This project is a simple To-Do List Web API built with ASP.NET Core that demonstrates JWT authentication, user-scoped data access, and clean architecture practices.
- CRUD operations for To-Do items
- JWT-based authentication
- Tasks are scoped to the authenticated user
- Data persistence with Entity Framework Core + SQLite
- Unit and integration tests
The solution follows a clean, layered structure:
- Domain – Core entities and behavior
- Application – Use cases, DTOs, interfaces
- Infrastructure – Persistence, repositories, security
- API – Controllers and HTTP layer
- Tests – Unit and integration tests
Business logic lives in the Application layer, keeping the API thin and testable.
- A login endpoint issues a JWT for a static test user
- The authenticated user is obtained from JWT claims via
IUserContext - Each
TodoItemstores aUserId - All operations are filtered by the authenticated user
User management is intentionally out of scope.
- Unit tests cover application services and user-scoped behavior
- Integration tests validate JWT authentication and API endpoints
- Tests are written using xUnit, Moq, and FluentAssertions
For security reasons, JWT secrets are not committed to source control.
You must provide a valid secret at runtime.
The secret must be at least 32 characters long.
dotnet run --project Todo.Api
dotnet test