Auth & Security Project: Auth & Security Examples
Project Overview
Build a comprehensive authentication and security demonstration API
Features to Implement
1. JWT Authentication
- User registration with password hashing
- Login with JWT generation
- Refresh token flow
- Token validation
2. Multiple Auth Schemes
- JWT Bearer tokens
- API Key authentication
- Cookie authentication
3. Authorization
- Role-based (Admin, User, Guest)
- Policy-based (MinimumAge, EmailVerified)
- Resource-based (own resources only)
4. Security
- CORS configuration
- HTTPS enforcement
- Security headers
- Rate limiting
- Input validation
Project Structure
AuthSecurityDemo/
├── Models/
│ ├── User.cs
│ ├── Post.cs
│ └── ApiKey.cs
├── Services/
│ ├── TokenService.cs
│ ├── UserService.cs
│ └── AuthService.cs
├── Authorization/
│ ├── Requirements/
│ └── Handlers/
├── Middleware/
│ └── ApiKeyMiddleware.cs
└── Program.cs
Deliverables
- Working multi-scheme authentication
- Complex authorization scenarios
- Security best practices implemented
- Comprehensive testing
- Documentation
Testing Checklist
- User registration works
- Login returns JWT
- Refresh token works
- Protected endpoints require auth
- Roles work correctly
- Custom policies work
- Resource authorization works
- CORS configured
- Rate limiting works
- Security headers present