Skip to main content

AuthController

The AuthController handles authentication and authorization for the SWMM API using JWT tokens.

Overview

This controller provides login and logout functionality for API users. It uses configuration-based authentication with JWT token generation.

Data Sources

  • Configuration: Uses appsettings.json for storing API credentials and JWT settings
  • No Database Storage: Authentication is stateless and doesn't persist user sessions

Endpoints

POST /api/auth/login

Authenticates a user and returns a JWT token.

Request Body:

{
"userName": "string",
"password": "string"
}

Response:

  • 200 OK: Returns JWT token as string
  • 401 Unauthorized: Invalid credentials
  • 500 Internal Server Error: Configuration error

Data Flow:

Configuration Requirements:

  • Auth:ApiUser:Username - Configured username
  • Auth:ApiUser:Password - Configured password
  • Jwt:Issuer - Token issuer
  • Jwt:Audience - Token audience
  • Jwt:Key - Signing key for JWT

POST /api/auth/logout

Logs out the current user (stateless operation).

Headers Required:

  • Authorization: Bearer <jwt_token>

Response:

  • 200 OK: Success message
  • 401 Unauthorized: Invalid or missing token

Data Flow:

Security Considerations

  1. JWT Token Expiration: Tokens expire after 5 minutes
  2. Stateless Authentication: No server-side session storage
  3. Configuration Security: Credentials stored in appsettings.json
  4. Token Validation: Uses HMAC-SHA512 signature algorithm

Error Handling

  • Logs invalid login attempts with username
  • Returns appropriate HTTP status codes
  • Stores errors in application logs

Dependencies

  • Microsoft.IdentityModel.Tokens
  • System.IdentityModel.Tokens.Jwt
  • Microsoft.AspNetCore.Authorization