Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] - User Authentication and Authorization #7

Closed
4 of 5 tasks
RespectMathias opened this issue Nov 6, 2024 · 0 comments · Fixed by #21
Closed
4 of 5 tasks

[Feature] - User Authentication and Authorization #7

RespectMathias opened this issue Nov 6, 2024 · 0 comments · Fixed by #21
Assignees

Comments

@RespectMathias
Copy link
Contributor

RespectMathias commented Nov 6, 2024

Description

Implement User Authentication and Authorization using Microsoft Identity, ensuring secure login, logout, and role-based access control specific to Razor Pages with SQLite as the database. This will leverage HTMX for interactive front-end behavior and Bootstrap for styling, adhering to secure practices.

Motivation

Secure and structured authentication and authorization are essential to protect user data and ensure that only authorized users access particular functionalities, preserving the application’s integrity.

Proposed Solution

  • Microsoft Identity Integration: Use Microsoft’s Core Identity package for managing users, roles, and claims, aligning with the ASP.NET ecosystem.
  • Password Security: Ensure password encryption through Microsoft Identity’s default secure hashing (bcrypt) and storage mechanisms.
  • Role-Based Access Control: Set up role-based access to distinguish functionalities between regular users and admins, managed within Identity.
  • Session Management and CSRF Protection: Enable secure session management, anti-forgery tokens, and other protections provided by ASP.NET Core Identity to mitigate risks.
  • Data Privacy Compliance: Integrate user data management options compliant with GDPR and CCPA, allowing users to manage their information securely.
  • SQLite Configuration: Configure Identity to store user credentials and roles in an SQLite database, suitable for lightweight applications and development environments.

Acceptance Criteria

  • User authentication and role-based authorization are fully implemented.
  • Secure password encryption and session management.
  • Role-based access is verified for regular users and admins.
  • Meets all proposed security measures.
  • Tests are included for authentication and authorization flows.

Additional Info

  • Security Testing: Conduct thorough testing for vulnerabilities, including OWASP-recommended checks.
  • Password Recovery: Enable secure token-based password recovery and account management options for users.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant