Overview
BIABank is a banking system simulator developed with ASP.NET Core 9.0 that exposes REST APIs for account, transaction, and KYC workflows. It uses JWT-based authentication, enforces role-based authorization at the controller level, persists data with EF Core and SQLite, publishes transaction events to connected clients via SignalR, and runs in Docker containers behind an Nginx reverse proxy.
Screenshots
Home Page
Customer Dashboard
Transactions
Admin Portal
Project Metrics
50+
API Endpoints
15
Database Tables
JWT + RBAC
Auth Methods
PBKDF2
Security
Key Features
Clean Architecture
Implemented four-layer clean architecture with clear separation: Presentation (MVC), Application (business logic), Domain (entities and rules), and Infrastructure (EF Core, SMTP, external services).
JWT Authentication
Implemented secure JSON Web Token authentication with refresh token rotation, ensuring session security and seamless user experience.
Admin Portal
Created comprehensive admin dashboard for user management, transaction monitoring, and system configuration.
Comprehensive Transaction System
Developed full transaction management supporting deposits, withdrawals, fund transfers, and bill payments with complete audit trails and transaction history.
RESTful API
Designed and implemented RESTful API endpoints following best practices for resource naming, HTTP methods, and response codes.
Security Hardening
Implemented multiple security layers including HTTPS enforcement, HSTS, security headers, CORS policies, and SQL injection prevention.
Architecture
- →Clean Architecture with four distinct layers: Presentation, Application, Domain, and Infrastructure
- →RESTful API backend (ASP.NET Core 9.0) with OpenAPI/Swagger documentation
- →MVC frontend (Razor Views) consuming API via HTTP clients
- →Entity Framework Core 9.0 with SQLite for data persistence and migrations
- →Docker Compose orchestration with three services: API, Web, and Nginx reverse proxy
- →JWT bearer token authentication with permission-based authorization middleware
- →SMTP integration for email notifications and alerts
Challenges & Solutions
Managing authentication across separate API and MVC applications
Implemented JWT bearer tokens shared between services with synchronized secret keys, using HTTP-only cookies in MVC and Authorization headers in API calls
Securing financial transactions and preventing unauthorized access
Implemented multi-layer security: JWT authentication, role-based authorization, permission checks, HTTPS enforcement, security headers, and EF Core parameterized queries
Container orchestration and environment-specific configuration
Used Docker Compose with profiles (dev/prod), environment variables from .env file, and volume mounts for persistent SQLite data and SSL certificates
What I Learned
Mastered clean architecture principles and dependency inversion for maintainable, testable code
Gained deep understanding of JWT authentication, token lifecycle, and secure token storage strategies
Improved Docker and containerization skills including multi-service orchestration and networking
Enhanced security knowledge: HTTPS, HSTS, CSP, CORS, and defense against common web vulnerabilities
Developed expertise in Entity Framework Core migrations, relationships, and query optimization
Future Improvements
Implement two-factor authentication (2FA) with TOTP or SMS verification
Build transaction analytics dashboard with charts and financial insights
Migrate from SQLite to PostgreSQL or SQL Server for production scalability
Add support for multiple currencies and exchange rates
Create mobile companion app using .NET MAUI or React Native
Integrate with external payment gateways (Stripe, PayPal)
Explore more projects