User Auth Project
Rolling My Own Auth
My first full web app project.
API: C# ASP.NET Core 5, Frontend: React, Admin GUI: ASP RazorPages
I wanted to learn how to log users in and out of an app. It morphed into this large project where I designed my own authentication system from scratch.
I wouldn't do this again, because "you don't know what you don't know". So there is bound to be security flaws in this if I wrote it myself.
Ideally you want to use an industry standard product to do the user authentication that has many security professionals focusing on it.
Alternatives could be cloud-based (AWS Cognito, Google Firebase Auth), authentication servers (Identity Server, Keycloak) or authentication frameworks (Identity Core or Spring Auth).
It was a really good project to learn about authentication!
What I learned
JWT Tokens
Session cookies
User login authentication flow
Password reset authentication flow
User Roles
SQL injection protection techniques
Validating user input
ASP Web Api
ASP Razor Pages
ASP Hosted React Client
SQL Server
Entity Framework Core
Serilog Logging
API to API communications
Lots and lots of troubleshooting
Basic web app deployment
Take A Look
The idea is that you can "plug in" your own app to this authentication system. So it will look bare bones.
I did host this app on Smarterasp.net originally but their infrastructure was VERY slow.
They are cheap, but the web app isn't ALWAYS RUNNING. When 15mins without traffic passes, they shut down the VMs.
So I have discontinued the hosting, the git repos will have to do...
Github Repo for the project is here - Repo
Project Discussion Document is here - Repo