A feature-rich, secure RESTful API built with ASP.NET Core that provides the backend functionality for a modern e-commerce platform.
This project demonstrates a professional, enterprise-grade application structure. It includes a complete user authentication and authorization system using JWTs, role-based security for administrative tasks, and product catalog management.
- Secure Authentication: Full user registration and login system built with ASP.NET Core Identity.
- JWT-Based Security: Uses JSON Web Tokens (JWTs) for authenticating API requests, ensuring stateless and secure communication.
- Role-Based Authorization: Implements a robust role system ("Admin", "Customer") to protect sensitive endpoints.
- Automated Admin Creation: The first user who registers is automatically assigned the "Admin" role, simplifying setup.
- Product Catalog Management: Full CRUD (Create, Read, Update, Delete) functionality for products, with administrative actions protected.
- Clean Architecture: Follows professional best practices by separating concerns, with logic moved into dedicated services and configuration extensions.
- Swagger Documentation: Includes a complete and interactive Swagger UI for easy exploration and testing of all API endpoints.
- Backend: C#, ASP.NET Core 8
- Database: Entity Framework Core with Azure SQL
- Security: ASP.NET Core Identity, JWT (JSON Web Tokens)
- API Documentation: Swashbuckle (Swagger)
- .NET 8 SDK
- An SQL Server instance (local, Docker, or a cloud provider like Azure).
- A code editor like Visual Studio or VS Code.
-
Clone the repository:
git clone [Your GitHub Repository URL]
-
Navigate to the project directory:
cd ECommerceAPI -
Configure your connection string:
- Open
appsettings.json. - Find the
ConnectionStringssection and replace the value ofDefaultConnectionwith the connection string for your own SQL Server instance.
- Open
-
Restore dependencies:
dotnet restore
-
Run the database migrations: This command will connect to your database and create all the necessary tables for Identity and Products.
dotnet ef database update
-
Run the application:
dotnet run
The API will be available at
https://localhost:7123(or a similar port). You can access the interactive Swagger documentation by navigating tohttps://localhost:7123/swagger.
- Register Your First User: Make a
POSTrequest to/api/user/register. This first user will automatically be granted the "Admin" role. - Log In: Make a
POSTrequest to/api/user/loginwith your new user's credentials to receive a JWT. - Use the Token: Copy the received JWT. In Swagger, click the "Authorize" button and paste the token in the format
Bearer [your_token]. For other tools like Postman, add anAuthorizationheader with the same value. - Access Protected Endpoints: You can now make requests to endpoints that require authentication, such as creating a product.
-
POST /api/user/register- Description: Registers a new user. The first user registered is automatically made an Admin. All subsequent users are assigned the "Customer" role.
- Request Body:
{"userName": "michael", "email": "michael@example.com", "password": "Password123!"}
-
POST /api/user/login- Description: Authenticates a user and returns a JWT.
- Request Body:
{"userName": "michael", "password": "Password123!"}
-
GET /api/products- Description: Retrieves a list of all products.
- Auth: None required.
-
GET /api/products/{id}- Description: Retrieves a single product by its ID.
- Auth: None required.
-
POST /api/products- Description: Creates a new product.
- Auth: Admin role required.
- Request Body:
{"name": "Laptop", "description": "A powerful laptop", "price": 1200.00, "stockQuantity": 50}
-
PUT /api/products/{id}- Description: Updates an existing product.
- Auth: Admin role required.
-
DELETE /api/products/{id}- Description: Deletes a product.
- Auth: Admin role required.