SecureAuthSystem
Secure Authentication System with Role-Based JWT Authorization in ASP.NET Core
A backend API built with ASP.NET Core, Entity Framework Core, and SQL Server, providing secure user authentication, JWT-based authorization, and password reset functionality. This project demonstrates a professional approach to building RESTful APIs and secure authentication systems.
Features
- User registration and login
- Password hashing using BCrypt
- JWT authentication with role-based access control (User / Admin)
- Protected API endpoints
- Password reset via token with expiry
- Refresh token system (optional extension)
- API documented with Swagger
Technologies Used
- Backend: ASP.NET Core 8.0
- Database: SQL Server, Entity Framework Core
- Authentication: JWT, BCrypt
- API Documentation: Swagger
- Development Tools: Visual Studio, Git
Folder Structure
- SecureAuthSys/ ├── Controllers/ # API controllers ├── DTOs/ # Data transfer objects ├── Helpers/ # JWT helper, PasswordHasher, etc. ├── Data/ # AppDbContext and database configurations ├── Models/ # User and other models ├── Middleware/ # Custom middleware (if any) ├── Services/ # Business logic services (if any) ├── SecureAuthSys.sln # Solution file └── Program.cs # Main entry point
Endpoints
- POST /api/auth/register - Register a new user
- POST /api/auth/login - Login and get JWT token
- POST /api/auth/forgot-password - Generate password reset token
- POST /api/auth/reset-password - Reset password using token
Future Improvements
- Add refresh token system for JWT expiration handling
- Implement email service for password reset links
- Build a frontend