SecureDotNetApp is a production-ready ASP.NET Core web application that serves as a reference implementation for secure, modern web development. It demonstrates best practices across authentication, authorization, input validation, transport security, and clean architecture, while remaining fully functional and testable.

The application implements role-based access control (Admin/User) with cookie-based, claims-driven authentication, secure session management, and CSRF protection. It includes a sanitized comment management system, role-specific dashboards, and comprehensive security and audit logging.

Security is a core focus: passwords are protected using Bcrypt and Argon2, input is guarded against XSS and SQL injection, HTTPS and HSTS are enforced, and security headers such as CSP, X-Frame-Options, and X-Content-Type-Options are applied. Authorization is enforced at both page and claim levels.

The project follows clean architecture principles using Dependency Injection and the Repository pattern, with clear structure and documentation. It is backed by 92 automated tests covering authentication, RBAC, integration flows, and input validation, making it CI/CD ready.

Tech stack: ASP.NET Core 9.0, Entity Framework Core, SQLite, XUnit, BCrypt.Net-Next, Argon2. Compliance: OWASP Top 10, CWE (XSS, SQLi, Session Fixation), NIST password guidance, GDPR-friendly logging.

Developed by Almansoor Mukhawi, Full-stack .NET Developer, with a focus on secure coding, maintainable design, and production-grade engineering.