GaleForce.Services.Auth 1.0.0

.NET 8.0

dotnet add package GaleForce.Services.Auth --version 1.0.0

NuGet\Install-Package GaleForce.Services.Auth -Version 1.0.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="GaleForce.Services.Auth" Version="1.0.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="GaleForce.Services.Auth" Version="1.0.0" />
                    

                            Directory.Packages.props

<PackageReference Include="GaleForce.Services.Auth" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add GaleForce.Services.Auth --version 1.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: GaleForce.Services.Auth, 1.0.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package GaleForce.Services.Auth@1.0.0

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=GaleForce.Services.Auth&version=1.0.0
                    

                            Install as a Cake Addin

#tool nuget:?package=GaleForce.Services.Auth&version=1.0.0
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

GaleForce.Services.Auth

.NET authentication services library providing password hashing and email functionality.

Features

PBKDF2 Password Hashing - Secure password hashing with SHA256 (100,000 iterations)
SMTP Email Sender - Production email sending via SMTP (PurelyMail, SendGrid, etc.)
Development Email Logger - Console logging for local development
Easy DI Setup - Simple dependency injection registration

Installation

# Local reference (not yet published to NuGet)
dotnet add reference path/to/GaleForce.Services/dotnet/GaleForce.Services.Auth/GaleForce.Services.Auth.csproj

Quick Start

1. Register Services

// Program.cs
using GaleForce.Services.Auth.Extensions;

builder.Services.AddGaleForceAuth(builder.Configuration);

2. Configure Email (appsettings.json)

{
  "Email": {
    "SmtpHost": "smtp.purelymail.com",
    "SmtpPort": 587,
    "UseSsl": true,
    "SmtpUsername": "noreply@example.com",
    "SmtpPassword": "your-password",
    "DefaultFromEmail": "noreply@example.com",
    "DefaultFromName": "Example App"
  }
}

3. Use in Controllers/Services

using GaleForce.Services.Auth.Services;

public class AuthController : ControllerBase
{
    private readonly IPasswordHasher _passwordHasher;
    private readonly IEmailSender _emailSender;

    public AuthController(
        IPasswordHasher passwordHasher,
        IEmailSender emailSender)
    {
        _passwordHasher = passwordHasher;
        _emailSender = emailSender;
    }

    [HttpPost("register")]
    public async Task<IActionResult> Register(RegisterRequest request)
    {
        // Hash password
        var passwordHash = _passwordHasher.HashPassword(request.Password);

        // Save user with hashed password...
        var user = new User
        {
            Email = request.Email,
            PasswordHash = passwordHash
        };

        // Send welcome email
        await _emailSender.SendEmailAsync(
            toEmail: user.Email,
            subject: "Welcome!",
            htmlBody: "<p>Thanks for registering!</p>"
        );

        return Ok();
    }

    [HttpPost("login")]
    public IActionResult Login(LoginRequest request)
    {
        var user = GetUserByEmail(request.Email);

        // Verify password
        if (!_passwordHasher.VerifyPassword(request.Password, user.PasswordHash))
        {
            return Unauthorized();
        }

        return Ok(new { token = GenerateToken(user) });
    }
}

API Reference

IPasswordHasher

string HashPassword(string password);
bool VerifyPassword(string password, string storedHash);
bool NeedsUpgrade(string storedHash);

IEmailSender

Task SendEmailAsync(
    string toEmail,
    string subject,
    string htmlBody,
    string? textBody = null,
    string? fromEmail = null,
    string? fromName = null,
    CancellationToken ct = default);

Configuration Options

// appsettings.json
{
  "Email": {
    "SmtpHost": "smtp.purelymail.com",    // SMTP server
    "SmtpPort": 587,                      // SMTP port (587 for TLS)
    "UseSsl": true,                       // Use SSL/TLS
    "SmtpUsername": "user@example.com",   // SMTP username
    "SmtpPassword": "password",           // SMTP password
    "DefaultFromEmail": "noreply@example.com",
    "DefaultFromName": "App Name",
    "TimeoutMs": 30000                    // Timeout (default 30s)
  }
}

Development Mode

If SmtpPassword is not configured, the library automatically uses DevEmailSender which logs emails to console instead of sending them.

// Or explicitly use dev email sender
builder.Services.AddGaleForceAuthWithDevEmail();

Security Best Practices

Password Hashing

Uses PBKDF2-SHA256 with 100,000 iterations (OWASP recommended)
Generates cryptographically secure random salt (256 bits)
Constant-time comparison to prevent timing attacks
Stores salt + hash as Base64 string

Password Reset Tokens

Generate cryptographically secure random tokens
Set expiration time (recommend 1 hour)
Invalidate token after use
Store tokens in database (see PasswordResetToken model)

Email Providers

PurelyMail

{
  "Email": {
    "SmtpHost": "smtp.purelymail.com",
    "SmtpPort": 587,
    "UseSsl": true
  }
}

SendGrid

{
  "Email": {
    "SmtpHost": "smtp.sendgrid.net",
    "SmtpPort": 587,
    "UseSsl": true,
    "SmtpUsername": "apikey",
    "SmtpPassword": "SG.xxxxx..."
  }
}

Gmail

{
  "Email": {
    "SmtpHost": "smtp.gmail.com",
    "SmtpPort": 587,
    "UseSsl": true,
    "SmtpUsername": "your-email@gmail.com",
    "SmtpPassword": "app-specific-password"
  }
}

License

MIT License - See LICENSE file

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- Microsoft.Extensions.Configuration.Abstractions (>= 8.0.0)
- Microsoft.Extensions.Configuration.Binder (>= 8.0.0)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 8.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 8.0.0)
- Microsoft.Extensions.Options (>= 8.0.0)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 8.0.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
1.0.0	277	10/23/2025