Rolling My Own Auth

My first full web app project.

API: C# ASP.NET Core 5, Frontend: React, Admin GUI: ASP RazorPages

I wanted to learn how to log users in and out of an app. It morphed into this large project where I designed my own authentication system from scratch.

I wouldn't do this again, because "you don't know what you don't know". So there is bound to be security flaws in this if I wrote it myself.

Ideally you want to use an industry standard product to do the user authentication that has many security professionals focusing on it.

Alternatives could be cloud-based (AWS Cognito, Google Firebase Auth), authentication servers (Identity Server, Keycloak) or authentication frameworks (Identity Core or Spring Auth).

It was a really good project to learn about authentication!

What I learned

JWT Tokens

Session cookies

User login authentication flow

Password reset authentication flow

User Roles

SQL injection protection techniques

Validating user input

ASP Web Api

ASP Razor Pages

ASP Hosted React Client

SQL Server

Entity Framework Core

Serilog Logging

API to API communications

Lots and lots of troubleshooting

Basic web app deployment

Take A Look

The idea is that you can "plug in" your own app to this authentication system. So it will look bare bones.

I did host this app on Smarterasp.net originally but their infrastructure was VERY slow.

They are cheap, but the web app isn't ALWAYS RUNNING. When 15mins without traffic passes, they shut down the VMs.

So I have discontinued the hosting, the git repos will have to do...

Github Repo for the project is here - Repo

Project Discussion Document is here - Repo