Skip to content
/ BooksApiWithAuth Public

An ASP.NET Core 3.1 Web API project that uses MongoDb and basic JWT authentication

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

itstudes/BooksApiWithAuth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
BooksApiWithAuth
BooksApiWithAuth
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

BooksApi with Auth

Summary

This project expands on the MongoDb API tutorial provided by Microsoft. The project adds user functionality through the data model ApiUser. It uses the ApiUser model to add JWT authentication. Roles are also specified on the ApiUser model, these are used with authorization to only make particular API routes accessible depending on the user's role. The entire project is supposed to be a simple take on authentication and authorization of ASP.NET Core Web APIs without having to use Azure Active Directory, Azure Active Directory B2C or IdentityServer4 (although those solutions are significantly more secure). Also no SQL database is used, only MongoDb.

Project Dependencies

  • ASP.NET Core 3.1
  • A local instance of MongoDb

Resources

Here is a collection of resources that were used in putting this together:

API Descriptions

1. UsersController

This controller contains all the routes for user related API queries. The definitions and routes are shown below.

Register [No Authorization Required]

// route: /api/users/register
[AllowAnonymous]
[HttpPost("register")]
public IActionResult Register([FromBody] NewApiUser newApiUser){..}

Authenticate [No Authorization Required]

// route: /api/users/authenticate
[AllowAnonymous]
[HttpPost("authenticate")]
public IActionResult Authenticate([FromBody] LoginModel newLogin){..}

Get [LibraryTeam Authorization Required]

// route: /api/users
[HttpGet]
[Authorize(Policy = "LibraryTeam")]
public IActionResult Get(string? id, string? username, string? email){..}

Search [LibraryTeam Authorization Required]

// route: /api/users/search
[HttpGet("search")]
[Authorize(Policy = "LibraryTeam")]
public IActionResult Search(string? firstName, string? lastName, int? role){..}

Delete [LibraryAdmin Authorization Required]

// route: /api/users
[HttpDelete]
[Authorize(Roles = "LibraryAdmin")]
public IActionResult Delete(string id){..}

2. BooksController

This controller contains all the routes for books related API queries. The definitions and routes are shown below.

GetAll [Basic Authorization Required]

// route: /api/books
[HttpGet]
public ActionResult<List<Book>> Get(){..}

Get [Basic Authorization Required]

// route: /api/books/{mongoDbId}
[HttpGet("{id:length(24)}", Name = "GetBook")]
public ActionResult<Book> Get(string id){..}

Create [LibraryTeam Authorization Required]

// route: /api/books
[HttpPost]
[Authorize(Policy = "LibraryTeam")]
public ActionResult<Book> Create(Book book){..}

Update [LibraryTeam Authorization Required]

// route: /api/books/{mongoDbId}
[HttpPut("{id:length(24)}")]
[Authorize(Policy = "LibraryTeam")]
public IActionResult Update(string id, Book bookIn){..}

Delete [LibraryAdmin Authorization Required]

// route: /api/books/{mongoDbId}
[HttpDelete("{id:length(24)}")]
[Authorize(Roles = "LibraryAdmin")]
public IActionResult Delete(string id){..}

About

An ASP.NET Core 3.1 Web API project that uses MongoDb and basic JWT authentication

Topics

c-sharp api mongodb authentication aspnetcore web-api authorization aspnet-core asp-net-core

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages