This repository showcases multiple gRPC-based Weather APIs, each secured with different authentication mechanisms, built using the simple Layered Architecture approach.
- .NET 9.0 - Latest .NET framework
- gRPC (v2.71.0) - High-performance RPC framework
- Grpc.AspNetCore - ASP.NET Core integration for gRPC
- Grpc.AspNetCore.Server.Reflection - Reflection-based service discovery
- Protocol Buffers - Data serialization format
- ASP.NET Core - Web framework
Uses API Key authentication via gRPC metadata headers.
- Authentication: Custom middleware-based API Key validation
- Metadata Key: API key passed in gRPC call metadata
- Configuration: API keys stored in
appsettings.json - Middleware:
ApiKeyAuthMiddlewarevalidates API keys from metadata - Features:
- Exception handling middleware
- gRPC reflection service for tooling support (Postman, etc.)
Secured with JSON Web Tokens (JWT).
- Authentication: JWT Bearer token validation via middleware
- Token Generation: REST endpoint
/api/auth/loginfor token generation - Configuration: JWT settings and user credentials in
appsettings.json - Features:
- JWT service for token generation
- Custom JWT validation middleware
- REST controller for authentication
- Exception handling middleware
Implements Mutual TLS (mTLS) for two-way certificate validation.
- Authentication: Client certificate validation
- Configuration: Server and client certificates configured in
appsettings.json - Features:
- Kestrel HTTPS configuration with client certificate requirement
- Custom certificate validation logic
- Exception handling middleware
- Two-way SSL/TLS authentication
Each project is self-contained and can be built, run, and tested independently.
- .NET 9.0 SDK or later
- Visual Studio 2022, VS Code, or Rider (optional)
- gRPC client tools (optional, for testing)
- For MtlsAuth: SSL certificates (server and client)
git clone https://github.com/vishwamkumar/weather-app.auth-grpc-apis.layered.git
cd weather-app.auth-grpc-apis.layered/srccd WeatherApp.GrpcApi.ApiKeyAuth
dotnet runReplace ApiKeyAuth with JwtAuth or MtlsAuth to test the other options.
Default Ports:
- HTTP:
http://localhost:5000 - HTTPS:
https://localhost:5001
gRPC services can be tested using:
- Postman - Supports gRPC with reflection
- gRPCurl - Command-line gRPC client
- BloomRPC - Desktop gRPC client
- .NET gRPC Client - Custom client application
All projects include gRPC reflection service, which allows tools like Postman to discover services automatically:
builder.Services.AddGrpcReflection();
app.MapGrpcReflectionService();Each project includes a Docs/TestMe.md file with:
- Example gRPC call configurations
- Metadata/header setup instructions
- Sample requests and responses
- Authentication requirements
grpc-apis.auth-styles.examples/
βββ src/
β βββ WeatherApp.GrpcApi.ApiKeyAuth/
β β βββ Protos/ # Protocol buffer definitions (.proto files)
β β βββ Services/ # gRPC service implementations
β β βββ Configs/ # API Key configuration
β β βββ Middlewares/ # Authentication and exception middleware
β β βββ Docs/ # Test documentation
β β βββ Program.cs # Application entry point
β β
β βββ WeatherApp.GrpcApi.JwtAuth/
β β βββ Protos/ # Protocol buffer definitions
β β βββ Services/ # gRPC and JWT services
β β βββ Controllers/ # REST auth controller
β β βββ Configs/ # JWT and user credential settings
β β βββ Middlewares/ # JWT authentication middleware
β β βββ Attributes/ # Custom attributes (AllowAnonymous)
β β βββ Dtos/ # Data transfer objects
β β βββ Program.cs
β β
β βββ WeatherApp.GrpcApi.MtlsAuth/
β βββ Protos/ # Protocol buffer definitions
β βββ Services/ # gRPC service implementations
β βββ Middlewares/ # Exception handling middleware
β βββ App_Data/ # Certificate storage
β βββ Docs/ # Test documentation
β βββ Program.cs # Kestrel HTTPS configuration
| Project | Security Mechanism | AuthN / AuthZ | Provider | Metadata/Header Location |
|---|---|---|---|---|
| ApiKeyAuth | API Key | Metadata-based static key | Custom | gRPC metadata: x-api-key |
| JwtAuth | JWT | Token-based | Custom | gRPC metadata: authorization |
| MtlsAuth | mTLS | Certificate-based | Custom | TLS client certificate |
Configure API keys in appsettings.json:
{
"ApiKeys": [
{
"Key": "your-api-key-here",
"Owner": "ClientName"
}
]
}Configure JWT settings in appsettings.json:
{
"JwtSettings": {
"SecretKey": "your-secret-key-min-32-chars",
"Issuer": "WeatherApp",
"Audience": "WeatherAppUsers",
"ExpiryInMinutes": 60
},
"UserCredentials": [
{
"Username": "user1",
"Password": "password1"
}
]
}Configure certificates in appsettings.json:
{
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://localhost:5001",
"Certificate": {
"Path": "path/to/server-certificate.pfx",
"Password": "certificate-password"
}
}
}
}
}- β gRPC Protocol Buffers - Efficient binary serialization
- β Multiple Auth Strategies - API Key, JWT, and mTLS examples
- β gRPC Reflection - Service discovery for tooling
- β Exception Handling - Centralized error handling middleware
- β Layered Architecture - Clean separation of concerns
- β Metadata-based Auth - gRPC metadata for authentication
- β REST Auth Endpoints - Token generation endpoints (JwtAuth)
- β Mutual TLS - Two-way certificate authentication (MtlsAuth)
- GraphQL API Auth Examples - GraphQL API authentication examples
- REST API Auth Examples - REST API authentication examples
- Email: vishwa@vishwa.me
- GitHub: Vishwam
- LinkedIn: Vishwa Kumar
Vishwa is the primary developer and architect of this example app, responsible for the architecture and implementation of these features.
This project is licensed under the MIT License - see the LICENSE file for details.