A complete authentication API built with .NET 9, implementing JWT tokens, Repository Pattern, and SOLID principles for secure user management.
- JWT Authentication - Secure token-based authentication
- User Registration - Create new user accounts with validation
- User Login - Authenticate with username or email
- Protected Endpoints - Secure routes requiring valid JWT tokens
- Password Security - PBKDF2 hashing with salt for password protection
- Repository Pattern - Clean data access layer abstraction
- SOLID Principles - Maintainable and extensible code architecture
- Input Validation - Comprehensive request data validation
- Swagger Documentation - Interactive API documentation with JWT support
- .NET 9 - Latest .NET framework
- ASP.NET Core Web API - RESTful API framework
- Entity Framework Core - Object-relational mapping
- SQL Server - Database management system
- JWT Bearer Authentication - JSON Web Token implementation
- Swashbuckle (Swagger) - API documentation
- PBKDF2 - Password hashing algorithm
- .NET 9 SDK
- SQL Server (LocalDB or Express)
- JetBrains Rider, Visual Studio 2022 or VS Code (optional)
-
Clone the repository
git clone https://github.com/H0wZy/jwt.git cd jwt -
Install dependencies
dotnet restore
-
Update database connection (if needed)
- Update
appsettings.jsonwith your SQL Server connection string - Or create
appsettings.Development.jsonfor local settings
- Update
-
Run database migrations
dotnet ef database update
-
Run the application
dotnet run
-
Access Swagger UI
- Navigate to
https://localhost:7229/swagger - Interactive API documentation with authentication support
- Navigate to
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /api/auth/register |
Register new user | β |
| POST | /api/auth/login |
User login | β |
| GET | /api/auth/profile |
Get user profile | β |
POST /api/auth/register
{
"firstname": "John",
"lastname": "Doe",
"username": "johndoe",
"email": "john@example.com",
"password": "SecurePass123",
"confirmPassword": "SecurePass123",
"cargo": 1
}POST /api/auth/login
{
"usernameOrEmail": "johndoe",
"password": "SecurePass123"
}{
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"username": "johndoe",
"email": "john@example.com",
"firstname": "John",
"lastname": "Doe",
"cargo": 1
},
"message": "Login realizado com sucesso!",
"success": true
}βββ Controllers/
β βββ AuthController.cs # Authentication endpoints
βββ Data/
β βββ AppDbContext.cs # Database context
βββ Dtos/
β βββ LoginDto.cs # Login request model
β βββ RegisterUserDto.cs # Registration request model
β βββ LoginResponseDto.cs # Login response model
β βββ RegisterResponseDto.cs # Registration response model
βββ Enum/
β βββ Cargo.cs # User roles enumeration
βββ Migrations/ # EF Core migrations
βββ Models/
β βββ UserModel.cs # User entity
β βββ ResponseModel.cs # Generic API response wrapper
βββ Repositories/
β βββ AuthRepository/
β βββ IAuthRepository.cs # Repository interface
β βββ AuthRepository.cs # Repository implementation
βββ Services/
β βββ AuthService/
β βββ IAuthService.cs # Service interface
β βββ AuthService.cs # Business logic implementation
βββ Utils/
βββ PasswordHelper.cs # Password hashing utilities
βββ JwtHelper.cs # JWT token generation
- Password Hashing: PBKDF2 with 100,000 iterations and random salt
- JWT Tokens: 30-minute expiration with secure claims
- Input Validation: Comprehensive validation on all endpoints
- Authorization: Protected endpoints require valid Bearer tokens
- Register a new user using
/api/auth/register - Login with the created user via
/api/auth/login - Copy the JWT token from the login response
- Click "Authorize" button in Swagger UI
- Enter:
Bearer YOUR_TOKEN_HERE - Test protected endpoints like
/api/auth/profile
{
"Jwt": {
"Key": "your-secret-key-here-must-be-256-bits-minimum",
"Issuer": "jwt-api",
"Audience": "jwt-users"
}
}{
"ConnectionStrings": {
"DefaultConnection": "Server=localhost;Database=JwtApi;Integrated Security=true;TrustServerCertificate=true"
}
}- Refresh Tokens - Implement token refresh mechanism
- Role-based Authorization - Add granular permissions
- Password Reset - Email-based password recovery
- User Management - CRUD operations for users
- Docker Support - Containerization
- Unit Tests - Comprehensive test coverage
- Logging - Structured logging implementation
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- GitHub: @H0wZy
- Email: h0wzymarcos@gmail.com
β Star this repository if you found it helpful!