This project demonstrates how to create an ASP.NET Core 8 Web API for user registration and login using JWT (JSON Web Tokens) for authentication. It uses Dapper for database interaction, PostgreSQL as the database and Docker for containerization. Swagger is also integrated for easy API testing.
- JWT Authentication: Secure user authentication with JWT tokens.
- User Registration and Login: Users can register and log in to receive JWT tokens.
- HttpOnly Cookies: JWT tokens are stored in secure HttpOnly cookies for better security.
- Dapper: Lightweight ORM for database access with PostgreSQL.
- PostgreSQL: Database management system.
- Swagger: API documentation and testing interface.
- Docker Support: Easily containerize and run the application using Docker.
git clone https://github.com/galaridor/dotnet8-webapi-auth.gitEnsure you have the required NuGet packages installed:
dotnet add package Dapper
dotnet add package Npgsql
dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer
dotnet add package Swashbuckle.AspNetCore
dotnet add package FluentValidation- Create a PostgreSQL database:
CREATE DATABASE jwt_demo;
Upon application startup, the database initializer will ensure the Users table is created (if it doesn't exist). A default admin user is created with the following credentials:
Username: Administrator
Password: Administrator1!
-
Update the connection string in
appsettings.jsonwith your PostgreSQL credentials:{ "ConnectionStrings": { "DefaultConnection": "Host=localhost;Database=jwt_demo;Username=youruser;Password=yourpassword" } }
Ensure your JWT key in appsettings.json is at least 32 characters long:
{
"Jwt": {
"Key": "YourSuperSecretKeyAtLeast32Characters",
"Issuer": "YourAppIssuer",
"Audience": "YourAppAudience",
"TokenExpiryMinutes": 30
}
}Use the following command to run the application:
dotnet runThe API will be running at https://localhost:<port>.
Swagger UI is available at https://localhost:<port>/swagger. You can use it to test the following endpoints:
- Register a new user.
- Request Body:
{ "username": "string", "password": "string" }
- Log in a registered user and receive a JWT token stored in a HttpOnly cookie.
- Request Body:
{ "username": "string", "password": "string" }
Upon successful login, you will receive a JWT token in an HttpOnly cookie. Use this token to access protected routes by making requests to the API without needing to handle the token directly in the client.
You can run this application in a Docker container for easier deployment and management.
docker build -t your-api-image .docker run -p 8080:8080 your-api-imageThis will expose the application on http://localhost:8080.
Navigate to http://localhost:8080/swagger to test the API.
Controllers/- Contains theAuthControllerfor handling registration and login.Database/- ContainsDatabaseInitializerandDbConnectionFactoryfor initializing the databse.Extensions/- ContainsServiceExtensionsto register Authentication service andSwaggerExtensionsto register swagger.Models/- Contains theUser,RegisterDto, andLoginDtomodels.Services/- Contains theAuthServicewhich manages registration, login, and JWT generation.Repositories/- Contains theUserRepositorywhich handles database interactions using Dapper.Validation/- Contains theRegisterDtoValidatorfor validating user registration.
- JWT Key Size Error: Ensure that the JWT key in your
appsettings.jsonis at least 32 characters long. - Database Connection: Double-check your PostgreSQL connection string in
appsettings.jsonand ensure the PostgreSQL service is running. - Docker Issues: Ensure Docker is installed and running, and that the correct ports are exposed in the container.
This project is licensed under the MIT License. See the LICENSE file for details.