Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/adityaoberai/rolebasedauthsample
ASP.NET Web API sample to showcase RBAC via JWTs in .NET 8
https://github.com/adityaoberai/rolebasedauthsample
authentication dotnet dotnet-8 jwt security
Last synced: 4 days ago
JSON representation
ASP.NET Web API sample to showcase RBAC via JWTs in .NET 8
- Host: GitHub
- URL: https://github.com/adityaoberai/rolebasedauthsample
- Owner: adityaoberai
- License: mit
- Created: 2023-11-06T15:25:11.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2023-11-16T06:14:32.000Z (12 months ago)
- Last Synced: 2024-10-30T10:18:00.442Z (14 days ago)
- Topics: authentication, dotnet, dotnet-8, jwt, security
- Language: C#
- Homepage:
- Size: 13.1 MB
- Stars: 16
- Watchers: 1
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# Role Based Auth Sample - .NET Conf 2023
## Description
The **Role Based Auth .NET Sample** is an **sample ASP.NET Web API** to help understand how role based authentication can be implemented via JWTs in a **.NET 8** application. It utilizes an **InMemory database** using **Entity Framework Core** for storing user data and the **Argon2** hashing algorithm for encrypting passwords.
### .NET Conf 2023
This sample was created for Aditya Oberai's talk at .NET Conf 2023.
You can download the presentation [here](AdityaOberai-DotNetConf-2023.pptx)
## Understanding the API
The API has 1 controller:
- **AuthController**: Contains the login, registration, and test APIs
### AuthController
The `AuthController` contains the login, registration, and test APIs we are using to get and try the JWT token authentication.
* POST `/auth/login`
* Returns the JWT token along with the user information from the database after the user enters their email and password.
* Post Http Request Link: `https:///auth/login`
* Request Body Example:
```json
{
"userName": "adityaoberai1",
"password": "test1234"
}
```
* Response Example:
```json
{
"userName": "adityaoberai1",
"name": "Aditya Oberai",
"roles": [
"User",
"Admin"
],
"isActive": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6ImFkaXR5YW9iZXJhaTEiLCJnaXZlbl9uYW1lIjoiQWRpdHlhIE9iZXJhaSIsInJvbGUiOlsiVXNlciIsIkFkbWluIl0sIm5iZiI6MTY5OTI3OTQyNywiZXhwIjoxNjk5MjgxMjI3LCJpYXQiOjE2OTkyNzk0MjcsImlzcyI6IlRlc3RJc3N1ZXIiLCJhdWQiOiJUZXN0QXVkaWVuY2UifQ.d9bAAqm1iHWmf7klIBWA2tFf2Pkvzfkee1lBvhv0_Ag",
"password": "$argon2id$v=19$m=65536,t=3,p=1$gFcsc5mOvzCclGj+o2CqeQ$TBCPrC6HW1+kCmtCc7vai9JJv3SOgPQK/mMjiJf7X8M"
}
```
> Note: Token returned will be different from the example
* POST `/auth/register`
* Adds the user's details to the database and returns the JWT token along with the user information after the user enters their information.
* Post Http Request Link: `https:///auth/register`
* Request Body Example:
```json
{
"name": "Aditya Oberai",
"userName": "adityaoberai1",
"password": "test1234",
"role": [
"User",
"Admin"
]
}
```
* Response Example:
```json
{
"userName": "adityaoberai1",
"name": "Aditya Oberai",
"roles": [
"User",
"Admin"
],
"isActive": false,
"token": null,
"password": "$argon2id$v=19$m=65536,t=3,p=1$gFcsc5mOvzCclGj+o2CqeQ$TBCPrC6HW1+kCmtCc7vai9JJv3SOgPQK/mMjiJf7X8M"
}
```
* GET `/auth/test`
* Returns claims from the JWT sent as the **Bearer token** in the `Authorization` header with **User** role.
* Get Http Request Link: `https:///auth/usertest`
* Request Header Example:
```
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6ImFkaXR5YTEiLCJnaXZlbl9uYW1lIjoiQWRpdHlhIE9iZXJhaSIsInJvbGUiOiJVc2VyIiwibmJmIjoxNjk5Mjc5NjA2LCJleHAiOjE2OTkyODE0MDYsImlhdCI6MTY5OTI3OTYwNiwiaXNzIjoiVGVzdElzc3VlciIsImF1ZCI6IlRlc3RBdWRpZW5jZSJ9.JpCzjncNg14Ptx1c1fRt4fZmUAIcuBSowL_WoVYZo6s
```
* Response Example:
```
List of Claims:
unique_name: aditya1
given_name: Aditya Oberai
role: User
nbf: 1699279606
exp: 1699281406
iat: 1699279606
iss: TestIssuer
aud: TestAudience
```
## Steps to Setup
- Clone the repository and enter the directory
- Run the command `dotnet restore`
- Run the command `dotnet run`