A production-ready RESTful Web API built using ASP.NET Core (.NET 9) and Entity Framework Core to manage clinic operations securely and efficiently.
This system provides a complete backend solution for managing patients, doctors, appointments, invoices, payments, and hospital stays โ with strong security and clean architecture principles.
- Manage doctors, patients, and hospital stays
- Full appointment management (CRUD)
- โญ Doctor reviews and ratings
- ๐ Pagination & filtering support
- Patients can book appointments online
- JWT-protected booking endpoint
- Ownership-based access validation
- Patients can only access their own appointments
- Invoice creation and management
- Secure payment processing
- PDF invoice export
- Ownership-based invoice protection
- JWT Authentication
- ASP.NET Identity integration
- Role-Based Authorization (Admin / Patient)
- Resource-Level Ownership validation
- Secure Swagger integration (JWT enabled)
This project follows a clean layered architecture:
Controllers โ Services โ Data โ Entities
- Service Layer Pattern
- DTOs (Data Transfer Objects)
- Result wrapper for consistent API responses
- Fluent API for entity configuration
- Centralized authorization helper
- Dependency Injection
| Category | Technology |
|---|---|
| Language | C# (.NET 9) |
| Framework | ASP.NET Core Web API |
| ORM | Entity Framework Core |
| Database | SQL Server |
| Authentication | ASP.NET Identity + JWT |
| Authorization | Role-Based + Ownership |
| Object Mapping | Mapster |
| Documentation | Swagger |
| Architecture | Clean Layered Architecture |
1๏ธโฃ Register or log in:
POST /api/Auth/sign-up
POST /api/Auth/sign-in
2๏ธโฃ Receive a JWT token in the response.
3๏ธโฃ Use the token in secured endpoints:
Authorization: Bearer {your_token}
4๏ธโฃ Access control supports:
- Role-based restrictions (Admin / Patient)
- Ownership validation (users can only access their own resources)
Patients can book appointments directly via the API.
- Patient logs in and receives JWT.
- Patient calls the booking endpoint:
POST /api/appointments/patient/{patientId}/book
-
System validates:
- User is authenticated
- User role is Patient
- The patientId belongs to the logged-in user
-
Appointment is created securely.
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/appointments?page=1&pageSize=10 |
Get paginated appointments |
| POST | /api/appointments |
Create appointment (Admin) |
| POST | /api/appointments/patient/{patientId}/book |
Patient books appointment |
| GET | /api/patients/{id} |
Get patient details |
| GET | /api/invoices/{id}/pdf |
Export invoice as PDF |
| POST | /api/payments/{appointmentId} |
Create payment |
| GET | /api/doctors |
List doctors |
- .NET 9 SDK
- SQL Server
- EF Core CLI tools
git clone https://github.com/mohamed68909/ClinicManagement.git
cd ClinicManagement/ClinicManagement.API
dotnet ef database update
dotnet runOpen in browser:
https://localhost:{port}/swagger
- Secure backend API development
- JWT-based authentication pipeline
- Role-based & ownership-based authorization
- Clean service-based architecture
- Pagination & filtering implementation
- Real-world backend system design
- Unit & Integration Testing (xUnit + Moq)
- Structured logging with Serilog
- CI/CD pipeline setup
- Cloud deployment (Azure App Service)
- Frontend integration (React or Angular)
- Role expansion (Doctor / Receptionist)
Mohamed Ashraf .NET Backend Developer
GitHub: https://github.com/mohamed68909
MIT License Developed for educational and portfolio purposes.




