{"id":19099764,"url":"https://github.com/matthewblott/simple_aspnet_auth","last_synced_at":"2025-04-18T17:31:57.629Z","repository":{"id":50493550,"uuid":"102221763","full_name":"matthewblott/simple_aspnet_auth","owner":"matthewblott","description":"Simple ASP.NET Authorisation boilerplate project. No EF, no database, no IdentityServer4 just a basic logging in system for both cookies and JWT and a controller with a set of examples.","archived":false,"fork":false,"pushed_at":"2024-01-30T11:31:33.000Z","size":1240,"stargazers_count":133,"open_issues_count":0,"forks_count":14,"subscribers_count":9,"default_branch":"main","last_synced_at":"2024-01-30T12:42:24.407Z","etag":null,"topics":["aspnet","aspnetcore","authorization","simple"],"latest_commit_sha":null,"homepage":"https://blog.coderscoffeehouse.com/tech/2017-09-05-simple-aspnet-auth/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/matthewblott.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-09-02T20:28:50.000Z","updated_at":"2024-01-30T11:25:40.000Z","dependencies_parsed_at":"2024-01-30T12:51:55.468Z","dependency_job_id":null,"html_url":"https://github.com/matthewblott/simple_aspnet_auth","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewblott%2Fsimple_aspnet_auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewblott%2Fsimple_aspnet_auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewblott%2Fsimple_aspnet_auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewblott%2Fsimple_aspnet_auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/matthewblott","download_url":"https://codeload.github.com/matthewblott/simple_aspnet_auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223783108,"owners_count":17201903,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aspnet","aspnetcore","authorization","simple"],"created_at":"2024-11-09T03:52:15.667Z","updated_at":"2024-11-09T03:52:19.375Z","avatar_url":"https://github.com/matthewblott.png","language":null,"funding_links":[],"categories":["aspnet"],"sub_categories":[],"readme":"# simple_aspnet_auth\n\nSimple ASP.NET Authorisation boilerplate project. No EF, no database, no IdentityServer4, no session storage, just a basic logging in system for both cookies and JWT with a couple of authorisation policies and a controller with a set of examples. Updated recently to .NET 8.\n\n### Getting Started\n\nTo get up and running just ```cd``` to the root where the ```.csproj``` file resides and run the following commands.\n\n```\ncd examples/cookies+api\ndotnet run\n\n```\n\n### Examples\n\nThe app simulates a basic group based admin system. There are three groups users can be members of: ```users```, ```superusers``` and ```admins```. All users are members of the ```users``` group but not all are members of ```superusers``` and or ```admins``` and there are parts of the app that use the ```Authorize``` attribute with policy based access to filter access.\n\nThere are a series of logins to test out. The home page has a table of the available users and passwords and indicates if a user is a member of ```superusers``` and / or ```admins```.\n\n![](docs/images/logins.jpg)\n\nYou can then run the series of tests below and see which sections you are able to view dependent upon login. All the tests make calls to the ```ExampleController``` class.\n\n#### Cookies\n\nBrowse to ```http://localhost/auth``` and if you are logged in under any user you should see the following. \n\n```\nOnly authenticated cookie based requests from superusers receive this message.\n```\n\nBrowse to ```http://localhost/superuser``` and if you are logged in under a user in either ```superusers``` or ```admins``` you should see the following.\n\n```\nOnly authenticated cookie based requests from superusers receive this message.\n```\n\nBrowse to ```http://localhost/admin``` and if you are logged in under a user in ```admins``` you should see the following.\n\n```\nOnly authenticated cookie based requests from admins receive this message.\n```\n\n#### JWT\n\nThe first command gets a token which will be needed for subsequent requests. In the example below the user ```admin``` with the password ```password``` is used but there are other logins to test which will give different results.\n\n```\ncurl -X POST http://localhost:5000/api/login -H \"Content-Type: application/x-www-form-urlencoded\" -d \"Name=admin\u0026Password=password\"\n```\n\nThe above command should result in something similar to the following (obviously the token value will be different).\n\n```\n\n{  \n   \"token\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pbkBkb21haW4iLCJqdGkiOiJkNGM5MDE0Zi0zOGYxLTQ3NTItODU3YS03ZTc0YzU0MjY3ZDciLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJhZG1pbnMiOiIxIiwic3VwZXJ1c2VycyI6IjIiLCJ1c2VycyI6IjMiLCJleHAiOjE1MDQzODk0NTEsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9hcGkvIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwL2FwaS8ifQ.gFnf39Vj16vEmcI1HdwPajH6sRHusxtjZ2eh0Xc1cJs\"\n}\n```\n\nThe token value is then used with subsequent requests. For the examples below replace ```TOKEN_VALUE``` with whatever value is obtained from the step above.\n\n```\ncurl http://localhost:5000/api/auth -H \"Authorization: Bearer TOKEN_VALUE\"\n```\n\nNo matter what user your token is for you should see the following.\n\n```\nOnly authenticated token based requests receive this message.\n```\n\nThe following test will work for users in either ```superusers``` or ```admins```.\n\n```\ncurl http://localhost:5000/api/superuser -H \"Authorization: Bearer TOKEN_VALUE\"\n```\n\nThe above command should produce the following.\n\n```\nOnly authenticated token based requests from superusers receive this message.\n```\n\nThe following test will work for users in ```admins```.\n\n```\ncurl http://localhost:5000/api/admin -H \"Authorization: Bearer TOKEN_VALUE\"\n```\n\nThe above command should produce the following.\n\n```\nOnly authenticated token based requests from admins receive this message.\n```\n\nThe following example illustrates manipulating the JWT, the code is in the ```TokenInfo``` method of the ```ExampleController``` class.\n\n```\ncurl http://localhost:5000/api/tokeninfo -H \"Authorization: Bearer TOKEN_VALUE\"\n```\n\nAny authenticated user should be presented with something similar to the following.\n\n```\n\n{  \n   \"token\":{  \n      \"actor\":null,\n      \"audiences\":[  \n         \"http://localhost:5000/api/\"\n      ],\n      \"claims\":[  \n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"sub\",\n            \"value\":\"admin@domain\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#string\"\n         },\n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"jti\",\n            \"value\":\"f85815ae-69c4-4fec-8553-bc1199e3cdce\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#string\"\n         },\n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n            \"value\":\"admin\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#string\"\n         },\n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"admins\",\n            \"value\":\"1\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#string\"\n         },\n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"superusers\",\n            \"value\":\"2\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#string\"\n         },\n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"users\",\n            \"value\":\"3\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#string\"\n         },\n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"exp\",\n            \"value\":\"1504392381\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#integer\"\n         },\n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"iss\",\n            \"value\":\"http://localhost:5000/api/\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#string\"\n         },\n         {  \n            \"issuer\":\"http://localhost:5000/api/\",\n            \"originalIssuer\":\"http://localhost:5000/api/\",\n            \"properties\":{  \n\n            },\n            \"subject\":null,\n            \"type\":\"aud\",\n            \"value\":\"http://localhost:5000/api/\",\n            \"valueType\":\"http://www.w3.org/2001/XMLSchema#string\"\n         }\n      ],\n      \"encodedHeader\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\",\n      \"encodedPayload\":\"eyJzdWIiOiJhZG1pbkBkb21haW4iLCJqdGkiOiJmODU4MTVhZS02OWM0LTRmZWMtODU1My1iYzExOTllM2NkY2UiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJhZG1pbnMiOiIxIiwic3VwZXJ1c2VycyI6IjIiLCJ1c2VycyI6IjMiLCJleHAiOjE1MDQzOTIzODEsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9hcGkvIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwL2FwaS8ifQ\",\n      \"header\":{  \n         \"alg\":\"HS256\",\n         \"typ\":\"JWT\"\n      },\n      \"id\":\"f85815ae-69c4-4fec-8553-bc1199e3cdce\",\n      \"issuer\":\"http://localhost:5000/api/\",\n      \"payload\":{  \n         \"sub\":\"admin@domain\",\n         \"jti\":\"f85815ae-69c4-4fec-8553-bc1199e3cdce\",\n         \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\":\"admin\",\n         \"admins\":\"1\",\n         \"superusers\":\"2\",\n         \"users\":\"3\",\n         \"exp\":1504392381,\n         \"iss\":\"http://localhost:5000/api/\",\n         \"aud\":\"http://localhost:5000/api/\"\n      },\n      \"innerToken\":null,\n      \"rawAuthenticationTag\":null,\n      \"rawCiphertext\":null,\n      \"rawData\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pbkBkb21haW4iLCJqdGkiOiJmODU4MTVhZS02OWM0LTRmZWMtODU1My1iYzExOTllM2NkY2UiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJhZG1pbnMiOiIxIiwic3VwZXJ1c2VycyI6IjIiLCJ1c2VycyI6IjMiLCJleHAiOjE1MDQzOTIzODEsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9hcGkvIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwL2FwaS8ifQ.AXpvgAE3ZFN8EnRVSkLUt0iCaFTySFnMTfSx_kWYFDk\",\n      \"rawEncryptedKey\":null,\n      \"rawInitializationVector\":null,\n      \"rawHeader\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\",\n      \"rawPayload\":\"eyJzdWIiOiJhZG1pbkBkb21haW4iLCJqdGkiOiJmODU4MTVhZS02OWM0LTRmZWMtODU1My1iYzExOTllM2NkY2UiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJhZG1pbnMiOiIxIiwic3VwZXJ1c2VycyI6IjIiLCJ1c2VycyI6IjMiLCJleHAiOjE1MDQzOTIzODEsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9hcGkvIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwL2FwaS8ifQ\",\n      \"rawSignature\":\"AXpvgAE3ZFN8EnRVSkLUt0iCaFTySFnMTfSx_kWYFDk\",\n      \"securityKey\":null,\n      \"signatureAlgorithm\":\"HS256\",\n      \"signingCredentials\":null,\n      \"encryptingCredentials\":null,\n      \"signingKey\":null,\n      \"subject\":\"admin@domain\",\n      \"validFrom\":\"0001-01-01T00:00:00\",\n      \"validTo\":\"2017-09-02T22:46:21Z\"\n   }\n}\n```\n\n#### Cookies and JWT\n\nThe address ```http://localhost/auth``` is available for both cookie and JWT based logins and the user should see the following message after execution.\n\n```\nOnly authenticated requests receive this message.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatthewblott%2Fsimple_aspnet_auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmatthewblott%2Fsimple_aspnet_auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatthewblott%2Fsimple_aspnet_auth/lists"}