This project is an ASP.NET Core Web API for managing students, courses, and instructors. It demonstrates database relationships, authentication using JWT, and clean architecture using DTOs and services.
- ASP.NET Core Web API
- Entity Framework Core
- SQL Server
- JWT Authentication
- LINQ
-
CRUD operations for Students
-
DTOs for request and response handling
-
Service layer for business logic
-
Entity relationships:
- One-to-One (Instructor ↔ Profile)
- One-to-Many (Instructor → Courses)
- Many-to-Many (Student ↔ Course via Enrollment)
-
JWT Authentication & Authorization
-
Protected endpoints using
[Authorize] -
Optimized queries using LINQ and
AsNoTracking()
The database includes the following tables:
- Students
- Courses
- Instructors
- InstructorProfiles
- Enrollments (Junction table)
- Users
The Enrollment table is used to implement a Many-to-Many relationship between Students and Courses.
The API uses JWT (JSON Web Token) for authentication.
POST /api/auth/login
{
"username": "admin",
"password": "1234"
}
{
"token": "token"
}
To access protected endpoints, include the token in the header:
Authorization: Bearer TOKEN
GET /api/students→ Get all studentsPOST /api/students→ Create new studentPUT /api/students/{id}→ Update studentDELETE /api/students/{id}→ Delete student
-
Open the project in VS Code
-
Run the following command:
dotnet run -
The API will run on:
http://localhost:5109 -
Use Postman to test endpoints
The API was tested using Postman:
- Login to get JWT token
- Access protected endpoints using Authorization header
- Verified unauthorized access returns 401
HTTP-only cookies are used in real-world applications because:
- They prevent JavaScript access (protect against XSS attacks)
- They improve security of authentication tokens
- They reduce the risk of token theft
Amany sameeh