InSigna is a lightweight authentication library built for backend projects that need clean password hashing and JWT generation.
Designed to be reusable, easy to set up, and free of domain-specific logic—this project gives you a starting point for security in any .NET 8 API, microservice, or monolith.
Key goals:
- ✅ Generate secure JSON Web Tokens (JWT) with custom claims
- ✅ Hash passwords with strength validation and easy verification
- ✅ Stay minimal: no controllers, no enums, no hard-coded business rules
- ✅ Plug into any backend project without refactoring or guessing
Use InSigna when you want a simple and clean base for authentication that respects separation of concerns and scales as your project grows.
Here’s how to integrate and use InSigna inside a .NET 8 backend project:
Add this early in your Program.cs or inside a dedicated Startup logic:
builder.Services.AddSingleton<IPasswordHasherService, PasswordHasherService>();
builder.Services.Configure<JWTSettings>(builder.Configuration.GetSection("JWTConfig"));
builder.Services.AddScoped<IJWTGenerator, JWTGenerator>();
AuthConfig.ConfigureJwt(builder.Services, builder.Configuration);
To get started with InSigna in your .NET 8 backend:
-
Register the services: Inject
IJWTGeneratorandIPasswordHasherServiceusing your DI container. Configure the JWT settings from yourappsettings.jsonand callAuthConfig.ConfigureJwt()to set up the bearer authentication pipeline. -
Inject into your controllers: Add these services to your constructor so they're available for generating tokens and hashing passwords.
-
Use the helpers:
- Call
.Encrypt(password)to get a hashed version. - Call
.VerifyPassword(hashed, input)to compare inputs. - Call
.GenerateToken(sessionModel)to produce a signed JWT based onBasicSessionModel.
- Call
Each method returns an InSignaResponse object with:
.TypeOfResponse: defines the nature of the outcome (OK,FailedResponse,Exception,Timeout,NotFound).Data: contains the result if successful (e.g. token, hashed password).Message: includes a readable explanation when an error or failure occurs
This centralized response model ensures clean error handling and uniform feedback across your authentication logic.
InSigna keeps your security stack modular, predictable, and easy to onboard.
public class AccountController : ControllerBase
{
private readonly IUserRepository _userRepository;
private readonly IJWTGenerator _jwtGenerator;
private readonly IPasswordHasherService _passwordHasherService;
public AccountController(IUserRepository userRepository, IJWTGenerator jWTGenerator, IPasswordHasherService hasher)
{
_userRepository = userRepository;
_jwtGenerator = jWTGenerator;
_passwordHasherService = hasher;
}
public InSignaResponse Login(UserLoginDTO user)
{
InSignaResponse response = new InSignaResponse();
UserDTO loggedUser = _userRepository.CheckUser(user);
BasicSessionModel sessionModel = new BasicSessionModel
{
UserId = loggedUser.Id,
Name = loggedUser.Name,
Email = loggedUser.Email,
Provider = loggedUser.Provider
};
InSignaResponse response = _jwtGenerator.GenerateToken(sessionModel);
// if response.TypeOfResponse = TypeOfResponse.OK response.Data contains the token, if not response.Message contains error message
return response;
}
public InSignaResponse Encrypt(string password)
{
InSignaResponse response = new InSignaResponse();
response = _passwordHasherService.HashPassword(password);
// if response.TypeOfResponse = TypeOfResponse.OK response.Data contains the hashed password, if not response.Message contains error message
return response;
}
public InSignaResponse VerifyPassword(string hashedPassword, string providedPassword)
{
InSignaResponse response = new InSignaResponse();
response = _passwordHasherService.VerifyPassword(hashedPassword, providedPassword);
// if response.TypeOfResponse = TypeOfResponse.OK passwords matches, if not, response.Message contains error message
return response;
}
}InSigna is built on top of modern, battle-tested technologies to offer robust authentication without unnecessary coupling:
| Component | Purpose | Notes |
|---|---|---|
| .NET 8 | Core framework | Minimal API support, modern syntax |
| BCrypt.Net-Next | Password hashing and verification | Adjustable work factor (cost) |
| System.IdentityModel.Tokens.Jwt | JWT encoding and decoding | Customizable claims & expiration |
This stack keeps the library lightweight and easy to integrate with any backend architecture—whether monolithic, microservice-based, or serverless.
InSigna is built to fit into your backend projects with maximum flexibility. Choose the integration mode that best suits your workflow:
Ideal for internal projects or when custom modifications are needed.
Steps:
- Clone or copy the
InSignasource folder into your target solution. - Add the project reference manually or via Visual Studio /
dotnet sln add. - Modify namespaces, logging or structure to match your architecture.
- Extend or override internal methods as needed.
✅ Best for: Rapid prototyping, internal APIs, full control over behavior.
Perfect for stable setups where InSigna is used as a drop-in authentication module.
Steps:
-
Build the InSigna project to generate the
.dll. -
Reference the DLL in your consuming project.
-
Install dependencies listed below using NuGet:
Package Version Purpose Microsoft.AspNetCore.Authentication.JwtBearer8.0.18+ Bearer token support Microsoft.AspNetCore.Identity2.3.1 Identity infrastructure (optional) Microsoft.IdentityModel.Tokens8.13.0 Signing & cryptography System.IdentityModel.Tokens.Jwt8.13.0 JWT legacy handling
✅ Best for: Clean separation, plugin-based architecture, use across multiple solutions.
InSigna will continue growing with focused improvements:
- ⚙️ Hashing: Add support for Argon2, PBKDF2, and SHA-512, with configurable strength via environment or appsettings.
- 📜 Logging: Optional integration with
ILogger<T>to trace login attempts, token generation, and security events.