ASP.Net Core Web API tutorial: Building a secure book review RESTful API with ASP.Net Core 6 and JWT Part 1


ASP.Net Web API allows us to build a RESTful API. It uses HTTP protocol to communicate between clients and servers to serve data. In this tutorial series, I will be building a secure book review RESTful Api using ASP.Net Web API and JWT Authentication and Authorization.

What will be covered

  • How to create a RESTful API from scratch using .NET Core 6.0, EFCore, and JWT.
  • RESTful API security best practices and lots more.

Development tools

New Project and Configuration

In this section, we'll learn how to create a new blank solution and then add Web Api project and configuration. We will also learn how to register services the best and cleaner way.

Creating a new project

Open visual studio and create a new blank solution named BookReview:


Add projects to our blank solution

After creating the blank solution, the next thing is to add all the projects needed to build our API. The new blank solution structure should look like so:


The first project template will be an ASP.Net Core Web API template. Right click on the solution and choose add new project, in the add a new project dialog choose ASP.Net Core Web API, click on next:


Let's name the project BookReview.WebAPI. In the Addtional information dialog choose .Net 6.0 (Long-term support) framework,check Use controllers option and Enable OpenAPI support then click on the create button.

Add other projects

This API will be N-Tier architecture, hence will need to add five (5) more projects. The project template will be class library. After adding them our solution structure should like so:


Database Entities

In this section, we are going to create our API database model and also generate database tables using ef migration. We are going to learn how to create entities (POCO classes), and how to also work with the DbContext class.

Creating Entities

Within the BookReview.Entities project, create a class named Book and modify it to look like so:

The book class contains the properties, these properties will be mapped to columns in our database by Entity Framework Core. Our API will have four tables, of course, we may have to add more tables when we are implementing JTW token later on. Let's create the other three classes like so:

The Context Class

The DbContext class is an integral part of Entity Framework. An instance of DbContext represents a session with the database which can be used to query and save instances of your entities to a database. DbContext is a combination of the Unit Of Work and Repository patterns.

The EF Core DbContext class allows us to perform the following:

  • Manage database connection
  • Configure model & relationship
  • Querying database
  • Saving data to the database
  • Configure change tracking
  • Caching
  • Transaction management

Within the BookReview.DataAccess project, install EntityFramework Core and Microsoft.EntityFrameworkCore.SqlServer, add project reference to BookReview.Entities. The create a class name BookContext, the class will derive from DbContext and will contain DbSet<TEntity> properties for each entities in our model (POCO classes). We will also do our table configurations by overriding the OnConfiguring(DbContextOptionsBuilder) method. The Context class should look like so:

Create Database Connection and Register Database Context

To use the Db Context  service in ASP.NET Core it must be regostered with the dependency injection (DI) container. This provides the service to controllers.

The Connection String

Withing BookReview.WebAPI, open the appsettings.json file and add the connection string key name BookConnection:

Next, we want to register the BookContext class in the application's dependency injection container. Add the project reference to BookReview.DataAccess to the BookReview.WebAPI. Open the Program.cs file  and modify it like so:


As you can see, we have used the GetConnectionstring method to access the connection string from the appsettings.json. The UseSqlServer method require that Microsoft.EntityFrameworkCore.SqlServer packable in addition to EntityFrameworkCore.

Database Migration

Migration allows us to create, and also update the database from our applications. It is a way to keep the database schema in sync with the EF Core model.

Adding a Migration
Up till now, there is no database for our application that can store data from our enities classes. Hence, we need to create a migration to do that.

Open the Package Manager Console from the menu Tools -> Nuget Package Manager -> Package Manager Console in Visual Studio and run the following command to add migration. Before we execute the command, we have to install an ef core library: Microsoft.EntityFrameworkCore.Tools in the BookReview.DataAccess and install Microsoft.EntityFrameworkCore.Design in the BookReview.WebAPI and execute:


At this point you should see Migrations folder within the Bookreview.DataAccess project.


For EF Core to create our database we need to run another command: 


The Update command will create the database based on our context and the domain classes.

In this first part of the series, we have:

  • Create and Configure the API project
  • Added Entities and Create DBContext Class
  • Inject Context Service to DI
  • Ran EF Core Migration

In the next part we will continue with the development of our Book Review API.