├── .gitattributes
├── .gitignore
├── AuthenticationWebApi.sln
└── AuthenticationWebApi
├── AuthenticationWebApi.csproj
├── Controllers
├── AuthController.cs
└── WeatherForecastController.cs
├── Data
└── DataContext.cs
├── Migrations
├── 20220504211423_Initial.Designer.cs
├── 20220504211423_Initial.cs
├── 20220509201319_RefreshTokenData.Designer.cs
├── 20220509201319_RefreshTokenData.cs
├── 20220510004850_UserRole.Designer.cs
├── 20220510004850_UserRole.cs
└── DataContextModelSnapshot.cs
├── Models
├── AuthResponseDto.cs
├── RefreshToken.cs
├── User.cs
└── UserDto.cs
├── Program.cs
├── Properties
└── launchSettings.json
├── Services
└── AuthService
│ ├── AuthService.cs
│ └── IAuthService.cs
├── WeatherForecast.cs
├── appsettings.Development.json
└── appsettings.json
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Ww][Ii][Nn]32/
27 | [Aa][Rr][Mm]/
28 | [Aa][Rr][Mm]64/
29 | bld/
30 | [Bb]in/
31 | [Oo]bj/
32 | [Oo]ut/
33 | [Ll]og/
34 | [Ll]ogs/
35 |
36 | # Visual Studio 2015/2017 cache/options directory
37 | .vs/
38 | # Uncomment if you have tasks that create the project's static files in wwwroot
39 | #wwwroot/
40 |
41 | # Visual Studio 2017 auto generated files
42 | Generated\ Files/
43 |
44 | # MSTest test Results
45 | [Tt]est[Rr]esult*/
46 | [Bb]uild[Ll]og.*
47 |
48 | # NUnit
49 | *.VisualState.xml
50 | TestResult.xml
51 | nunit-*.xml
52 |
53 | # Build Results of an ATL Project
54 | [Dd]ebugPS/
55 | [Rr]eleasePS/
56 | dlldata.c
57 |
58 | # Benchmark Results
59 | BenchmarkDotNet.Artifacts/
60 |
61 | # .NET Core
62 | project.lock.json
63 | project.fragment.lock.json
64 | artifacts/
65 |
66 | # ASP.NET Scaffolding
67 | ScaffoldingReadMe.txt
68 |
69 | # StyleCop
70 | StyleCopReport.xml
71 |
72 | # Files built by Visual Studio
73 | *_i.c
74 | *_p.c
75 | *_h.h
76 | *.ilk
77 | *.meta
78 | *.obj
79 | *.iobj
80 | *.pch
81 | *.pdb
82 | *.ipdb
83 | *.pgc
84 | *.pgd
85 | *.rsp
86 | *.sbr
87 | *.tlb
88 | *.tli
89 | *.tlh
90 | *.tmp
91 | *.tmp_proj
92 | *_wpftmp.csproj
93 | *.log
94 | *.vspscc
95 | *.vssscc
96 | .builds
97 | *.pidb
98 | *.svclog
99 | *.scc
100 |
101 | # Chutzpah Test files
102 | _Chutzpah*
103 |
104 | # Visual C++ cache files
105 | ipch/
106 | *.aps
107 | *.ncb
108 | *.opendb
109 | *.opensdf
110 | *.sdf
111 | *.cachefile
112 | *.VC.db
113 | *.VC.VC.opendb
114 |
115 | # Visual Studio profiler
116 | *.psess
117 | *.vsp
118 | *.vspx
119 | *.sap
120 |
121 | # Visual Studio Trace Files
122 | *.e2e
123 |
124 | # TFS 2012 Local Workspace
125 | $tf/
126 |
127 | # Guidance Automation Toolkit
128 | *.gpState
129 |
130 | # ReSharper is a .NET coding add-in
131 | _ReSharper*/
132 | *.[Rr]e[Ss]harper
133 | *.DotSettings.user
134 |
135 | # TeamCity is a build add-in
136 | _TeamCity*
137 |
138 | # DotCover is a Code Coverage Tool
139 | *.dotCover
140 |
141 | # AxoCover is a Code Coverage Tool
142 | .axoCover/*
143 | !.axoCover/settings.json
144 |
145 | # Coverlet is a free, cross platform Code Coverage Tool
146 | coverage*.json
147 | coverage*.xml
148 | coverage*.info
149 |
150 | # Visual Studio code coverage results
151 | *.coverage
152 | *.coveragexml
153 |
154 | # NCrunch
155 | _NCrunch_*
156 | .*crunch*.local.xml
157 | nCrunchTemp_*
158 |
159 | # MightyMoose
160 | *.mm.*
161 | AutoTest.Net/
162 |
163 | # Web workbench (sass)
164 | .sass-cache/
165 |
166 | # Installshield output folder
167 | [Ee]xpress/
168 |
169 | # DocProject is a documentation generator add-in
170 | DocProject/buildhelp/
171 | DocProject/Help/*.HxT
172 | DocProject/Help/*.HxC
173 | DocProject/Help/*.hhc
174 | DocProject/Help/*.hhk
175 | DocProject/Help/*.hhp
176 | DocProject/Help/Html2
177 | DocProject/Help/html
178 |
179 | # Click-Once directory
180 | publish/
181 |
182 | # Publish Web Output
183 | *.[Pp]ublish.xml
184 | *.azurePubxml
185 | # Note: Comment the next line if you want to checkin your web deploy settings,
186 | # but database connection strings (with potential passwords) will be unencrypted
187 | *.pubxml
188 | *.publishproj
189 |
190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
191 | # checkin your Azure Web App publish settings, but sensitive information contained
192 | # in these scripts will be unencrypted
193 | PublishScripts/
194 |
195 | # NuGet Packages
196 | *.nupkg
197 | # NuGet Symbol Packages
198 | *.snupkg
199 | # The packages folder can be ignored because of Package Restore
200 | **/[Pp]ackages/*
201 | # except build/, which is used as an MSBuild target.
202 | !**/[Pp]ackages/build/
203 | # Uncomment if necessary however generally it will be regenerated when needed
204 | #!**/[Pp]ackages/repositories.config
205 | # NuGet v3's project.json files produces more ignorable files
206 | *.nuget.props
207 | *.nuget.targets
208 |
209 | # Microsoft Azure Build Output
210 | csx/
211 | *.build.csdef
212 |
213 | # Microsoft Azure Emulator
214 | ecf/
215 | rcf/
216 |
217 | # Windows Store app package directories and files
218 | AppPackages/
219 | BundleArtifacts/
220 | Package.StoreAssociation.xml
221 | _pkginfo.txt
222 | *.appx
223 | *.appxbundle
224 | *.appxupload
225 |
226 | # Visual Studio cache files
227 | # files ending in .cache can be ignored
228 | *.[Cc]ache
229 | # but keep track of directories ending in .cache
230 | !?*.[Cc]ache/
231 |
232 | # Others
233 | ClientBin/
234 | ~$*
235 | *~
236 | *.dbmdl
237 | *.dbproj.schemaview
238 | *.jfm
239 | *.pfx
240 | *.publishsettings
241 | orleans.codegen.cs
242 |
243 | # Including strong name files can present a security risk
244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
245 | #*.snk
246 |
247 | # Since there are multiple workflows, uncomment next line to ignore bower_components
248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
249 | #bower_components/
250 |
251 | # RIA/Silverlight projects
252 | Generated_Code/
253 |
254 | # Backup & report files from converting an old project file
255 | # to a newer Visual Studio version. Backup files are not needed,
256 | # because we have git ;-)
257 | _UpgradeReport_Files/
258 | Backup*/
259 | UpgradeLog*.XML
260 | UpgradeLog*.htm
261 | ServiceFabricBackup/
262 | *.rptproj.bak
263 |
264 | # SQL Server files
265 | *.mdf
266 | *.ldf
267 | *.ndf
268 |
269 | # Business Intelligence projects
270 | *.rdl.data
271 | *.bim.layout
272 | *.bim_*.settings
273 | *.rptproj.rsuser
274 | *- [Bb]ackup.rdl
275 | *- [Bb]ackup ([0-9]).rdl
276 | *- [Bb]ackup ([0-9][0-9]).rdl
277 |
278 | # Microsoft Fakes
279 | FakesAssemblies/
280 |
281 | # GhostDoc plugin setting file
282 | *.GhostDoc.xml
283 |
284 | # Node.js Tools for Visual Studio
285 | .ntvs_analysis.dat
286 | node_modules/
287 |
288 | # Visual Studio 6 build log
289 | *.plg
290 |
291 | # Visual Studio 6 workspace options file
292 | *.opt
293 |
294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
295 | *.vbw
296 |
297 | # Visual Studio LightSwitch build output
298 | **/*.HTMLClient/GeneratedArtifacts
299 | **/*.DesktopClient/GeneratedArtifacts
300 | **/*.DesktopClient/ModelManifest.xml
301 | **/*.Server/GeneratedArtifacts
302 | **/*.Server/ModelManifest.xml
303 | _Pvt_Extensions
304 |
305 | # Paket dependency manager
306 | .paket/paket.exe
307 | paket-files/
308 |
309 | # FAKE - F# Make
310 | .fake/
311 |
312 | # CodeRush personal settings
313 | .cr/personal
314 |
315 | # Python Tools for Visual Studio (PTVS)
316 | __pycache__/
317 | *.pyc
318 |
319 | # Cake - Uncomment if you are using it
320 | # tools/**
321 | # !tools/packages.config
322 |
323 | # Tabs Studio
324 | *.tss
325 |
326 | # Telerik's JustMock configuration file
327 | *.jmconfig
328 |
329 | # BizTalk build output
330 | *.btp.cs
331 | *.btm.cs
332 | *.odx.cs
333 | *.xsd.cs
334 |
335 | # OpenCover UI analysis results
336 | OpenCover/
337 |
338 | # Azure Stream Analytics local run output
339 | ASALocalRun/
340 |
341 | # MSBuild Binary and Structured Log
342 | *.binlog
343 |
344 | # NVidia Nsight GPU debugger configuration file
345 | *.nvuser
346 |
347 | # MFractors (Xamarin productivity tool) working folder
348 | .mfractor/
349 |
350 | # Local History for Visual Studio
351 | .localhistory/
352 |
353 | # BeatPulse healthcheck temp database
354 | healthchecksdb
355 |
356 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
357 | MigrationBackup/
358 |
359 | # Ionide (cross platform F# VS Code tools) working folder
360 | .ionide/
361 |
362 | # Fody - auto-generated XML schema
363 | FodyWeavers.xsd
364 | /AuthenticationWebApi/auth.db
365 | /AuthenticationWebApi/auth.db-wal
366 | /AuthenticationWebApi/auth.db-shm
367 |
--------------------------------------------------------------------------------
/AuthenticationWebApi.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.1.32421.90
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AuthenticationWebApi", "AuthenticationWebApi\AuthenticationWebApi.csproj", "{CA015C6E-59F2-4680-89E8-601A8C927355}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {CA015C6E-59F2-4680-89E8-601A8C927355}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {CA015C6E-59F2-4680-89E8-601A8C927355}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {CA015C6E-59F2-4680-89E8-601A8C927355}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {CA015C6E-59F2-4680-89E8-601A8C927355}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {80EC2860-3379-43E3-A676-1FFA59D7887E}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/AuthenticationWebApi.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net6.0
5 | enable
6 | enable
7 |
8 |
9 |
10 |
11 |
12 |
13 | all
14 | runtime; build; native; contentfiles; analyzers; buildtransitive
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Controllers/AuthController.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.AspNetCore.Authorization;
2 | using Microsoft.AspNetCore.Http;
3 | using Microsoft.AspNetCore.Mvc;
4 |
5 | namespace AuthenticationWebApi.Controllers
6 | {
7 | [Route("api/[controller]")]
8 | [ApiController]
9 | public class AuthController : ControllerBase
10 | {
11 | private readonly IAuthService _authService;
12 |
13 | public AuthController(IAuthService authService)
14 | {
15 | _authService = authService;
16 | }
17 |
18 | [HttpPost]
19 | public async Task> RegisterUser(UserDto request)
20 | {
21 | var response = await _authService.RegisterUser(request);
22 | return Ok(response);
23 | }
24 |
25 | [HttpPost("login")]
26 | public async Task> Login(UserDto request)
27 | {
28 | var response = await _authService.Login(request);
29 | if(response.Success)
30 | return Ok(response);
31 |
32 | return BadRequest(response.Message);
33 | }
34 |
35 | [HttpPost("refresh-token")]
36 | public async Task> RefreshToken()
37 | {
38 | var response = await _authService.RefreshToken();
39 | if (response.Success)
40 | return Ok(response);
41 |
42 | return BadRequest(response.Message);
43 | }
44 |
45 | [HttpGet, Authorize(Roles = "User,Admin")]
46 | public ActionResult Aloha()
47 | {
48 | return Ok("Aloha! You're authorized!");
49 | }
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Controllers/WeatherForecastController.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.AspNetCore.Mvc;
2 |
3 | namespace AuthenticationWebApi.Controllers
4 | {
5 | [ApiController]
6 | [Route("[controller]")]
7 | public class WeatherForecastController : ControllerBase
8 | {
9 | private static readonly string[] Summaries = new[]
10 | {
11 | "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
12 | };
13 |
14 | private readonly ILogger _logger;
15 |
16 | public WeatherForecastController(ILogger logger)
17 | {
18 | _logger = logger;
19 | }
20 |
21 | [HttpGet(Name = "GetWeatherForecast")]
22 | public IEnumerable Get()
23 | {
24 | return Enumerable.Range(1, 5).Select(index => new WeatherForecast
25 | {
26 | Date = DateTime.Now.AddDays(index),
27 | TemperatureC = Random.Shared.Next(-20, 55),
28 | Summary = Summaries[Random.Shared.Next(Summaries.Length)]
29 | })
30 | .ToArray();
31 | }
32 | }
33 | }
--------------------------------------------------------------------------------
/AuthenticationWebApi/Data/DataContext.cs:
--------------------------------------------------------------------------------
1 | namespace AuthenticationWebApi.Data
2 | {
3 | public class DataContext : DbContext
4 | {
5 | public DataContext(DbContextOptions options) : base(options)
6 | {
7 |
8 | }
9 |
10 | public DbSet Users => Set();
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Migrations/20220504211423_Initial.Designer.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using AuthenticationWebApi.Data;
4 | using Microsoft.EntityFrameworkCore;
5 | using Microsoft.EntityFrameworkCore.Infrastructure;
6 | using Microsoft.EntityFrameworkCore.Migrations;
7 | using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
8 |
9 | #nullable disable
10 |
11 | namespace AuthenticationWebApi.Migrations
12 | {
13 | [DbContext(typeof(DataContext))]
14 | [Migration("20220504211423_Initial")]
15 | partial class Initial
16 | {
17 | protected override void BuildTargetModel(ModelBuilder modelBuilder)
18 | {
19 | #pragma warning disable 612, 618
20 | modelBuilder.HasAnnotation("ProductVersion", "6.0.4");
21 |
22 | modelBuilder.Entity("AuthenticationWebApi.Models.User", b =>
23 | {
24 | b.Property("Id")
25 | .ValueGeneratedOnAdd()
26 | .HasColumnType("INTEGER");
27 |
28 | b.Property("PasswordHash")
29 | .IsRequired()
30 | .HasColumnType("BLOB");
31 |
32 | b.Property("PasswordSalt")
33 | .IsRequired()
34 | .HasColumnType("BLOB");
35 |
36 | b.Property("Username")
37 | .IsRequired()
38 | .HasColumnType("TEXT");
39 |
40 | b.HasKey("Id");
41 |
42 | b.ToTable("Users");
43 | });
44 | #pragma warning restore 612, 618
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Migrations/20220504211423_Initial.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using Microsoft.EntityFrameworkCore.Migrations;
3 |
4 | #nullable disable
5 |
6 | namespace AuthenticationWebApi.Migrations
7 | {
8 | public partial class Initial : Migration
9 | {
10 | protected override void Up(MigrationBuilder migrationBuilder)
11 | {
12 | migrationBuilder.CreateTable(
13 | name: "Users",
14 | columns: table => new
15 | {
16 | Id = table.Column(type: "INTEGER", nullable: false)
17 | .Annotation("Sqlite:Autoincrement", true),
18 | Username = table.Column(type: "TEXT", nullable: false),
19 | PasswordHash = table.Column(type: "BLOB", nullable: false),
20 | PasswordSalt = table.Column(type: "BLOB", nullable: false)
21 | },
22 | constraints: table =>
23 | {
24 | table.PrimaryKey("PK_Users", x => x.Id);
25 | });
26 | }
27 |
28 | protected override void Down(MigrationBuilder migrationBuilder)
29 | {
30 | migrationBuilder.DropTable(
31 | name: "Users");
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Migrations/20220509201319_RefreshTokenData.Designer.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using AuthenticationWebApi.Data;
4 | using Microsoft.EntityFrameworkCore;
5 | using Microsoft.EntityFrameworkCore.Infrastructure;
6 | using Microsoft.EntityFrameworkCore.Migrations;
7 | using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
8 |
9 | #nullable disable
10 |
11 | namespace AuthenticationWebApi.Migrations
12 | {
13 | [DbContext(typeof(DataContext))]
14 | [Migration("20220509201319_RefreshTokenData")]
15 | partial class RefreshTokenData
16 | {
17 | protected override void BuildTargetModel(ModelBuilder modelBuilder)
18 | {
19 | #pragma warning disable 612, 618
20 | modelBuilder.HasAnnotation("ProductVersion", "6.0.4");
21 |
22 | modelBuilder.Entity("AuthenticationWebApi.Models.User", b =>
23 | {
24 | b.Property("Id")
25 | .ValueGeneratedOnAdd()
26 | .HasColumnType("INTEGER");
27 |
28 | b.Property("PasswordHash")
29 | .IsRequired()
30 | .HasColumnType("BLOB");
31 |
32 | b.Property("PasswordSalt")
33 | .IsRequired()
34 | .HasColumnType("BLOB");
35 |
36 | b.Property("RefreshToken")
37 | .IsRequired()
38 | .HasColumnType("TEXT");
39 |
40 | b.Property("TokenCreated")
41 | .HasColumnType("TEXT");
42 |
43 | b.Property("TokenExpires")
44 | .HasColumnType("TEXT");
45 |
46 | b.Property("Username")
47 | .IsRequired()
48 | .HasColumnType("TEXT");
49 |
50 | b.HasKey("Id");
51 |
52 | b.ToTable("Users");
53 | });
54 | #pragma warning restore 612, 618
55 | }
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Migrations/20220509201319_RefreshTokenData.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using Microsoft.EntityFrameworkCore.Migrations;
3 |
4 | #nullable disable
5 |
6 | namespace AuthenticationWebApi.Migrations
7 | {
8 | public partial class RefreshTokenData : Migration
9 | {
10 | protected override void Up(MigrationBuilder migrationBuilder)
11 | {
12 | migrationBuilder.AddColumn(
13 | name: "RefreshToken",
14 | table: "Users",
15 | type: "TEXT",
16 | nullable: false,
17 | defaultValue: "");
18 |
19 | migrationBuilder.AddColumn(
20 | name: "TokenCreated",
21 | table: "Users",
22 | type: "TEXT",
23 | nullable: false,
24 | defaultValue: new DateTime(1, 1, 1, 0, 0, 0, 0, DateTimeKind.Unspecified));
25 |
26 | migrationBuilder.AddColumn(
27 | name: "TokenExpires",
28 | table: "Users",
29 | type: "TEXT",
30 | nullable: false,
31 | defaultValue: new DateTime(1, 1, 1, 0, 0, 0, 0, DateTimeKind.Unspecified));
32 | }
33 |
34 | protected override void Down(MigrationBuilder migrationBuilder)
35 | {
36 | migrationBuilder.DropColumn(
37 | name: "RefreshToken",
38 | table: "Users");
39 |
40 | migrationBuilder.DropColumn(
41 | name: "TokenCreated",
42 | table: "Users");
43 |
44 | migrationBuilder.DropColumn(
45 | name: "TokenExpires",
46 | table: "Users");
47 | }
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Migrations/20220510004850_UserRole.Designer.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using AuthenticationWebApi.Data;
4 | using Microsoft.EntityFrameworkCore;
5 | using Microsoft.EntityFrameworkCore.Infrastructure;
6 | using Microsoft.EntityFrameworkCore.Migrations;
7 | using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
8 |
9 | #nullable disable
10 |
11 | namespace AuthenticationWebApi.Migrations
12 | {
13 | [DbContext(typeof(DataContext))]
14 | [Migration("20220510004850_UserRole")]
15 | partial class UserRole
16 | {
17 | protected override void BuildTargetModel(ModelBuilder modelBuilder)
18 | {
19 | #pragma warning disable 612, 618
20 | modelBuilder.HasAnnotation("ProductVersion", "6.0.4");
21 |
22 | modelBuilder.Entity("AuthenticationWebApi.Models.User", b =>
23 | {
24 | b.Property("Id")
25 | .ValueGeneratedOnAdd()
26 | .HasColumnType("INTEGER");
27 |
28 | b.Property("PasswordHash")
29 | .IsRequired()
30 | .HasColumnType("BLOB");
31 |
32 | b.Property("PasswordSalt")
33 | .IsRequired()
34 | .HasColumnType("BLOB");
35 |
36 | b.Property("RefreshToken")
37 | .IsRequired()
38 | .HasColumnType("TEXT");
39 |
40 | b.Property("Role")
41 | .IsRequired()
42 | .HasColumnType("TEXT");
43 |
44 | b.Property("TokenCreated")
45 | .HasColumnType("TEXT");
46 |
47 | b.Property("TokenExpires")
48 | .HasColumnType("TEXT");
49 |
50 | b.Property("Username")
51 | .IsRequired()
52 | .HasColumnType("TEXT");
53 |
54 | b.HasKey("Id");
55 |
56 | b.ToTable("Users");
57 | });
58 | #pragma warning restore 612, 618
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Migrations/20220510004850_UserRole.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.EntityFrameworkCore.Migrations;
2 |
3 | #nullable disable
4 |
5 | namespace AuthenticationWebApi.Migrations
6 | {
7 | public partial class UserRole : Migration
8 | {
9 | protected override void Up(MigrationBuilder migrationBuilder)
10 | {
11 | migrationBuilder.AddColumn(
12 | name: "Role",
13 | table: "Users",
14 | type: "TEXT",
15 | nullable: false,
16 | defaultValue: "");
17 | }
18 |
19 | protected override void Down(MigrationBuilder migrationBuilder)
20 | {
21 | migrationBuilder.DropColumn(
22 | name: "Role",
23 | table: "Users");
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Migrations/DataContextModelSnapshot.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using AuthenticationWebApi.Data;
4 | using Microsoft.EntityFrameworkCore;
5 | using Microsoft.EntityFrameworkCore.Infrastructure;
6 | using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
7 |
8 | #nullable disable
9 |
10 | namespace AuthenticationWebApi.Migrations
11 | {
12 | [DbContext(typeof(DataContext))]
13 | partial class DataContextModelSnapshot : ModelSnapshot
14 | {
15 | protected override void BuildModel(ModelBuilder modelBuilder)
16 | {
17 | #pragma warning disable 612, 618
18 | modelBuilder.HasAnnotation("ProductVersion", "6.0.4");
19 |
20 | modelBuilder.Entity("AuthenticationWebApi.Models.User", b =>
21 | {
22 | b.Property("Id")
23 | .ValueGeneratedOnAdd()
24 | .HasColumnType("INTEGER");
25 |
26 | b.Property("PasswordHash")
27 | .IsRequired()
28 | .HasColumnType("BLOB");
29 |
30 | b.Property("PasswordSalt")
31 | .IsRequired()
32 | .HasColumnType("BLOB");
33 |
34 | b.Property("RefreshToken")
35 | .IsRequired()
36 | .HasColumnType("TEXT");
37 |
38 | b.Property("Role")
39 | .IsRequired()
40 | .HasColumnType("TEXT");
41 |
42 | b.Property("TokenCreated")
43 | .HasColumnType("TEXT");
44 |
45 | b.Property("TokenExpires")
46 | .HasColumnType("TEXT");
47 |
48 | b.Property("Username")
49 | .IsRequired()
50 | .HasColumnType("TEXT");
51 |
52 | b.HasKey("Id");
53 |
54 | b.ToTable("Users");
55 | });
56 | #pragma warning restore 612, 618
57 | }
58 | }
59 | }
60 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Models/AuthResponseDto.cs:
--------------------------------------------------------------------------------
1 | namespace AuthenticationWebApi.Models
2 | {
3 | public class AuthResponseDto
4 | {
5 | public bool Success { get; set; } = false;
6 | public string Message { get; set; } = string.Empty;
7 | public string Token { get; set; } = string.Empty;
8 | public string RefreshToken { get; set; } = string.Empty;
9 | public DateTime TokenExpires { get; set; }
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Models/RefreshToken.cs:
--------------------------------------------------------------------------------
1 | namespace AuthenticationWebApi.Models
2 | {
3 | public class RefreshToken
4 | {
5 | public string Token { get; set; } = string.Empty;
6 | public DateTime Created { get; set; }
7 | public DateTime Expires { get; set; }
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Models/User.cs:
--------------------------------------------------------------------------------
1 | namespace AuthenticationWebApi.Models
2 | {
3 | public class User
4 | {
5 | public int Id { get; set; }
6 | public string Username { get; set; } = string.Empty;
7 | public byte[] PasswordHash { get; set; } = new byte[32];
8 | public byte[] PasswordSalt { get; set; } = new byte[32];
9 | public string RefreshToken { get; set; } = string.Empty;
10 | public DateTime TokenCreated { get; set; }
11 | public DateTime TokenExpires { get; set; }
12 | public string Role { get; set; } = string.Empty;
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Models/UserDto.cs:
--------------------------------------------------------------------------------
1 | namespace AuthenticationWebApi.Models
2 | {
3 | public class UserDto
4 | {
5 | public string Username { get; set; } = string.Empty;
6 | public string Password { get; set; } = string.Empty;
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Program.cs:
--------------------------------------------------------------------------------
1 | global using AuthenticationWebApi.Models;
2 | global using AuthenticationWebApi.Services.AuthService;
3 | global using Microsoft.EntityFrameworkCore;
4 | global using AuthenticationWebApi.Data;
5 | global using Microsoft.IdentityModel.Tokens;
6 | using Microsoft.AspNetCore.Authentication.JwtBearer;
7 | using Microsoft.OpenApi.Models;
8 | using Swashbuckle.AspNetCore.Filters;
9 |
10 | var builder = WebApplication.CreateBuilder(args);
11 |
12 | // Add services to the container.
13 |
14 | builder.Services.AddControllers();
15 | // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
16 | builder.Services.AddEndpointsApiExplorer();
17 | builder.Services.AddSwaggerGen(options =>
18 | {
19 | options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
20 | {
21 | Description = "Standard Authorization header using the Bearer scheme (\"Bearer {token} \")",
22 | In = ParameterLocation.Header,
23 | Name = "Authorization",
24 | Type = SecuritySchemeType.ApiKey
25 | });
26 |
27 | options.OperationFilter();
28 | });
29 | builder.Services.AddScoped();
30 | builder.Services.AddDbContext(options =>
31 | options.UseSqlite("Data Source=auth.db"));
32 | builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
33 | .AddJwtBearer(options =>
34 | {
35 | options.TokenValidationParameters = new TokenValidationParameters
36 | {
37 | ValidateIssuerSigningKey = true,
38 | IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8
39 | .GetBytes(builder.Configuration.GetSection("AppSettings:Token").Value)),
40 | ValidateIssuer = false,
41 | ValidateAudience = false
42 | };
43 | });
44 | builder.Services.AddHttpContextAccessor();
45 |
46 | var app = builder.Build();
47 |
48 | // Configure the HTTP request pipeline.
49 | if (app.Environment.IsDevelopment())
50 | {
51 | app.UseSwagger();
52 | app.UseSwaggerUI();
53 | }
54 |
55 | app.UseHttpsRedirection();
56 |
57 | app.UseAuthentication();
58 |
59 | app.UseAuthorization();
60 |
61 | app.MapControllers();
62 |
63 | app.Run();
64 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Properties/launchSettings.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://json.schemastore.org/launchsettings.json",
3 | "iisSettings": {
4 | "windowsAuthentication": false,
5 | "anonymousAuthentication": true,
6 | "iisExpress": {
7 | "applicationUrl": "http://localhost:2811",
8 | "sslPort": 44302
9 | }
10 | },
11 | "profiles": {
12 | "AuthenticationWebApi": {
13 | "commandName": "Project",
14 | "dotnetRunMessages": true,
15 | "launchBrowser": true,
16 | "launchUrl": "swagger",
17 | "applicationUrl": "https://localhost:7008;http://localhost:5008",
18 | "environmentVariables": {
19 | "ASPNETCORE_ENVIRONMENT": "Development"
20 | }
21 | },
22 | "IIS Express": {
23 | "commandName": "IISExpress",
24 | "launchBrowser": true,
25 | "launchUrl": "swagger",
26 | "environmentVariables": {
27 | "ASPNETCORE_ENVIRONMENT": "Development"
28 | }
29 | }
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Services/AuthService/AuthService.cs:
--------------------------------------------------------------------------------
1 | using System.IdentityModel.Tokens.Jwt;
2 | using System.Security.Claims;
3 | using System.Security.Cryptography;
4 |
5 | namespace AuthenticationWebApi.Services.AuthService
6 | {
7 | public class AuthService : IAuthService
8 | {
9 | private readonly DataContext _context;
10 | private readonly IConfiguration _configuration;
11 | private readonly IHttpContextAccessor _httpContextAccessor;
12 |
13 | public AuthService(DataContext context, IConfiguration configuration, IHttpContextAccessor httpContextAccessor)
14 | {
15 | _context = context;
16 | _configuration = configuration;
17 | _httpContextAccessor = httpContextAccessor;
18 | }
19 |
20 | public async Task Login(UserDto request)
21 | {
22 | var user = await _context.Users.FirstOrDefaultAsync(u => u.Username == request.Username);
23 | if (user == null)
24 | {
25 | return new AuthResponseDto { Message = "User not found." };
26 | }
27 |
28 | if (!VerifyPasswordHash(request.Password, user.PasswordHash, user.PasswordSalt))
29 | {
30 | return new AuthResponseDto { Message = "Wrong Password." };
31 | }
32 |
33 | string token = CreateToken(user);
34 | var refreshToken = CreateRefreshToken();
35 | SetRefreshToken(refreshToken, user);
36 |
37 | return new AuthResponseDto
38 | {
39 | Success = true,
40 | Token = token,
41 | RefreshToken = refreshToken.Token,
42 | TokenExpires = refreshToken.Expires
43 | };
44 | }
45 |
46 | public async Task RegisterUser(UserDto request)
47 | {
48 | CreatePasswordHash(request.Password, out byte[] passwordHash, out byte[] passwordSalt);
49 |
50 | var user = new User
51 | {
52 | Username = request.Username,
53 | PasswordHash = passwordHash,
54 | PasswordSalt = passwordSalt
55 | };
56 |
57 | _context.Users.Add(user);
58 | await _context.SaveChangesAsync();
59 |
60 | return user;
61 | }
62 |
63 | public async Task RefreshToken()
64 | {
65 | var refreshToken = _httpContextAccessor?.HttpContext?.Request.Cookies["refreshToken"];
66 | var user = await _context.Users.FirstOrDefaultAsync(u => u.RefreshToken == refreshToken);
67 | if(user == null)
68 | {
69 | return new AuthResponseDto { Message = "Invalid Refresh Token" };
70 | }
71 | else if(user.TokenExpires < DateTime.Now)
72 | {
73 | return new AuthResponseDto { Message = "Token expired." };
74 | }
75 |
76 | string token = CreateToken(user);
77 | var newRefreshToken = CreateRefreshToken();
78 | SetRefreshToken(newRefreshToken, user);
79 |
80 | return new AuthResponseDto
81 | {
82 | Success = true,
83 | Token = token,
84 | RefreshToken = newRefreshToken.Token,
85 | TokenExpires = newRefreshToken.Expires
86 | };
87 | }
88 |
89 | private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
90 | {
91 | using (var hmac = new HMACSHA512(passwordSalt))
92 | {
93 | var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
94 | return computedHash.SequenceEqual(passwordHash);
95 | }
96 | }
97 |
98 | private void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
99 | {
100 | using (var hmac = new HMACSHA512())
101 | {
102 | passwordSalt = hmac.Key;
103 | passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
104 | }
105 | }
106 |
107 | private string CreateToken(User user)
108 | {
109 | List claims = new List
110 | {
111 | new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
112 | new Claim(ClaimTypes.Name, user.Username),
113 | new Claim(ClaimTypes.Role, user.Role)
114 | };
115 |
116 | var key = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(
117 | _configuration.GetSection("AppSettings:Token").Value));
118 |
119 | var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
120 |
121 | var token = new JwtSecurityToken(
122 | claims: claims,
123 | expires: DateTime.Now.AddDays(1),
124 | signingCredentials: creds);
125 |
126 | var jwt = new JwtSecurityTokenHandler().WriteToken(token);
127 |
128 | return jwt;
129 | }
130 |
131 | private RefreshToken CreateRefreshToken()
132 | {
133 | var refreshToken = new RefreshToken
134 | {
135 | Token = Convert.ToBase64String(RandomNumberGenerator.GetBytes(64)),
136 | Expires = DateTime.Now.AddDays(7),
137 | Created = DateTime.Now
138 | };
139 |
140 | return refreshToken;
141 | }
142 |
143 | private async void SetRefreshToken(RefreshToken refreshToken, User user)
144 | {
145 | var cookieOptions = new CookieOptions
146 | {
147 | HttpOnly = true,
148 | Expires = refreshToken.Expires,
149 | };
150 | _httpContextAccessor?.HttpContext?.Response
151 | .Cookies.Append("refreshToken", refreshToken.Token, cookieOptions);
152 |
153 | user.RefreshToken = refreshToken.Token;
154 | user.TokenCreated = refreshToken.Created;
155 | user.TokenExpires = refreshToken.Expires;
156 |
157 | await _context.SaveChangesAsync();
158 | }
159 | }
160 | }
161 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/Services/AuthService/IAuthService.cs:
--------------------------------------------------------------------------------
1 | namespace AuthenticationWebApi.Services.AuthService
2 | {
3 | public interface IAuthService
4 | {
5 | Task RegisterUser(UserDto request);
6 | Task Login(UserDto request);
7 | Task RefreshToken();
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/WeatherForecast.cs:
--------------------------------------------------------------------------------
1 | namespace AuthenticationWebApi
2 | {
3 | public class WeatherForecast
4 | {
5 | public DateTime Date { get; set; }
6 |
7 | public int TemperatureC { get; set; }
8 |
9 | public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
10 |
11 | public string? Summary { get; set; }
12 | }
13 | }
--------------------------------------------------------------------------------
/AuthenticationWebApi/appsettings.Development.json:
--------------------------------------------------------------------------------
1 | {
2 | "Logging": {
3 | "LogLevel": {
4 | "Default": "Information",
5 | "Microsoft.AspNetCore": "Warning"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/AuthenticationWebApi/appsettings.json:
--------------------------------------------------------------------------------
1 | {
2 | "AppSettings": {
3 | "Token" : "my top secret key"
4 | },
5 | "Logging": {
6 | "LogLevel": {
7 | "Default": "Information",
8 | "Microsoft.AspNetCore": "Warning"
9 | }
10 | },
11 | "AllowedHosts": "*"
12 | }
13 |
--------------------------------------------------------------------------------