cd ..

dotnetwebapi

ASP.NET Core Web API implementing Clean Architecture, JWT authentication, and order ownership

dotnet aspnet-core entity-framework-core sql-server jwt signalr

# context

DotnetWebAPI is a backend training project built with ASP.NET Core Web API to demonstrate Clean Architecture, JWT-based authentication, and role-aware order ownership.

The system simulates a real-world ordering backend with multiple concerns: authentication, authorization, data ownership, notifications, and reporting.

# problem_space

Typical backend systems often suffer from:

  • Controllers that mix HTTP handling and business logic
  • Weak separation between domain rules and infrastructure
  • Authorization checks scattered across controllers
  • Entities exposed directly to API consumers

This project was designed to explicitly avoid those pitfalls.

# design_goals

  • Enforce Clean Architecture boundaries
  • Keep controllers thin and declarative
  • Centralize business logic in application services
  • Apply role-based authorization consistently
  • Enforce order ownership at the service level
  • Integrate infrastructure concerns without leaking abstractions

# system_architecture

  
    DotnetWebAPI
   ├─ Domain
   │  ├─ User
   │  ├─ Order
   │  ├─ OrderItem
   │  └─ OrderStatus
   ├─ Application
   │  ├─ AuthService
   │  ├─ OrderService
   │  ├─ EmailService
   │  ├─ OrderExportService
   │  └─ Contracts (Interfaces)
   ├─ Persistence
   │  ├─ AppDbContext (EF Core)
   │  ├─ SQL Server
   │  └─ Migrations
   └─ Presentation
      ├─ Controllers (HTTP only)
      ├─ SignalR Hub
      └─ DTOs

# clean_architecture_principles

The project follows standard Clean Architecture principles:

  • Controllers only handle HTTP concerns
  • Application layer contains all business rules
  • Domain entities are persistence-agnostic
  • Infrastructure (DB, email, SignalR) is isolated
  • Dependencies point inward, never outward

# authentication_and_authorization

Authentication is implemented using JWT.

  • Users register and log in via dedicated endpoints
  • JWT token is issued on successful login
  • Authorization is enforced via roles:
    • ADMIN: full access
    • USER: access limited to owned orders

Token usage:

http 
Authorization: Bearer <JWT_TOKEN>

# order_ownership

Order ownership is enforced at the service layer, not the controller.

  • ADMIN can access all orders
  • USER can only access orders they created
  • Ownership checks are part of business logic
  • Prevents accidental data leaks at the API level

# order_api

Create order:

http 
POST /api/orders
json 
{
  "customerId": "GUID",
  "items": [
    {
      "productName": "Mouse",
      "quantity": 2,
      "price": 150000
    }
  ]
}

Retrieve orders:

  • ADMIN → all orders
  • USER → owned orders only
http 
GET /api/orders

# real_time_notifications

The system integrates SignalR for real-time updates.

  • Hub endpoint: /orderHub
  • Notifications are sent when order status changes
  • Supports non-.NET clients (e.g. Node.js)

This simulates event-driven backend behavior.

# email_and_export

Additional infrastructure features:

  • Email notification

    • SMTP-based
    • Configured via appsettings.json

  • Excel export

    • Export orders to .xlsx
    • Implemented using ClosedXML
    • Useful for reporting and admin workflows

# running_the_project

expand
bash 
dotnet restore
dotnet ef database update
dotnet run

Development mode:

bash 
dotnet watch run

Swagger UI:

http://localhost:5197/swagger

# project_status

This project is a training-focused backend system designed to demonstrate:

  • Clean Architecture in ASP.NET Core
  • JWT authentication & authorization
  • Ownership-aware business rules
  • EF Core with SQL Server
  • Real-time messaging with SignalR
  • Infrastructure integration without tight coupling

Source code is intended for learning and architectural review.