/AuthApi

An example of a full-stack application for Authentication and Authorization, build with ASP.NET Core 8.0 (Minimal API) and Angular 18.

Primary LanguageC#MIT LicenseMIT

Clean Architecture AuthApi

The REST API demonstrates Authentication and Authorization with JWT token. It also shows how to use different Authorization policies in minimal API endpoints and how to add custom claims using middleware, all implemented using Clean Architecture and various design patterns.

Example API allows to:

  • register user
  • login user
  • change user role
  • get user and service info

Endpoints use different types of authorization policies.

Menu

Get Started

Simply Run Auth.API and try it.

Test Using SwaggerUI

SwaggerUI

Test Using .http file (VS2022)

  • Go to Tests/HttpDebugTests folder and open debug-tests.http file (in VS2022
  • Send Login request
  • Obtain jwtToken from response and use it in another requests in Authorization header

Motivation

Main motivation is to write practical example of Authorization and Authentication with minimal API and Clean Architecture.

Architecture

The project follows Clean Architecture, but the application layer is split into Core and Domain projects. The Core project holds the business rules, while the Domain project contains the business entities..

As Minimal API allows for injecting handlers into endpoint map methods, I decided not to use MediatR. Nonetheless, every endpoint still has its own request and handler.The solution folows the CQRS pattern, , meaning that handlers are separated into commands and queries; command handlers handle command requests, and query handlers handle query requests. Additionally, repositories, following the (Repository pattern), are also separated into commands and queries..

Instead of throwing exceptions, the project uses the Result pattern (using FluentResuls package). For returning precise HTTP responses, every handler returns data wrapped in an HttpDataResponse object, which also contains a collection of error messages and the HTTP response code.

Clean Architecture Layers

Solution contains four layers:

  • Auth.Api - entry point of the application, top layer
    • Endpoints
    • Middlewares (or Filters)
    • API Configuration
  • Auth.Infrastructure - layer for communication with external resources like database, cache, web service..
    • Repositories Implementation - access to database
    • External Services Proxies - proxy classes implementation - to obtain data from external web services
    • Infastructure Specific Services - services which are needed to interact with external libraries and frameworks
  • Auth.Core - business logic of the application
    • Request Handlers/Managers/.. - business implementation
    • Abstractions - besides abstractions for business logic are there abstractions for Infrastructure layer (Service, Repository, ..) to be able use them in this (core) layer
  • Auth.Domain - all what should be shared across all projects
    • DTOs
    • General Extensions

Horizontal Diagram (references)

Project Clean Architecture Diagram

Technologies