It can inline small methods (remove the call overhead entirely), devirtualize known types, and optimize hot paths — all automatically. inlines small methods automatically. If your extracted method is under ~32 bytes of IL code, the JIT eliminates the call overhead entirely. Your SRP extraction literally costs zero at runtime.
• DI resolution: The built-in .NET DI container caches singleton and scoped resolutions. The first resolution has a small cost (~0.001ms). Subsequent resolutions return the cached instance — basically a dictionary lookup.

Ironically, SRP violations are worse for performance than SRP compliance. Here's why:

• God classes load unnecessary dependencies: A UserService that handles auth, email, and reporting injects an SMTP client, a report generator, and a queue service — even when you only need to check a password. Those objects take memory and may trigger their own initialization (connection pools, configuration parsing).
• You can't optimize what you can't isolate: If email sending is slow, you can't cache just the email part of a God class. You'd need to refactor it first (into SRP classes!) before you can add targeted caching. SRP makes optimization possible.
• God classes can't be individually scaled: In a microservice or modular monolith architecture, SRP classes can be deployed independently. A reporting service that runs heavy queries can get its own resources. A God class forces you to scale everything together.

Here's a real benchmark comparing direct instantiation vs DI-resolved objects in .NET 8:

"SRP says a class should have only one reason to change — meaning only one actor or stakeholder should be able to demand changes to that class. It's about isolating change, not about limiting method count."

"If a UserService handles authentication, email notifications, and usage reporting, three different teams can force changes to the same file. The auth team changes password hashing, the marketing team changes email templates, the analytics team changes reporting queries — all in one class. That causes merge conflicts, accidental side effects, and painful testing. SRP says extract into AuthService, EmailService, ReportService — each owned by one team, wired together via dependency injection."

Interviewers love to push back after your SRP answer. Here are the three most common follow-ups and how to handle them:

• "Doesn't SRP create too many classes?" — "More files, but each is smaller and independently testable. IDE navigation makes file count irrelevant. I'd rather have 20 files I understand than 1 file nobody dares touch."
• "How do you know when to split?" — "I use the actor test: if I changed this class, who would I need to notify? If it's two different teams, it's time to split. I also watch mock count in tests — more than 3 mocks means the class is doing too much."
• "What's the relationship between SRP and DI?" — "DI is SRP's best friend. Without DI, splitting a class means manually wiring 5 constructors — painful. With .NET's DI container, you register each class and the container handles wiring. SRP becomes practically free."

The strong answer: SRP says a class should have one, and only one, reason to change. But "reason to change" doesn't mean "thing it does" — it means actor. An actor is a group of stakeholders who want the same kind of changes. Think of it like a restaurant: the head chef is responsible to the kitchen manager. If the head chef also did accounting, they'd be responsible to two actors — the kitchen manager AND the CFO. A change in tax law would force the chef to change, even though cooking hasn't changed.

A class can have many methods and still be SRP-compliant, as long as all those methods serve the same actor. A TaxCalculator with CalculateSalesTax(), CalculateVAT(), and CalculateGST() is fine — one actor (finance team), one reason to change (tax rules).

The strong answer: The classic .NET violation is a controller that does too much. Imagine an AdminController with 15 endpoints: user management, product CRUD, order processing, report generation, and system settings. Five different teams need to modify the same file. A change to product validation risks breaking the order endpoints because they share private helper methods.

The fix: split into UserAdminController, ProductController, OrderController, ReportController, and SettingsController. Each controller is thin — it delegates to a focused service. The product team can deploy changes without touching the order team's code.

Bonus point: Mention that MediatR takes this further — each endpoint becomes a separate handler class. One request, one handler, one file. Maximum SRP compliance.

Five reliable signs:

1. Multiple actors: Ask "who would request changes to this class?" If the answer includes two or more teams (e.g., product AND infrastructure), it's a violation.
2. Merge conflicts: Two developers on different features keep conflicting on the same file. That file serves multiple actors.
3. Large test setup: Your test constructor needs 5+ mocks. Each mock represents a dependency — too many dependencies means too many responsibilities.
4. Unrelated private methods: The class has helper methods that serve completely different public methods. A FormatCurrency() helper used only by GenerateReport() sitting next to a HashPassword() helper used only by Login() — those are two different concerns sharing a class.
5. "And" in the description: If you describe the class as "it handles authentication and email and reporting," each "and" is a candidate for extraction.

The strong answer: "One thing" is a Unix philosophy — each program should do one thing well. SRP is about actors, not actions. A PaymentProcessor that validates, charges, receipts, and logs is doing "four things" by the Unix definition. But if the payments team owns all four steps and they change together, it's one responsibility by SRP's definition.

The confusion comes from the word "single" — people hear "single" and think "one method" or "one action." Robert Martin specifically warned against this interpretation. The litmus test is: "How many different groups of people can force this class to change?" If the answer is one, it's SRP-compliant regardless of method count.

When "one thing" and SRP diverge: Consider a ReportGenerator that queries data, formats it, and exports to PDF. If the data team owns queries, the design team owns formatting, and the compliance team owns PDF export — that's three actors, three responsibilities. The "one thing" (generating a report) is actually three SRP responsibilities because three different groups request different kinds of changes.

The strong answer: Dependency Injection is the mechanism that makes SRP practical. Without DI, splitting a God class into five focused classes means the calling code must manually create and wire all five objects — tedious and error-prone. With DI, you register each class once in Program.cs, and the container handles all the wiring automatically.

In .NET, this looks like:

Without DI, this becomes painful constructor chains where each class manually creates its dependencies. DI removes the friction, so SRP becomes a "free" design decision — you pay zero wiring cost.

The strong answer: Absolutely. Over-applying SRP leads to what I call the "nano-class anti-pattern" — dozens of tiny classes with one method each, all serving the same actor. The codebase becomes a maze of indirection where understanding a feature requires opening 15 files. The symptoms: you can't understand what the system does without drawing a call graph, new developers take weeks to onboard, and every change touches 10 files.

The balance: SRP says "one actor," not "one method." If five methods serve the same stakeholder, they belong in one class. The sweet spot is classes of 50-300 lines with 3-7 public methods, each serving a clear actor. If you find yourself creating UserNameValidator, UserEmailValidator, and UserAgeValidator when one UserValidator would serve the same team — you've gone too far.

The strong answer: SRP is about implementation — the class itself should have one reason to change. ISP (Interface Segregation Principle) is about contracts — clients shouldn't be forced to depend on methods they don't use.

They often work together but address different problems. You can have an SRP-compliant class that violates ISP: a UserProfileService class with one actor (profile team) but a fat interface that forces the read-only dashboard to depend on write methods it never calls.

Conversely, you can have perfect ISP (small, focused interfaces) but violate SRP: the implementation class behind those interfaces still handles three actors' concerns. ISP splits the contract; SRP splits the implementation.

The step-by-step strategy:

1. Identify actors: Read every public method and ask "which team/stakeholder requests changes to this?" Group methods by actor. You'll typically find 2-4 groups.
2. Write characterization tests: Before touching the code, write tests that capture current behavior. These are your safety net — they'll catch regressions during the refactor.
3. Extract one group at a time: Start with the most independent group (fewest shared private methods). Create a new class, move the methods, update the God class to delegate. Run tests.
4. Extract shared state: If two groups share a private method, either duplicate it (if small) or extract it into a shared utility/value object that both new classes use.
5. Update DI registration: Register the new class in Program.cs. Update callers to inject the new class directly instead of going through the God class.
6. Repeat: Extract the next group. Run tests. Continue until the God class is either empty (delete it) or a thin orchestrator.

The strong answer: Yes, but with a different focus. For classes, SRP is about actors — who requests changes. For methods, SRP is more about cohesion — a method should do one logical operation at one level of abstraction.

A method like ProcessOrder() that validates input, charges payment, updates inventory, sends confirmation email, and logs the transaction is doing too much. Not because of SRP's "actor" definition, but because it's mixing abstraction levels — high-level orchestration with low-level SMTP calls. The fix: extract each step into its own method, and have ProcessOrder() read like a recipe: validate, charge, update, notify, log.

But don't confuse this with class-level SRP. A class with five well-named methods can be SRP-compliant even if each method is complex internally — as long as all five serve the same actor.

The strong answer: SRP and KISS (Keep It Simple, Stupid) seem to conflict — SRP pushes for more classes, KISS pushes for fewer moving parts. The resolution is timing.

Start simple (KISS wins): When building a new feature, keep it in one class. One file, one class, easy to understand. Don't pre-split based on speculation about future actors.

Split when evidence arrives (SRP wins): When you see the pain — merge conflicts, unrelated changes in the same file, tests needing 5+ mocks — that's your signal. Now splitting actually reduces complexity because the existing structure is actively causing problems.

The framework: KISS governs your starting point. SRP governs your refactoring trigger. Together they prevent both over-engineering (premature SRP) and under-engineering (ignoring growing complexity). The best codebases are ones that were simple at first and evolved their structure in response to real pressures, not imagined ones.

Don't guess. Use git history to find the file that changes most often — that's your biggest SRP violator. Multiple teams changing one file = multiple actors.

Before you move a single line of code, write tests that capture the current behavior. These aren't ideal tests — they're your safety net. They should fail if you accidentally change behavior during refactoring.

Pick the easiest responsibility to extract — usually the one that touches the fewest fields. Create the new class, move the methods, update callers. Run characterization tests after each extraction to make sure nothing broke.

Register each newly extracted service in the DI container. Update the God class to receive extracted services via constructor injection. Repeat Steps 3-4 until the God class is just a thin orchestrator.