🛡️ AuthService Web API

X

Project Overview

AuthService is a robust authentication and user management API built with ASP.NET Core and Entity Framework Core. It utilizes JWT Authentication and ASP.NET Identity for secure user registration, login, and role-based access control.

Live DemoView on GitHub
AuthService API

Key Features

  • JWT Authentication:
    Secure user authentication using JSON Web Tokens.
  • User Registration and Login:
    Endpoints to register and log in users with role management.
  • Role-Based Authorization:
    Restrict access to endpoints based on user roles.
  • User Management:
    CRUD operations for managing users and roles.
  • Logging:
    Detailed logging for debugging and monitoring.

Technologies Used

ASP.NET CoreCORSEntity Framework CoreEntity Framework ToolsOPEN APIJWT BearerSQL ServerMsil KitImage SharpJSON

Challenges and Solutions

  • Security Implementation: Ensuring secure JWT handling and role-based access control.
  • User Management Complexity: Managing users and roles with ASP.NET Identity.
  • Database Connections: Configuring development and production database environments.

Outcome

The AuthService Web API provides a secure and efficient solution for managing user authentication and authorization in modern web applications.

Key Features

  • User Authentication: Secure login, registration, and password management with optional multi-factor authentication.
  • Authorization: Role-based and claims-based access control for detailed permission management.
  • Token Management: Stateless authentication using JSON Web Tokens (JWT) and refresh token support.
  • API Design: RESTful endpoints with consistent URL structures and robust error handling.
  • Security: End-to-end encryption, secure headers, and protection against vulnerabilities like SQL Injection and CSRF.
  • Extensibility: Integration with third-party identity providers and custom middleware support.
  • Scalability: Efficient database queries and horizontal scaling capabilities.

Technology Stack

  • Framework: .NET Core/C# Web API
  • Authentication: NextAuth for OAuth2 and OpenID Connect support
  • Database: SQL Server with Prisma ORM
  • Frontend Compatibility: Seamless integration with Next.js applications
  • Language: TypeScript for client-side integrations

Use Case

The AuthService Web API is designed for applications requiring secure, scalable, and modular user management solutions. Its flexibility and integration capabilities make it suitable for both enterprise-level projects and smaller apps.

AuthService Controllers and Endpoints

AuthController

POST api/auth/register

Description: Registers a new user.

Request:
{
  "email": "string",
  "password": "string",
  "firstName": "string",
  "lastName": "string"
}
Responses:
  • Status 200: { "message": "User registered successfully" }
  • Status 400: { "errors": "Array of validation errors" }

POST api/auth/login

Description: Authenticates a user.

Request:
{
  "email": "string",
  "password": "string"
}
Responses:
  • Status 200: { "message": "Login successful", "token": "string", "refreshToken": "string" }
  • Status 401: { "message": "Invalid email or password" }

POST api/auth/verify-mfa

Description: Verifies a multi-factor authentication token.

Request:
{
  "userId": "string",
  "token": "string"
}
Responses:
  • Status 200: { "message": "MFA verification successful", "token": "string" }
  • Status 401: { "message": "Invalid MFA token" }

POST api/auth/logout

Description: Logs out a user by clearing tokens.

Responses:
  • Status 200: { "message": "Logged out successfully" }

EmailController

POST api/email/send

Description: Sends an email.

Request:
{
  "to": "string",
  "subject": "string",
  "body": "string"
}
Responses:
  • Status 200: { "message": "Email sent successfully" }
  • Status 400: { "message": "Invalid email request" }
  • Status 500: { "message": "Failed to send email: error message" }

TasksController

GET api/tasks

Description: Retrieves all tasks.

Responses:
  • Status 200: { "tasks": "Array of tasks" }
  • Status 500: { "message": "Database error" }

GET api/tasks/{id}

Description: Retrieves a task by ID.

Responses:
  • Status 200: { "task": "Task object" }
  • Status 404: { "message": "Task not found" }

POST api/tasks

Description: Creates a new task.

Request:
{
  "title": "string",
  "description": "string",
  "startDateTime": "string",
  "endDateTime": "string",
  "isComplete": "boolean"
}
Responses:
  • Status 201: { "task": "Created task object" }
  • Status 500: { "message": "Database error" }

PUT api/tasks/{id}

Description: Updates an existing task.

Request:
{
  "id": "string",
  "title": "string",
  "description": "string",
  "startDateTime": "string",
  "endDateTime": "string",
  "isComplete": "boolean"
}
Responses:
  • Status 204: {}
  • Status 404: { "message": "Task not found" }

DELETE api/tasks/{id}

Description: Deletes a task by ID.

Responses:
  • Status 204: {}
  • Status 404: { "message": "Task not found" }

UserManagementController

GET api/usermanagement/confirm-email

Description: Confirms a user's email.

Responses:
  • Status 200: { "message": "Email confirmed successfully" }
  • Status 404: { "message": "User not found" }

GET api/usermanagement/list-users

Description: Lists all users.

Responses:
  • Status 200: { "users": "Array of user objects" }