ScanTrans - Secure File Storage and Transfer
Worldwide
# Full-Stack .NET Developer Needed for Secure Zero-Knowledge File Transfer Application We are looking for an experienced full-stack .NET developer or development team to build a secure web-based file transfer application for encrypted file uploads, downloads, sharing, and real-time transfer monitoring. The application will use a .NET backend, Blazor WebAssembly frontend, PostgreSQL database, SignalR real-time updates, MudBlazor UI components, and clean architecture principles. ## Project Overview The goal is to build a secure internet-based file transfer platform where users can upload encrypted files, share them with other users, monitor transfer progress in real time, and manage access securely. Security is a major priority. The application should follow zero-knowledge principles where possible, meaning the server should not have access to plaintext files, plaintext passwords, or raw encryption keys. ## Required Technology Stack The application should be built using: * .NET 10 * ASP.NET Core Minimal APIs * API versioning, starting with `/api/v1` * Entity Framework Core with migrations * PostgreSQL * ASP.NET Core Identity * Blazor WebAssembly * MudBlazor UI components * SignalR for real-time updates * IIS-hostable deployment * Clean Architecture solution structure ## Core Features ### Authentication and User Management The application should include: * User registration and login * ASP.NET Core Identity integration * Secure session management * Password reset and password change flows * User roles and permissions * Admin user management * Device/session management so users can view and revoke active sessions * Step-up authentication before sensitive actions ### Roles and Permissions The system should support roles such as: * Administrator * Standard User * Optional Auditor role Admins should be able to manage users, roles, permissions, and system metadata, but should not be able to decrypt user files by default. ### Initial Admin Setup On first startup, if no admin user exists, the system should provide a secure admin bootstrap process. This could be done through a one-time setup token, environment-configured bootstrap admin, first-user-becomes-admin flow, or another secure approach. No permanent default admin credentials should be exposed. ## File Transfer Features Users should be able to: * Upload encrypted files * Download files they own or files shared with them * Share files with other registered users * Revoke shared access * View transfer status * View transfer history * Use resumable uploads/downloads for large files or unstable connections * Drag and drop files into the UI * Upload folders where browser support allows * Set file or share expiry dates * Create secure share links with optional restrictions Transfer history should show: * Uploaded files * Downloaded files * Shared files * Failed transfers * Revoked shares * Expired shares * Resumed transfers * Cancelled transfers ## Real-Time Updates SignalR should be used throughout the application for real-time UI updates. The UI should show real-time status for: * Upload progress * Download progress * Encryption status * Transfer completion * Transfer failure * File sharing events * Revoked access * Expiring shares * Admin notices * Session security events ## Encryption and Security Requirements The application should follow strong security and zero-knowledge design practices. Expected requirements include: * Files should be encrypted before or during upload. * The server should store encrypted files only. * Each file should use a unique file encryption key. * File encryption keys should be wrapped/encrypted separately for each authorized user. * User encryption material should be derived securely from the user’s password. * Raw password-derived keys must never be stored. * Password changes should preserve access to existing files through secure key re-wrapping. * Historical raw keys must not be stored. * The system should be designed to support post-quantum resistant algorithms when vetted production-ready implementations are available. * No custom cryptography should be implemented. * Per-file integrity verification should be included so files can be checked for corruption or tampering before decryption. The UI should also clearly explain that forgotten passwords may make zero-knowledge encrypted files unrecoverable unless a secure recovery mechanism is enabled. ## File Sharing Requirements Users should be able to share files with other users. Sharing should work by securely wrapping the file encryption key for the recipient. The server should not need to decrypt the plaintext file to share it. The system should also support secure share links with optional restrictions such as: * Expiry date * Recipient-only access * Maximum download count * Revocation * Account invite flow for recipients who do not yet have an account ## Admin Area The application should include an admin area built with MudBlazor. Admins should be able to: * View users * Search users * Manage roles * Enable or disable users * View transfer metadata * View audit logs * Manage permissions * Manage admin notices where appropriate Admins must not be able to view or decrypt user files unless explicitly granted access by the file owner. ## API Requirements The backend should expose versioned Minimal API endpoints. The first version should use routes such as: * `/api/v1/auth` * `/api/v1/files` * `/api/v1/sharing` * `/api/v1/users` * `/api/v1/admin` The API should include endpoints for: * Authentication * File upload/download * Resumable transfers * File sharing * Share links * User profile management * Session management * Admin functions * Audit logs * Notifications ## UI Requirements The Blazor WebAssembly frontend should use MudBlazor and include: * Login page * Signup page * File upload page * Drag-and-drop upload area * File list page * File details page * File sharing dialog * Share link management * Shared-with-me page * Transfer progress display * Transfer history page * Notifications center * Admin user management page * Role and permission management page * Account settings page * Password change page * Device/session management page * Recovery guidance page or dialog ## Security Requirements The application should include: * HTTPS-only communication * Secure authentication * Role-based authorization * Permission-based authorization * Secure CORS configuration * Rate limiting for sensitive endpoints * Brute-force protection * Strict file upload validation * File size limits * File extension allow-lists where appropriate * Content-type validation where possible * Safe server-side file names * Path traversal prevention * Malware scanning where technically possible * Secure secret management * OWASP ASVS-aligned security baseline * Tamper-evident audit logging * No plaintext passwords, files, or encryption keys in storage or logs ## Hosting and Deployment The application must be hostable on IIS. Deployment should support: * ASP.NET Core backend behind IIS * Blazor WebAssembly static assets * HTTPS configuration * SignalR behind IIS * Large file upload/download configuration * Environment-based configuration * Clear deployment documentation ## Architecture Expectations The solution should follow Clean Architecture and be separated into projects similar to: * Domain * Application * Infrastructure * API * Client * Shared Business logic should not be tightly coupled to the UI, database, file storage, or hosting environment. ## Testing Expectations The project should include appropriate unit and integration tests for: * Authentication flows * Authorization rules * File upload/download workflows * File sharing rules * Encryption abstractions * Key wrapping/re-wrapping * Password change flows * Admin management * API endpoints * Resumable transfers * File expiry enforcement * Share link restrictions * Session revocation * Audit logging * File integrity validation ## Deliverables Expected deliverables include: * Complete source code * Clean Architecture .NET solution * Blazor WebAssembly frontend * ASP.NET Core Minimal API backend * EF Core migrations * PostgreSQL integration * ASP.NET Identity integration * SignalR real-time updates * MudBlazor UI * Admin dashboard * Secure file transfer workflows * Versioned API * IIS deployment support * Setup and deployment documentation * Basic testing coverage * Security notes and implementation documentation ## Ideal Candidate The ideal developer should have strong experience with: * .NET / ASP.NET Core * Blazor WebAssembly * Entity Framework Core * PostgreSQL * ASP.NET Core Identity * SignalR * MudBlazor * Clean Architecture * Secure file handling * Encryption/key management concepts * IIS deployment * Building production-ready web applications Experience with zero-knowledge architecture, secure file transfer systems, cryptography best practices, or OWASP ASVS is a strong plus. ## Proposal Instructions Please include the following in your proposal: 1. Relevant .NET / Blazor projects you have built. 2. Experience with secure file upload/download systems. 3. Experience with encryption or key-management workflows. 4. How you would approach the zero-knowledge file encryption design. 5. How you would structure the Clean Architecture solution. 6. Estimated timeline and milestones. 7. Any security concerns or recommendations you would raise before implementation. We are looking for someone who can build this carefully, securely, and with maintainable architecture.
$10,000.00
Fixed-price- ExpertExperience Level
- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:50+
- Last viewed by client:4 weeks ago
- Interviewing:1
- Invites sent:1
- Unanswered invites:0
About the client
- GBRNewcastle Upon Tyne5:50 PM
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by