https://github.com/savaladaojr/auth.api
Simple ASP.NET Core 3.1 MVC REST API for Authentication purpose
https://github.com/savaladaojr/auth.api
api asp-net-core asp-net-core-mvc aspnet-core automapper csharp dependency-injection json-api jwt-authentication jwt-bearer-tokens rest-api restful-api restfull-api visual-studio
Last synced: about 2 months ago
JSON representation
Simple ASP.NET Core 3.1 MVC REST API for Authentication purpose
- Host: GitHub
- URL: https://github.com/savaladaojr/auth.api
- Owner: savaladaojr
- Created: 2020-08-25T14:52:48.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-10-05T22:40:19.000Z (over 4 years ago)
- Last Synced: 2024-04-19T18:48:19.233Z (about 1 year ago)
- Topics: api, asp-net-core, asp-net-core-mvc, aspnet-core, automapper, csharp, dependency-injection, json-api, jwt-authentication, jwt-bearer-tokens, rest-api, restful-api, restfull-api, visual-studio
- Language: C#
- Homepage:
- Size: 39.1 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Auth.API
> Auth.API is a simple ASP.NET Core 3.1 MVC REST API for Authentication purpose.
## Description
Authentication is the process of identifying who are the users who can access a resource. On the other hand, authorization is the process of determining what a user can do on the resource to which he has access.
For the authorization process to work, the user must first be authenticated. Then, the application will need the user's identity to identify the user's role and act accordingly.
The Auti.API will handle the authentication. Once the user is authenticated, it will let the caller determine which resource the identity created is allowed to access or not.
After the authentication, the API will send a JSON Web Token back to the caller. This token should be used by the caler in order to make subsequent calls to the API.
If you would like to know more about JSON Web Token, you can access the [Wikipedia article](https://en.wikipedia.org/wiki/JSON_Web_Token/) or search on the internet.
There is an option to use your Token generator, using Custom Authentication manager and custom authentication handler also.
But, I recommend you to use JWT.
### Features
- [X] Authenticate users
- [X] Generate JSON Web Token
- [X] Custom Token Generator
- [X] Protected API Verbs
- [X] Autorize access to specific API Verbs
Each API functionality could be access as listed in the table below:
Verb
URI
Auth Needed?
Method
Description
GET
/api/name/authenticate
No
Authenticate
Authenticate an user and return a JWT.
GET
/api/name/{id}
Yes
Get By ID
Get an user information
GET
/api/name
Yes
Get All Users
Get All Users information
## Installation
### Pre-requisites
1. .Net Core SDK installed;
2. Visual Studio 2019 (Comunity) installed;
### Cloning the Repository
1. Create a project's directory on your computer;
2. Clone the repository.
```bash
git clone https://github.com/savaladaojr/Auth.API
```
## Running the API
#### Opening the project
1. Double click on the solution file. It will open the solution in your current version of the Visual Studio.
### Restoring project's dependencies
1. In the Visual Studio, open the Package Manager Consol and run the command to restore all packages used by the API. You can also click-right on the solution's name in the Solution Explorer and select "Restore NuGet Packages.
```sh
dotnet restore
```
### Building & Running the API
1. To build the project you have two options: The first one is click-right on the solution's name and then select "Build Solution". The second option is by running the command below through the Package Manager Console terminal;
```sh
dotnet build
```
2. To Run the API, there are also two options: Pressing F5 or executing the command through the terminal.
```sh
dotnet run
```
## Consuming the API.
To run some tests on the API, I recommend that you download [Postman](https://www.postman.com/downloads/) or also use a Google Chrome plug-in. You also have another option which is [Insomina](https://insomnia.rest/download/). Both are gonna work and have a free version.
I'm using Postman! So I have already prepared a file with all requests for the API. You can find this file (Auth.API.postman_collection.json) in the repository.
Later I will create a project to consume this API and show how to use it in different approaches. Bye now!
## Concluding ##
This API covers two ways of managing authentication:
**_The first one is through JWT token_**;
The other is a custom token generator (GUID based).
For the custom implementation, we can use anything as an alternatives! Since it will be triggered every time a API Verb endpoint is called; as long as it is annotated with the Authorize attribute. So, if we wouldn't like to use the authentication check in an API Verb, we just need to annotate it with the AllowAnonymous attribute.
To conclude, the most important thing here is that the authentication handler and the middleware keep the code clean, readably, and following the standards design.
## Contributing
1. Fork it ();
2. Create your feature branch (e.g. `git checkout -b feature/fooBar`);
3. Commit your changes (e.g. `git commit -am 'Add some fooBar'`);
4. Push to the branch (e.g. `git push origin feature/fooBar`);
5. Create a new Pull Request.
###### This API was built for learning purposes.