
Explore dynamic filtering in a .NET Core gateway using a filter by and filter query with a switch on properties like name, details, and rate, plus min and max rates.
Add sort by and sort order to a .NET Core API, enabling sorting of villas query. Sort by name, rate, occupancy, square feet, or id in ascending or descending order.
Apply pagination by using page and page size defaults: page 1, page size 10, max 100. Determine skip as (page - 1) times page size and take page size records.
Learn to expose pagination details in response headers of a .NET core web API, including current page, page size, total count, and total pages.
Utilize dotnet identity to register application users via user manager, validate emails, create or assign roles with role manager, and rely on identity helpers for sign in and sign out.
Learn to implement login with identity in a .NET core API, validating hashed passwords with UserManager, retrieving roles, and returning a token-based login response.
Implement an image service interface for the .NET core RESTful API, including upload (returns path), delete (returns success), and validate (checks image type) with 5 MB limit and PNG/JPEG.
Configure the image service in program.cs by registering its interface and implementation, enable static files for the wwwroot folder, and register the file service for API access.
Learn to accept images in FromForm for villa creation in a .NET Core RESTful API, injecting an image service and updating the VillaCreateDto to handle form-file uploads.
Consume the image file service in the villa controller to upload images, validate formats and size, store the image url, and delete old images during update and delete operations.
Create a generic extension method that converts any object to form data, handling file properties as streams so the API can create villas with images.
Consume the extension in villa service by passing multipart form data directly to the message content, update base service to pass multipart data when present, and use json content otherwise.
Create the villa creation view to consume the API via multipart/form-data, adding an image file upload with a live preview and JPEG/PNG format support.
Implement an image uploader with a live preview. Use a JavaScript onchange function to read the file as a data URL with FileReader and display it in the preview container.
Learn how to display villa images by resolving relative paths with a get image url helper that appends the api base url and uses a placeholder when missing.
This lecture demonstrates deleting a villa and automatically removing its associated image, ensuring data integrity by syncing villa deletion with image removal.
Highlight refactoring the auth controller to apply single responsibility by moving token management and claims retrieval to a token provider with set, get, clear token, and get claims from token.
Build a token provider service for a .NET Core API that uses http context accessor to set, get, and clear session tokens and to create a principal from JWT claims.
Consume the token provider service in the auth controller and sign in. Retrieve the principal from the token, set the access token, and redirect.
Fix the villa get endpoint by removing the admin role restriction to allow anonymous access and update the home page image using the sd.get image url.
Create a refresh token table by modeling unique id, user id, token value, valid flag, and expiration time, linked to the access token, then add a dbset and migrate database.
Add a refresh token to the token DTO, rename the class to token DTO, and generate an access token with a refresh token that has expiration and expires at.
Move the JWT token generation to a dedicated token service, inject configuration, user manager, and application DB context, and register the service to centralize token management.
Implement refresh token endpoints for token service, generate access and refresh tokens, save the refresh token with user id and JWT token id, and revoke by marking is valid false.
Generate a cryptographically secure 64-byte refresh token by filling a byte array with random values, encoding to base64, and checking for uniqueness in the database, regenerating recursively if duplicates.
Generate and persist a new refresh token in the token service during login, alongside the JWT, with a two-minute access token and a five-minute refresh expiry.
Add a new claim in the access token to store the token ID, bridging the access and refresh tokens so both carry the same JWT token ID.
Demonstrates refreshing a two-minute access token with a five-minute refresh token to access a protected villas endpoint, and outlines invalidating old tokens if compromised.
Invalidate the complete token family by setting all tokens' is valid to false and saving changes, forcing re-login when a compromised refresh token is used.
Extend a restful web API in .NET Core by adding a refresh token flow, updating the token provider to manage access and refresh tokens, and exposing endpoints for both tokens.
Automatically refresh expired access tokens via the refresh token endpoint, update the session with new tokens, and prevent duplicate refresh calls for a stable login.
Implement a token refresh flow in the base api call by awaiting the refresh token, retrying the request after a successful refresh, and redirecting to login if refresh fails.
The lecture demonstrates implementing a refresh token flow in a .NET restful web api, renewing access tokens automatically after a session expiry and avoiding re-login.
Demonstrates implementing a refresh token flow by validating five-minute expiry and redirecting to login when expired, then signs out from the cookie authentication scheme and redirects to login.
Extend part one by adding file uploads and image storage in a dotnet rest api, consuming the endpoint from web project, and exploring jwt authentication, refresh tokens, and azure deployment.
Part two requires completing part one, where we built a RESTful API with dotnet core. It enhances the prior application and assumes the part one basics from ground zero.
Prepare for part two of the rest api course by downloading the startup project from Dotnet Mastery, opening the Magic Villa API, and reviewing resources, with no changes yet.
Configure the .NET7 RESTful Web API by updating the appsettings.json connection string to a local SQL Server, create the Magic Villa API part two database, and run migrations.
Take your .NET API skills to the next level in this intermediate to advanced course that builds directly on Part 1. You'll transform your existing API application into a robust, production-ready solution by implementing advanced authentication with .NET Identity, refresh tokens, filtering and pagination, image handling, and deployment strategies used by professional development teams.
Why This Course Stands Out:
This is the only course on Udemy that takes you through the complete journey of building advanced API features while maintaining a real, evolving project from start to finish. Unlike courses that teach concepts in isolation, you'll see how everything fits together in a production-quality application.
This course is fully updated for .NET 10, utilizing the latest features and best practices. You'll work with modern tooling including Scalar documentation (the next-generation alternative to Swagger UI), giving you hands-on experience with the cutting-edge technologies that companies are adopting right now.
What Makes This Course Different:
Most API courses stop at the basics—CRUD operations and simple authentication. This course goes further, tackling the real challenges you'll face in professional development: implementing enterprise-grade authentication with .NET Identity, handling secure token refresh flows, managing image uploads at scale, implementing filtering and pagination for large datasets, writing clean maintainable code, and deploying to production environments. These are the skills that separate junior developers from intermediate and senior engineers.
What You'll Build:
Starting with the API you created in Part 1, you'll enhance it with real-world features that employers expect. You'll upgrade your authentication system to use .NET Identity for robust user management, implement refresh tokens for secure long-lived sessions, handle image uploads with proper validation and storage, and add filtering, sorting, and pagination to handle large datasets efficiently.
Topics Covered:
Implement filtering, sorting, and pagination in your API to handle large datasets efficiently. Learn how to build flexible query parameters that allow clients to filter results, sort by different fields, and paginate through data—essential features for any real-world API dealing with substantial amounts of information.
Upgrade your authentication system with .NET Identity, the robust, enterprise-grade identity management framework. You'll learn how to manage users, roles, and claims properly, implement secure password hashing, and handle user registration and login flows following security best practices.
Dive deep into refresh token fundamentals, understanding how they work alongside access tokens to provide secure, long-lived authentication. You'll implement refresh token endpoints in your API and consume them properly in your MVC web application, following OAuth 2.0 best practices. This ensures users stay authenticated without compromising security.
Master image and file upload handling in both your API and MVC application. You'll learn how to accept file uploads, validate file types and sizes, store images efficiently (both locally and in cloud storage options), serve uploaded content, and handle all the edge cases that come with file operations in production environments.
Write cleaner, more maintainable code by building a dynamic base service that eliminates repetition and follows the DRY principle. You'll create reusable components that make your codebase more maintainable and easier to extend.
Implement robust exception handling using both filters and middleware, understanding when to use each approach for different scenarios. You'll learn how to catch errors gracefully, return appropriate HTTP status codes, log exceptions properly, and provide meaningful error messages to API consumers.
Consume all these advanced features in your ASP.NET Core MVC web application. You'll implement image upload forms, handle refresh token flows seamlessly, add filtering and pagination controls to your views, and manage the complete user authentication experience from registration to secure session management.
Finally, deploy your complete solution to Microsoft Azure, learning how to configure both your API and MVC application in a cloud environment with proper security settings, connection strings, file storage configuration, and scalability options.
What You'll Build:
By the end of this course, you'll have transformed your API into a production-ready application featuring:
Advanced authentication with .NET Identity
Secure refresh token implementation
Image and file upload capabilities with validation
Filtering, sorting, and pagination for efficient data handling
Clean, maintainable code using dynamic base services
Robust exception handling via filters and middleware
Complete MVC application consuming all advanced features
Everything deployed and running on Azure
Prerequisites:
You must complete Part 1 of this course before enrolling. This course continues directly from where Part 1 ends, using the same project as our foundation for exploring these advanced concepts.
Who This Course Is For:
This course is ideal for .NET developers who have completed Part 1 and want to build APIs that are ready for production environments. You'll gain hands-on experience with the features and patterns used in enterprise applications today.
Why Invest Your Time Here:
In today's competitive job market, knowing the basics isn't enough. Employers want developers who can implement proper identity management, handle secure authentication flows with refresh tokens, manage file operations, optimize API performance with filtering and pagination, and deploy to the cloud. This course gives you exactly those skills—taught in the context of a continuous, real-world project rather than disconnected examples.
By the end of this course, you'll have the confidence to build, secure, optimize, and deploy sophisticated ASP.NET Core Web APIs that meet industry standards and handle real-world requirements. You'll have a portfolio project that showcases advanced capabilities, and you'll be working with the latest .NET 10 features that companies are actively seeking.
Good luck, and I'm excited to see you in the course!