Enhancing Security in ASP.NET Core Applications: Implementing Oauth, JWT, and Zero-Trust Models


Authors : Sohan Singh Chinthalapudi

Volume/Issue : Volume 10 - 2025, Issue 3 - March

Google Scholar : https://tinyurl.com/44x76ffe

Scribd : https://tinyurl.com/y8cnt49s

DOI : https://doi.org/10.38124/ijisrt/25mar1677

PlumX Metrics

Semantic Scholar

ResearchGate

IJISRT Repository

Google Scholar

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Note : Google Scholar may take 15 to 20 days to display the article.

Abstract : Application security has become critical since cyber adversaries now specifically target ASP.NET Core applications to steal data while damaging their integrity. The research examines contemporary security threats affecting .NET web applications through unauthorized entry and token fraud and API system vulnerabilities. The threats to vulnerable systems can be managed through OAuth together with JSON Web Tokens (JWT) as well as Zero-Trust application models. Through OAuth users can give third-party applications safe resource access without revealing their account credentials to them. JWT authentication operates without state information which creates performance benefits without reducing security measures. Under the Zero-Trust framework continuous authentication remains active to decrease the number of potential attack vectors. The investigation of security authentication mechanisms happens through combined assessments of real-world case studies and current best practices as well as security protocols analysis. The combination of OAuth with JWT authentication creates strong defense against credential theft at the same time it protects users from session hijacking attacks. The implementation of Zero-Trust principles enhances both identity verification practices and access control measures to successfully prevent unauthorized access. The security system should be improved through the deployment of anomaly detection AI technology and MFA authentication and token expiration protocols. Applying the described methodologies leads to robust future-proof ASP.NET Core applications which satisfy industry standards for cyber security while defending against changing security threats. The research presents an all-inclusive approach to protect .NET applications in 2024 which provides secure performance in current web fields.

Keywords : ASP.NET Core Security, OAuth Authorization, JSON Web Tokens (JWT), Zero-Trust Model, Multi-Factor Authentication (MFA), AI-Driven Anomaly Detection, Token-Based Authentication, Cyber Threat Mitigation.

References :

  1. Badhwar, R. (2021). Intro to API Security-Issues and Some Solutions!. In The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms (pp. 239-244). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-75354-2_29
  2. Barabanov, A., & Makrushin, D. (2020). Authentication and authorization in microservice-based systems: survey of architecture patterns. arXiv preprint arXiv:2009.02114. https://doi.org/10.48550/arXiv.2009.02114
  3. Basta, N., Ikram, M., Kaafar, M. A., & Walker, A. (2022, April). Towards a zero-trust micro-segmentation network security strategy: an evaluation framework. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium (pp. 1-7). IEEE. https://doi.org/10.1109/NOMS54207.2022.9789888
  4. Bhawiyuga, A., Data, M., & Warda, A. (2017, October). Architectural design of token based authentication of MQTT protocol in constrained IoT device. In 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA) (pp. 1-4). IEEE. https://doi.org/10.1109/TSSA.2017.8272933
  5. Bojinov, H., & Boneh, D. (2011, March). Mobile token-based authentication on a budget. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (pp. 14-19). https://doi.org/10.1145/2184489.2184494
  6. Cirani, S., Picone, M., Gonizzi, P., Veltri, L., & Ferrari, G. (2014). Iot-oas: An oauth-based authorization service architecture for secure services in iot scenarios. IEEE sensors journal15(2), 1224-1234. https://doi.org/10.1109/JSEN.2014.2361406
  7. Cirani, S., Picone, M., Gonizzi, P., Veltri, L., & Ferrari, G. (2014). Iot-oas: An oauth-based authorization service architecture for secure services in iot scenarios. IEEE sensors journal15(2), 1224-1234. https://doi.org/10.1145/2976749.2978385
  8. Dash, B. (2024). Zero-Trust Architecture (ZTA): Designing an AI-Powered Cloud Security Framework for LLMs' Black Box Problems. Available at SSRN 4726625. https://dx.doi.org/10.2139/ssrn.4726625
  9. de Almeida, M. G., & Canedo, E. D. (2022). Authentication and authorization in microservices architecture: A systematic literature review. Applied Sciences12(6), 3023. https://doi.org/10.3390/app12063023
  10. Emerson, S., Choi, Y. K., Hwang, D. Y., Kim, K. S., & Kim, K. H. (2015, October). An OAuth based authentication mechanism for IoT networks. In 2015 International Conference on Information and Communication Technology Convergence (ICTC) (pp. 1072-1074). IEEE. https://doi.org/10.1109/ICTC.2015.7354740
  11. Ferry, E., O Raw, J., & Curran, K. (2015). Security evaluation of the OAuth 2.0 framework. Information & Computer Security23(1), 73-101.
  12. Greitzer, F. L., Moore, A. P., Cappelli, D. M., Andrews, D. H., Carroll, L. A., & Hull, T. D. (2008). Combating the insider cyber threat. IEEE Security & Privacy6(1), 61-64.https://doi.org/10.1109/MSP.2008.8
  13. Haekal, M. (2016, October). Token-based authentication using JSON web token on SIKASIR RESTful web service. In 2016 International Conference on Informatics and Computing (ICIC) (pp. 175-179). IEEE. https://doi.org/10.1109/IAC.2016.7905711
  14. He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 2022(1), 6476274. https://doi.org/10.1155/2022/6476274
  15. Heiland, R., Koranda, S., Marru, S., Pierce, M., & Welch, V. (2015, June). Authentication and authorization considerations for a multi-tenant service. In Proceedings of the 1st Workshop on The Science of Cyberinfrastructure: Research, Experience, Applications and Models (pp. 29-35). https://doi.org/10.1145/2753524.2753534
  16. Herceg, T. (2024). Modernizing. NET Web Applications: Everything You Need to Know About Migrating ASP. NET Web Applications to the Latest Version of. NET. Springer Nature. https://doi.org/10.1177/1550147717712627
  17. Indu, I., PM, R. A., & Bhaskar, V. (2017). Encrypted token based authentication with adapted SAML technology for cloud web services. Journal of Network and Computer Applications99, 131-145. https://doi.org/10.1016/j.jnca.2017.10.001
  18. Jones, M., Bradley, J., & Sakimura, N. (2015). Rfc 7519: Json web token (jwt). https://doi.org/10.17487/RFC7519
  19. Jung, S. W., & Jung, S. (2017). Personal OAuth authorization server and push OAuth for Internet of Things. International Journal of Distributed Sensor Networks13(6), 1550147717712627. https://doi.org/10.1177/1550147717712627
  20. Kang, H., Liu, G., Wang, Q., Meng, L., & Liu, J. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25(12), 1595. https://doi.org/10.3390/e25121595
  21. Kauser, S., Rahman, A., Khan, A. M., & Ahmad, T. (2019). Attribute-based access control in web applications. In Applications of Artificial Intelligence Techniques in Engineering: SIGMA 2018, Volume 1 (pp. 385-393). Springer Singapore. https://doi.org/10.1007/978-981-13-1819-1_36
  22. Kavitha, D., & Thejas, S. (2024). Ai enabled threat detection: Leveraging artificial intelligence for advanced security and cyber threat mitigation. IEEE Access.https://doi.org/10.1109/ACCESS.2024.3493957
  23. Kendyala, S. H. (2020). THE ROLE OF MULTI FACTOR AUTHENTICATION IN SECURING CLOUD BASED ENTERPRISE APPLICATIONS. Available at SSRN 5074876 . https://dx.doi.org/10.2139/ssrn.5074876
  24. Leiba, B. (2012). Oauth web authorization protocol. IEEE Internet Computing16(1), 74-77. https://doi.org/10.1109/MIC.2012.11
  25. Machireddy, J. R. (2024). Machine Learning and Automation in Healthcare Claims Processing. Journal of Artificial Intelligence General science (JAIGS) ISSN: 3006-40236(1), 686-701. https://doi.org/10.60087/jaigs.v6i1.335
  26. Matta, V., Di Mauro, M., Longo, M., & Farina, A. (2018). Cyber-threat mitigation exploiting the birth–death–immigration model. IEEE Transactions on Information Forensics and Security13(12), 3137-3152.https://doi.org/10.1109/TIFS.2018.2838084
  27. Munonye, K., & Péter, M. (2022). Machine learning approach to vulnerability detection in OAuth 2.0 authentication and authorization flow. International Journal of Information Security21(2), 223-237. https://doi.org/10.23919/EECSI48112.2019.8977061
  28. Machireddy, Jeshwanth, Harnessing AI and Data Analytics for Smarter Healthcare Solutions (January 14, 2023). International Journal of Science and Research Archive, 2023, 08(02), 785-798 , Available at SSRN: http://dx.doi.org/10.2139/ssrn.5159750
  29. Norberg, S. (2020). Advanced ASP .NET Core 3 Security. Apress.
    https://doi.org/10.1007/978-1-4842-6014-2
  30. Norberg, S., & Norberg, S. (2020). Introducing ASP. NET Core. Advanced ASP. NET Core 3 Security: Understanding Hacks, Attacks, and Vulnerabilities to Secure Your Website, 1-29. https://doi.org/10.1007/978-1-4842-6014-2_1
  31. Oh, S. R., & Kim, Y. G. (2020). AFaaS: Authorization framework as a service for Internet of Things based on interoperable OAuth. International Journal of Distributed Sensor Networks16(2), 1550147720906388. https://doi.org/10.1177/1550147720906388
  32. Pai, S., Sharma, Y., Kumar, S., Pai, R. M., & Singh, S. (2011, June). Formal verification of OAuth 2.0 using Alloy framework. In 2011 International Conference on Communication Systems and Network Technologies (pp. 655-659). IEEE. https://doi.org/10.1109/CSNT.2011.141
  33. Polo, L. (2024). Revolutionizing sales and operations planning with artificial intelligence: Insights and results. International Journal For Multidisciplinary Research, 6(6). https://doi.org/10.36948/ijfmr.2024.v06i06.34053
  34. Paul, B., & Rao, M. (2022). Zero-trust model for smart manufacturing industry. Applied Sciences, 13(1), 221. https://doi.org/10.3390/app13010221
  35. Poudel, B. P., Mustafa, A., Bidram, A., & Modares, H. (2020). Detection and mitigation of cyber-threats in the DC microgrid distributed control system. International Journal of Electrical Power & Energy Systems120, 105968.https://doi.org/10.1111/risa.13900
  36. Poudel, B. P., Mustafa, A., Bidram, A., & Modares, H. (2020). Detection and mitigation of cyber-threats in the DC microgrid distributed control system. International Journal of Electrical Power & Energy Systems120, 105968.https://doi.org/10.1016/j.ijepes.2020.105968
  37. Qazi, F. A. (2022, December). Study of zero trust architecture for applications and network security. In 2022 IEEE 19th international conference on smart communities: improving quality of life using ICT, IoT and AI (HONET) (pp. 111-116). IEEE. https://doi:10.1109/HONET56683.2022.10019186.
  38. Rozaliuk, T., Kopyl, P., & Smołka, J. (2022). Comparison of ASP. NET Core and Spring Boot ecosystems. Journal of Computer Sciences Institute22, 40-45. https://doi.org/10.35784/jcsi.2794
  39. Sadqi, Y., Belfaik, Y., & Safi, S. (2020, March). Web oauth-based SSO systems security. In Proceedings of the 3rd International Conference on Networking, Information Systems & Security (pp. 1-7). https://doi.org/10.1145/3386723.3387888
  40. Sendor, J., Lehmann, Y., Serme, G., & de Oliveira, A. S. (2014, March). Platform-level support for authorization in cloud services with OAuth 2. In 2014 IEEE International Conference on Cloud Engineering (pp. 458-465). IEEE. https://doi.org/10.1109/IC2E.2014.60
  41. Sharif, A., Carbone, R., Scia rretta, G., & Ranise, S. (2022). Best current practices for OAuth/OIDC Native Apps: A study of their adoption in popular providers and top-ranked Android clients. Journal of Information Security and Applications65, 103097. https://doi.org/10.1016/j.jisa.2021.103097
  42. Sheffer, Y., Hardt, D., & Jones, M. (2020). RFC 8725: JSON web token best current practices. https://doi.org/10.17487/RFC8725
  43. Shibli, M. A., Masood, R., Habiba, U., Kanwal, A., Ghazi, Y., & Mumtaz, R. (2014). Access control as a service in cloud: challenges, impact and strategies. Continued Rise of the Cloud: Advances and Trends in Cloud Computing, 55-99. https://doi.org/10.1007/978-1-4471-6452-4_3
  44. Singh, J., & Chaudhary, N. K. (2022). OAuth 2.0: Architectural design augmentation for mitigation of common security vulnerabilities. Journal of Information Security and Applications65, 103091. https://doi.org/10.1016/j.jisa.2021.103091
  45. Solapurkar, P. (2016, December). Building secure healthcare services using OAuth 2.0 and JSON web token in IOT cloud scenario. In 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I) (pp. 99-104). IEEE. https://doi.org/10.1109/IC3I.2016.7917942
  46. Sudarsan, S. V., Schelén, O., & Bodin, U. (2023). Multilevel subgranting by power of attorney and oauth authorization server in cyber–physical systems. IEEE internet of things journal10(17), 15266-15282. https://doi.org/10.1109/JIOT.2023.3265407
  47. Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero trust architecture (zta): A comprehensive survey. IEEE access, 10, 57143-57179. https://doi:10.1109/ACCESS.2022.3174679.
  48. Tanvi, P., Sonal, G., & Kumar, S. M. (2011, June). Token based authentication using mobile phone. In 2011 International Conference on Communication Systems and Network Technologies (pp. 85-88). IEEE. https://doi.org/10.1109/CSNT.2011.24
  49. Tassanaviboon, A., & Gong, G. (2011, November). Oauth and abe based authorization in semi-trusted cloud computing: aauth. In Proceedings of the second international workshop on Data intensive computing in the clouds (pp. 41-50). https://doi.org/10.1145/2087522.2087531
  50. Wang, C. (2022, December). Design and Implementation of Ideological and Political Education Network Platform for College Students under ASP. NET. In 2022 3rd International Conference on Artificial Intelligence and Education (IC-ICAIE 2022) (pp. 923-930). Atlantis Press. https://doi.org/10.2991/978-94-6463-040-4_139
  51. Wang, Y., & Huang, Y. (2018). Research on education and teaching resources management system based on ASP. NET. In Lecture Notes in Real-Time Intelligent Systems (pp. 425-431). Springer International Publishing. https://doi.org/10.1007/978-3-319-60744-3_46
  52. Whitesell, S., Richardson, R., Groves, M. D., Whitesell, S., Richardson, R., & Groves, M. D. (2022). ASP. NET Core Overview. Pro Microservices in. NET 6: With Examples Using ASP. NET Core 6, MassTransit, and Kubernetes, 29-49. https://doi.org/10.1007/978-1-4842-7833-8_2

Application security has become critical since cyber adversaries now specifically target ASP.NET Core applications to steal data while damaging their integrity. The research examines contemporary security threats affecting .NET web applications through unauthorized entry and token fraud and API system vulnerabilities. The threats to vulnerable systems can be managed through OAuth together with JSON Web Tokens (JWT) as well as Zero-Trust application models. Through OAuth users can give third-party applications safe resource access without revealing their account credentials to them. JWT authentication operates without state information which creates performance benefits without reducing security measures. Under the Zero-Trust framework continuous authentication remains active to decrease the number of potential attack vectors. The investigation of security authentication mechanisms happens through combined assessments of real-world case studies and current best practices as well as security protocols analysis. The combination of OAuth with JWT authentication creates strong defense against credential theft at the same time it protects users from session hijacking attacks. The implementation of Zero-Trust principles enhances both identity verification practices and access control measures to successfully prevent unauthorized access. The security system should be improved through the deployment of anomaly detection AI technology and MFA authentication and token expiration protocols. Applying the described methodologies leads to robust future-proof ASP.NET Core applications which satisfy industry standards for cyber security while defending against changing security threats. The research presents an all-inclusive approach to protect .NET applications in 2024 which provides secure performance in current web fields.

Keywords : ASP.NET Core Security, OAuth Authorization, JSON Web Tokens (JWT), Zero-Trust Model, Multi-Factor Authentication (MFA), AI-Driven Anomaly Detection, Token-Based Authentication, Cyber Threat Mitigation.

Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe