Review of Secure API Development and Authentication Mechanisms in ASP.NET Core Applications
DOI:
https://doi.org/10.63282/3050-922X.IJERET-V7I1P135Keywords:
ASP.NET Core, Secure API Development, Authentication, Authorization, SON Web Token (JWT), OAuth 2.0Abstract
ASP.NET Core applications API development and authentication. It discusses the security design of ASP.NET Core, which is structured as a modular design, an HTTP request pipeline built on middleware, and is integrated with CoreCLR, CoreFX, and Kestrel web server. Some of the key security features discussed in the study include authentication, authorization, data protection, enforcement of the HTTPS protocol, and security headers. The different authentication systems, such as claims-based authentication, token authentication using JWT, OAuth 2.0, OpenID Connect, etc., are examined in terms of the working principles, tokens, and delegated authorization. Additionally, the paper covers the common API security concerns, including injection attacks, broken authentication, insecure data transmission, and denial-of-service attacks. It also recommends best practices, such as rate restriction, safe code, API gateway, and continual monitoring, to mitigate these threats. The traditional and modern security methods are compared and contrasted to demonstrate the superiority of the token-based security model and the zero-trust model for scalable, cloud-native ASP.NET Core frameworks.
References
[1] R. Koçi, X. Franch, P. Jovanovic, and A. Abelló, “Web API evolution patterns: A usage-driven approach,” J. Syst. Softw., vol. 198, p. 111609, Apr. 2023, doi: 10.1016/j.jss.2023.111609.
[2] S. Prakash, “Web APIs -Uses , Roll , Challenges , Design points , in applications,” Int. J. Creat. Res. Thoughts, vol. 13, no. 3, pp. 352–363, 2025.
[3] J. W. Sajja, “Building Secure AI Agents for Autonomous Data Access in Compliance/Regulatory-Critical Environments,” Comput. Fraud Secur., pp. 363–373, Sep. 2024, doi: 10.52710/cfs. 746.
[4] T. P. Gbenle, A. A. Abayomi, A. C. Uzoka, J. C. Ogeawuchi, O. S. Adanigbo, and O. T. Odofin, “Applying OAuth2 and JWT Protocols in Securing Distributed API Gateways: Best Practices and Case Review,” Int. J. Multidiscip. Res. Growth Eval., vol. 3, no. 5, pp. 628–634, 2022, doi: 10.54660/.IJMRGE.2022.3.5.628-634.
[5] N. Prajapati, “The Role of Machine Learning in Big Data Analytics: Tools, Techniques, and Applications,” ESP J. Eng. Technol. Adv., vol. 5, no. 2, 2025, doi: 10.56472/25832646/JETA-V5I2P103.
[6] S. Koukuntla, “Secure API Design and Authentication Strategies for Distributed Microservices Systems,” Int. J. Contemp. Res. Multidiscip., vol. 3, no. 5, pp. 274–282, 2024.
[7] M. A. Rizvi and N. Jain, “Securing RESTful APIs with Middleware-based Threat Mitigation,” Int. J. Comput. Appl., vol. 27, no. 5, pp. 52–60, 2025, doi: 10.5120/ijca2026926220.
[8] G. Modalavalasa, “Exploring Big Data Role in Modern Business Strategies: A Survey with Techniques and Tools,” Int. J. Adv. Res. Sci. Commun. Technol., pp. 431–441, 2023, doi: 10.48175/ijarsct-11900b.
[9] F. Tanveer, F. Iradat, W. Iqbal, and A. Ahmad, “Towards Secure APIs: A Survey on RESTful API Vulnerability Detection,” Comput. Mater. Contin., vol. 84, no. 3, pp. 4223–4257, 2025, doi: 10.32604/cmc. 2025.067536.
[10] H. P. Kapadia, “Voice and Conversational Interfaces in Banking Web Apps,” J. Emerg. Technol. Innov. Res., vol. 8, no. 6, pp. g817–g823, 2021.
[11] H. P. Kapadia, “AI Enhanced Web Accessibility Features,” vol. 8, no. 4, pp. 476–483, 2021.
[12] D. Patel, “The Role of Amazon Web Services in Modern Cloud Architecture: Key Strategies for Scalable Deployment and Integration,” Asian J. Comput. Sci. Eng., vol. 9, no. 4, pp. 1–9, 2024.
[13] P. R. Rao, S. Jain, and D. P. Tyagi, “Enhancing Web Application Performance : ASP . NET Core MVC And Azure Solutions,” J. Emerg. Trends Nov. Res., vol. 2, no. 5, pp. 309–326, 2024.
[14] S. K. Chintagunta and S. Amrale, “A Deep Learning Framework for Adaptive E- Learning : Integrating Learning Style Detection in Web-Based Platforms,” Int. J. Adv. Res. Sci. Commun. Technol., pp. 716–727, 2024, doi: 10.48175/IJARSCT-19397.
[15] A. Talekattu, R. Katiyar, and S. B, “Design of Web Applications in ASP.NET,” Int. J. Res. Appl. Sci. Eng. Technol., vol. 12, no. 6, pp. 536–541, Jun. 2024, doi: 10.22214/ijraset.2024.63128.
[16] A. Warrier, “Securing and Scaling API Gateways in Hybrid Environments,” J. Artif. Intell. Mach. Learn. Data Sci., vol. 3, no. 3, pp. 2914–2920, Sep. 2025, doi: 10.51219/JAIMLD/Arjun-warrier/607.
[17] P. R. Marapatla, “Building a Comprehensive API Ecosystem for Non-profit Digital Analytics,” Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., vol. 11, no. 1, pp. 1167–1172, Jan. 2025, doi: 10.32628/CSEIT251112121.
[18] A. R. Toorpu, S. K. Vududala, A. Nerella, and B. P. Madupati, “Hybrid AI Models for Privacy-Preserving Big Data Analytics in Distributed Environments,” in 2025 Global Conference in Emerging Technology (GINOTECH), IEEE, May 2025, pp. 1–8. doi: 10.1109/GINOTECH63460.2025.11076666.
[19] B. B. Rao and A. A. Waoo, “A Token-Based Authentication System That Identifies Users And Device In An Iot Application/Ecosystem,” Journal Emerg. Technol. Innov. Res., vol. 7, no. 10, pp. 3066–3069, 2020.
[20] P. R. Marapatla, “Intelligent APIs: AI-Powered Ecosystem for Nonprofit Digital Transformation,” J. Inf. Syst. Eng. Manag., vol. 10, no. 60s, pp. 605–618, Sep. 2025, doi: 10.52783/jisem.v10i60s.13174.
[21] P. Rujichaikul and I. Rassameeroj, “Token-Based Authentication Monitoring System,” J. Cyber Secur. Mobil., vol. 14, no. 4, pp. 777–798, oct. 2025, doi: 10.13052/jcsm2245-1439.1441.
[22] A. Nerella and J. W. Sajja, “Responsible AI in Enterprise Applications: Balancing Innovation and Compliance,” Comput. Fraud Secur., vol. 2023, no. 7, Jul. 2023, doi: 10.52710/cfs. 744.
[23] A. Syed, “Securing IoT-Driven Supply Chains,” in Supply Chain Software Security, Berkeley, CA: Apress, 2024, pp. 289–342. doi: 10.1007/979-8-8688-0799-2_7.
[24] V. Chandra, N. Challa, and S. K. Pasupuletti, “Authentication and Authorization Mechanism for Cloud Security,” Int. J. Eng. Adv. Technol., vol. 8, no. 6, pp. 2072–2078, Aug. 2019, doi: 10.35940/ijeat.F8473.088619.
[25] M. R. R. Deva, “A review of application programming interface management systems and their role in seamless integration between software applications,” Asian J. Comput. Sci. Eng., vol. 9, no. 1, pp. 1–9, 2025.
[26] M. I. Hussain and N. Dilber, “RESTful Web Services Security By Using ASP.NET Web API MVC-Based,” J. Indep. Stud. Res. Comput., vol. 12, no. 1, 2014, doi: 10.31645/2014.12.1.1.
[27] A. H. Yadav, N. J. Yadav, and O. B. Singh, “Enhancing API Security: Strategies, Challenges, and Best Practices,” Int. J. Res. Publ. Rev., vol. 5, no. 6, pp. 2900–2906, 2024, doi: 10.2139/ssrn.4909110.
[28] A. Warrier, “Enterprise Healthcare API Management: Authentication, Authorization, and Rate Limiting for Regulated Environments,” J. Adv. Dev. Res., vol. 10, no. 1, jun. 2019, doi: 10.71097/IJAIDR.v10.i1.1572.
[29] S. Thangavel, S. Srinivasan, S. B. V. Naga, and K. Narukulla, “Distributed Machine Learning for Big Data Analytics: Challenges, Architectures, and Optimizations,” Int. J. Artif. Intell. Data Sci. Mach. Learn., vol. 4, no. 3, pp. 18–30, Oct. 2023, doi: 10.63282/3050-9262.IJAIDSML-V4I3P103.
[30] S. S. Chinthalapudi, “Enhancing Security in ASP.NET Core Applications: Implementing Oauth, JWT, and Zero-Trust Models,” Int. J. Innov. Sci. Res. Technol., vol. 10, no. 3, pp. 2561–2575, Apr. 2025, doi: 10.38124/ijisrt/25mar1677.
[31] V. Borate, A. Adsul, and S. Bhusari, “Securing APIs: Strategies, Standards, and Best Practices,” Int. J. Adv. Res. Sci. Commun. Technol., vol. 5, no. 3, pp. 208–217, Nov. 2025, doi: 10.48175/IJARSCT-29828.
[32] J. E. Kofi, “Monitoring Cloud Performance Metrics Utilizing AI to Estimate the Efficiency of Cloud Operations,” in 2025 7th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), IEEE, Dec. 2025, pp. 1–6. doi: 10.1109/ISAECT68904.2025.11318827.
[33] A. G. Bhartariya, S. K. Singh, and A. K. Bharti, “Framework for Data Integration in Cross-Domain Pervasive Environments: Lightweight and Secure Restful Api,” J. Theor. Appl. Inf. Technol., vol. 103, no. 18, pp. 7362–7375, 2025.
[34] A. C C and L. A. Varghese, “A Scalable OAuth 2.0-Based Authorization Framework for Secure Resource Access in Distributed Systems,” Int. J. Creat. Res. THOUGHTS, vol. 13, no. 5, pp. 381–391, 2025, doi: 10.56975/ijcrt.v13i5.286865.
[35] E. Hofmann, “Advancing Web Application Architectures: Evolution from ASP.NET to ASP.NET Core and the Integration of Semantic and Event-Driven Frameworks,” Int. J. Mod. Med., vol. 04, no. 10, pp. 131–139, 2025.
[36] C. McCabe, A. I. C. Mohideen, and R. Singh, “A Blockchain-Based Authentication Mechanism for Enhanced Security,” Sensors, vol. 24, no. 17, p. 5830, Sep. 2024, doi: 10.3390/s24175830.
[37] M. A. Talekattu, “Design of Web Applications in ASP.NET,” Int. J. Res. Appl. Sci. Eng. Technol., vol. 12, no. 6, pp. 536–541, Jun. 2024, doi: 10.22214/ijraset.2024.63128.
[38] S. Phanireddy, “Securing RESTful APIs in Microservices Architectures: A Comprehensive Threat Model and Mitigation Framework,” Int. J. Emerg. Res. Eng. Technol., vol. 4, no. 2, pp. 64–73, 2023, doi: 10.63282/3050-922X.IJERET-V4I2P107.
