A secure access control system API for managing user authentication, authorization, and entry logging in buildings or institutions.
Many facilities still rely on manual methods or outdated systems for access control, which can cause:
- ❌ No reliable tracking of who enters or exits
- ❌ Difficulty managing permission levels
- ❌ Security vulnerabilities
A robust and scalable API that delivers:
- ✅ Secure authentication using JWT Tokens with role hierarchy (Admin, User, Visitor)
- ✅ Detailed entry/exit logging with timestamps
- ✅ Complete CRUD operations for user and visitor management
- ✅ Administrative dashboard for log viewing and reporting
- User registration and authentication
- Role-based access control (Admin, User, Visitor)
- Password hashing for secure storage
- JWT token-based authentication
- Entry validation for users and visitors
- Exit recording with timestamps
- Comprehensive logging of all access events
- Admin user creation and management
- User/visitor management (CRUD operations)
- Access log viewing and reporting
This API uses JWT authentication. To access protected routes, obtain a token via the login endpoint and include it in the request headers:
Authorization: Bearer YOUR_ACCESS_TOKENPOST /v1/Users/CreateUser- Register a new regular userPOST /v1/Users/login- Authenticate a user and get JWT tokenPOST /v1/Admin/LoginAdmin- Authenticate an admin and get JWT token
POST /v1/Admin/CreateAdmin- Create a new admin (requires admin role)POST /v1/Admin/CreateFirstAdmin- Initialize the first root adminDELETE /v1/Admin/DeleteAdmin/{id}- Delete an admin (root admin only)DELETE /v1/Admin/DeleteUser/{id}- Delete a userPUT /v1/Admin/UpdateUser/{id}- Update user informationGET /v1/Admin/UserLogs/{userId?}- Get access logs (all or specific user)GET /v1/Admin/VisitorLogs/{visitorId?}- Get visitor access logs
POST /v1/visitors/CreateVisitor- Create a new visitor (admin only)DELETE /v1/visitors/DeleteVisitor/{id}- Delete a visitor (admin only)
POST /v1/Entry/validate-entry- Validate user/visitor entry
GET /v1/Users/infos- Get user information and access logs
- Docker Desktop (v20.10+)
- .NET SDK 9.0
- SQL Server (optional - included in Docker setup)
- Clone this repository
git clone https://github.com/LeonardoEnnes/AccessTrackAPI.git
cd AccessTrackAPI-
Configure the enviroment variables:
- Copy the .env.example file to
.env
cp .env.example .env
- Open the .env file and update the following values:
DB_CONNECTION_STRING:Your SQL Server connection stringJWT_KEY:A secure secret key for JWT token generation
- Copy the .env.example file to
-
Build and run the application using Docker:
docker-compose up --build- The API should now be running at: http://localhost:5130/swagger
- Feel free to improve my code as you see fit.
- If you have any questions regarding this project, Please feel free to email me.
- Restore Dependencies & Build
dotnet restore
dotnet build- Configure User Secrets
dotnet user-secrets
dotnet user-secrets set "ConnectionStrings:DefaultConnection" "your-string-connection"
dotnet user-secrets set "JwtKey" "your-jwt-key"- Apply Database Migrations
dotnet ef database update- Run the Application
dotnet run- .NET (C#)
- Entity Framework
- SQL Server
- Docker
.
├── Dependencies
├── Properties
│ └── launchSettings.json
├── src
├── Controllers
│ ├── AccessControlController.cs
│ ├── AdminController.cs
│ ├── UsersController.cs
│ └── VisitorController.cs
├── Data
├── Extensions
│ └── RoleClaimExtension.cs
├── Migrations
├── Models
│ ├── Admins.cs
│ ├── EntryLogs.cs
│ ├── Users.cs
│ └── Visitor.cs
├── Services
│ └── TokenService.cs
├── ViewModels
│ ├── Accounts
│ ├── DTOs
│ └── ResultViewModel.cs
├── AccessTrackAPI.http
├── Configuration.cs
└── Program.cs
This project is licensed under the MIT License.
- Author: Leonardo Ennes
- Email: leonardoennes@protonmail.com