In this section, we will introduce the overall project setup and folder structure of an ASP.NET Core Web API application. You’ll learn how the files are organized, what each folder represents, and how all the components work together as we begin building our API step by step.

Connected Services is a Visual Studio feature that simplifies integrating external services into your ASP.NET Core Web API project. It provides a wizard-based interface that automatically generates the necessary connection code, saving you from writing boilerplate setup manually. In this lecture, we will introduce Connected Services, explain where it is used, and discuss when you would typically use it in real-world API development.

The Dependencies folder in an ASP.NET Core project contains three important sections: Analyzers, Frameworks, and Packages. In this lecture, we will explore each of these subfolders, explain what they represent, and understand how they support the functionality and development workflow of your Web API application.

In this lecture, we will explore the Properties folder, focusing on the launchSettings.json file and the JSON Schema Store. The launchSettings.json file is not unique to ASP.NET Core Web API—it is also used by many other frameworks and languages to control how an application runs during development. We will also introduce the JSON Schema Store at json.schemastore.org, which provides standardized JSON schemas used by tools like Visual Studio to validate and auto-complete configuration files.

In the Controllers folder, we currently have only the default controller created by the template. As we build more features, every new controller we add will also be placed in this folder. In this lecture, we will review the purpose of the Controllers folder and briefly introduce essential controller attributes used in ASP.NET Core Web API.

In this lecture, we introduce the appSettings.json file, which is the main configuration file in ASP.NET Core. It is used to store key-value settings for the application, such as connection strings, logging settings, and custom configuration values.

The ASPDotNETCoreAPI.http file is a placeholder added by default to help you send test HTTP requests directly from Visual Studio. In this lecture, we will introduce this file.

Program.cs is the entry point of the application. In this lecture, we will introduce this file, explain each section inside it, and discuss why each part is necessary for configuring and running an ASP.NET Core Web API.

In this lecture, we will review the existing default classes and models, including the WeatherForecast controller and the WeatherForecast model. We will also discuss the additional folders and structure we will introduce later as our project grows.

In this section, we begin working with Controllers and creating CRUD endpoints. The main purpose of building a controller is to define and expose API endpoints. Our goal is to create solid, secure, fast, and lightweight endpoints that follow RESTful best practices.

In this lecture, we will explore API Metadata and the default OpenAPI tool included with ASP.NET Core Web API. You’ll learn how OpenAPI automatically generates documentation for your endpoints and how it helps you understand the structure, requests, and responses of your API.

In this lecture, we will learn how to display specific endpoints in OpenAPI for the default controller. We will review the available endpoints, look at the request and response details, and examine the headers and results returned by these endpoints.

In this lecture, we introduce the Controller class, its base class, and the key attributes used in ASP.NET Core Web API.

In this lecture, we will explain how a Controller works in ASP.NET Core Web API. You’ll learn how it receives requests, processes them through its actions, interacts with models or services, and returns structured responses to the client.

In this lecture, we will explain how a controller handles routes and maps incoming HTTP requests to specific action methods. You’ll learn how routing works, how URLs are matched to endpoints, and how ASP.NET Core determines which controller action should process each request.

In this lecture, we explain why controllers are created by inheriting from either ControllerBase or the full Controller class. You’ll learn the difference between the two, what features each one provides, and why ASP.NET Core Web API projects typically inherit from ControllerBase for lightweight, API-focused functionality.

Controller - Model-DTO (Data Transfer Object) Separation.

HTTP Verbs and Attributes.

In this lecture, we explain what ControllerBase is. It provides the essential features required to build a RESTful Web API—such as routing, HTTP response handling, and model binding. We will cover how ControllerBase supports these core capabilities.

Reason for Inheriting Controller from ControllerBase.

Comparison Between ControllerBase and Controller Classes.

Contents of the ControllerBase Class.

Understanding the ControllerContext Class.

What is Model Binding in ASP.NET Core? & Examples.

Sources of Data for Model Binding.

[ApiController] Attribute - Enabling Web API Behavior.

[Route("[controller]")] Attribute – Defining Controller-Level Routing Pattern.

Learn how to assign a unique name to a Web API endpoint and use that name to generate URLs dynamically with Url.Link(). This lecture demonstrates how endpoint naming improves maintainability, simplifies link generation, and enhances your API’s usability.

When to Return IEnumerable<T> vs IActionResult (or ActionResult<T>).

In this lecture, we will use Entity Framework (EF) in a real-world ASP.NET Core Web API example. You’ll see how to define a model, connect to a database, and use EF to perform CRUD operations through your API endpoints. The goal is to understand how Entity Framework simplifies data access in practical, production-style Web API scenarios.

What is Entity Framework Core in ASP.NET Core Web API?

How Entity Framework Core Fits ASP.NET Core Web API.

Entity Framework - Basic Components.

Entity Framework Real-world Example Controller: Model, DbContext, DbSet<T> and Dependency Injection (DI).

Entity Framework Migration: Code-First or Database-First Approach.

New Features in Entity Framework Core 10 (Preview).

Just a few days ago, .NET 10 was officially released.  And on the same day, Microsoft also released Visual Studio 2026.

Until now in this course, we’ve been using Visual Studio 2022 with .NET 10 Preview. From this point forward, we’ll move to Visual Studio 2026 with the full release of .NET 10.

Preparing for Entity Framework Core Migration: Required NuGet Packages, Register DbContext Service and Entity Framework Core Migration Commands.

Preparing for Entity Framework Core Migration: Step-1: Install Required NuGet Packages.

Preparing for Entity Framework Core Migration:  Step-2: Create Web API Application Components including Model, AppDbContext service and Controller class.

Preparing for Entity Framework Core Migration: Step-3: Configure Connection String.

Preparing for Entity Framework Core Migration: Step-4: Register DbContext Service in Program.cs.

Preparing for Entity Framework Core Migration: Step-5: Migration & Migration Commands.

Entity Framework Core Demo: Testing the GET Endpoint and Viewing API Metadata.

Entity Framework Core:  Adding New Endpoints to an Existing Controller.

When Should You Run Entity Framework Core Migrations?

Testing ASP.NET Core Controller Endpoints with cURL.

Difference Between IActionResult & ActionResult in ASP.NET Core.

Introduction.

Preparing the Copilot Prompt for Generating the OrdersController.

Create an ASP.NET Core Web API Controller Using Copilot Ask Mode .

Testing Copilot-Generated Endpoints & Inserting/Updating Data from a JSON File.

In the previous lecture, we tested the endpoints of the OrdersController that Copilot Chat generated using our prompt. Everything worked well.

In this lecture, I’ll show you another powerful capability of Copilot Chat. Visual Studio’s Copilot understands the current state of our project—our classes, services, interfaces, and overall structure. Because of this, it can often generate accurate code even without a detailed prompt.

To demonstrate this, we’ll add a new feature: Bulk Insert. Instead of writing a full prompt, we’ll simply begin at the right place—the IOrdersRepository—and let Copilot suggest the implementation. Then we’ll complete the Bulk Insert endpoint in the OrdersController.

Create an ASP.NET Core Web API Controller Using Copilot Agent Mode.

In this course, we’ve covered many fundamental concepts through practical, hands-on examples. Now it’s time to focus on API security.

In ASP.NET Core Web APIs, there are multiple authentication options. For example, we can use the Microsoft identity platform or Windows authentication. In many cases, Visual Studio can scaffold much of the required setup for us, including the necessary code and database tables. We can also use external, token-based options such as JWT authentication.

However, in this section, I’d like to introduce a custom authentication scheme. The goal is not to replace industry standards, but to help you understand what happens behind the scenes in a modern, secure, token-based authentication flow.

In this section, we will build everything step-by-step:

1. Create the required C# classes and configuration for a custom authentication scheme

2. Use Entity Framework Core, run migrations, and generate the required database tables

3. Build a user registration endpoint

4. Build a login endpoint that validates passwords and issues an access token

5. Use this custom scheme to protect our API endpoints with [Authorize]

Custom authentication validates users with hashed passwords, issues a database-stored token, and protects APIs by validating that token on every request.

Creating a User Registration Endpoint.

Creating a Login Endpoint.

Custom Authentication Implementation and Protected Endpoints.

Introduction to JSON Web Tokens (JWT).

JWT Fundamentals: How Tokens Are Structured and Signed.

This lecture explains how and where to define configuration values and the secret key, and demonstrates best practices for managing the secret key using the User Secrets file.

In this lecture, we create a JWT token service responsible for generating JSON Web Tokens.

In this lecture, we will perform JWT service registration, configuration, and create the login endpoint.

In this lecture, we will implement JWT-based endpoint protection, including role-based authorization, and test the protected endpoints.

Extensions & Middleware in ASP.NET Core Web API: Introduction.

What is an Extension Method?

Extension Methods in Action: Program.cs Cleanup.

Middleware in ASP.NET Core: The Basics.

Middleware in ASP.NET Core: Practical Example.

File Management in ASP.NET Core Web API - Upload, Validation, Security and  Download.

Overview of File Storage Options in ASP.NET Core  Web API.

How to enable wwwroot folder?

How do I enable a custom folder for uploading files?

File Upload Path Settings in appsettings.json.

Adding File Type Validation to the File Upload Process.

How to Change File Upload Settings Without Stopping the Application.

Uploading Multiple Files in ASP.NET Core APIs.

Download Multiple Files as ZIP in ASP.NET Core ( Part-1 ).

Download Multiple Files as ZIP in ASP.NET Core ( Part-2 ).