A secure authentication Web API built with ASP.NET Core (.NET 10) that demonstrates modern authentication and authorization techniques using JWT, Refresh Tokens, and Entity Framework Core.
This project follows modern backend development practices and serves as the backend for the SecureAuthLab.React frontend application.
- ✅ User Registration
- ✅ Secure Login
- ✅ JWT Authentication
- ✅ Refresh Token Rotation
- ✅ Protected API Endpoints
- ✅ Logout Endpoint
- ✅ Password Hashing
- ✅ Entity Framework Core
- ✅ SQL Server Integration
- ✅ Swagger Documentation
- ✅ CORS Configuration
- ✅ Configuration using appsettings.json
| Technology | Version |
|---|---|
| .NET | 10 |
| ASP.NET Core Web API | .NET 10 |
| Entity Framework Core | Latest |
| SQL Server | Latest |
| JWT Bearer Authentication | ✓ |
| Swagger / OpenAPI | ✓ |
SecureAuthLab
│
├── Controllers
├── Data
├── DTOs
├── Models
├── Services
├── Migrations
├── Program.cs
├── appsettings.json
└── SecureAuthLab.csproj
Client Login
│
▼
POST /api/auth/login
│
▼
JWT + Refresh Token
│
▼
Store Tokens
│
▼
Access Protected APIs
│
▼
JWT Expires
│
▼
POST /api/auth/refresh-token
│
▼
Generate New JWT
│
▼
Retry Original Request
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/auth/register |
Register a new user |
| POST | /api/auth/login |
Authenticate user |
| POST | /api/auth/refresh-token |
Generate a new JWT |
| POST | /api/auth/logout |
Logout user |
| GET | /api/auth/profile |
Get authenticated user profile |
git clone https://github.com/amjadaz8s5-dev/SecureAuthLab.gitSecureAuthLab.slnxUpdate the connection string in:
appsettings.json
Example:
"ConnectionStrings": {
"DefaultConnection": "Server=.;Database=SecureAuthLab;Trusted_Connection=True;TrustServerCertificate=True;"
}dotnet ef database updatedotnet runThe React frontend is available in a separate repository:
https://github.com/amjadaz8s5-dev/SecureAuthLab.React
- ASP.NET Core Web API Development
- JWT Authentication
- Refresh Token Rotation
- Secure Password Hashing
- Entity Framework Core
- SQL Server
- RESTful API Design
- Dependency Injection
- Authentication & Authorization
- Swagger / OpenAPI Documentation
- Role-Based Authorization (RBAC)
- Email Verification
- Forgot Password
- Password Reset
- Account Lockout
- Two-Factor Authentication (2FA)
- Serilog Logging
- Docker Support
- Unit & Integration Testing
- CI/CD Pipeline
- Redis Token Blacklisting
Amjad Ali Khan
Senior Full Stack .NET Developer
- ASP.NET Core
- .NET
- React
- React Native
- SQL Server
- AWS
GitHub:
https://github.com/amjadaz8s5-dev
This project is developed for educational and portfolio purposes.