AuthController
The AuthController handles authentication and authorization for the SWMM API using JWT tokens.
Overview
This controller provides login and logout functionality for API users. It uses configuration-based authentication with JWT token generation.
Data Sources
- Configuration: Uses
appsettings.jsonfor storing API credentials and JWT settings - No Database Storage: Authentication is stateless and doesn't persist user sessions
Endpoints
POST /api/auth/login
Authenticates a user and returns a JWT token.
Request Body:
{
"userName": "string",
"password": "string"
}
Response:
- 200 OK: Returns JWT token as string
- 401 Unauthorized: Invalid credentials
- 500 Internal Server Error: Configuration error
Data Flow:
Configuration Requirements:
Auth:ApiUser:Username- Configured usernameAuth:ApiUser:Password- Configured passwordJwt:Issuer- Token issuerJwt:Audience- Token audienceJwt:Key- Signing key for JWT
POST /api/auth/logout
Logs out the current user (stateless operation).
Headers Required:
Authorization: Bearer <jwt_token>
Response:
- 200 OK: Success message
- 401 Unauthorized: Invalid or missing token
Data Flow:
Security Considerations
- JWT Token Expiration: Tokens expire after 5 minutes
- Stateless Authentication: No server-side session storage
- Configuration Security: Credentials stored in
appsettings.json - Token Validation: Uses HMAC-SHA512 signature algorithm
Error Handling
- Logs invalid login attempts with username
- Returns appropriate HTTP status codes
- Stores errors in application logs
Dependencies
Microsoft.IdentityModel.TokensSystem.IdentityModel.Tokens.JwtMicrosoft.AspNetCore.Authorization