A library based on Microsoft.AspNetCore.Authentication.OpenIdConnect
to make integrating Auth0 in your ASP.NET Core application as seamlessly as possible.
📚 Documentation - 🚀 Getting Started - 💻 API Reference - 💬 Feedback
- Quickstart - our interactive guide for quickly adding login, logout and user information to an ASP.NET MVC application using Auth0.
- Sample App - a full-fledged ASP.NET MVC application integrated with Auth0.
- Examples - code samples for common ASP.NET MVC authentication scenario's.
- Docs site - explore our docs site and learn more about
This library supports .NET 6 and .NET 7.
The SDK is available on Nuget and can be installed through the UI or using the Package Manager Console:
Install-Package Auth0.AspNetCore.Authentication
Create a Regular Web Application in the Auth0 Dashboard.
If you're using an existing application, verify that you have configured the following settings in your Regular Web Application:
- Click on the "Settings" tab of your application's page.
- Scroll down and click on "Advanced Settings".
- Under "Advanced Settings", click on the "OAuth" tab.
- Ensure that "JSON Web Token (JWT) Signature Algorithm" is set to
RS256
and that "OIDC Conformant" is enabled.
Next, configure the following URLs for your application under the "Application URIs" section of the "Settings" page:
- Allowed Callback URLs:
https://YOUR_APP_DOMAIN:YOUR_APP_PORT/callback
- Allowed Logout URLs:
https://YOUR_APP_DOMAIN:YOUR_APP_PORT/
Take note of the Client ID, Client Secret, and Domain values under the "Basic Information" section. You'll need these values to configure your ASP.NET web application.
ℹ️ You need the Client Secret only when you have to get an access token to call an API.
To make your ASP.NET web application communicate properly with Auth0, you need to add the following configuration section to your appsettings.json
file:
"Auth0": {
"Domain": "YOUR_AUTH0_DOMAIN",
"ClientId": "YOUR_AUTH0_CLIENT_ID"
}
Replace the placeholders with the proper values from the Auth0 Dashboard.
Make sure you have enabled authentication and authorization in your Startup.Configure
method:
...
app.UseAuthentication();
app.UseAuthorization();
...
Integrate the SDK in your ASP.NET Core application by calling AddAuth0WebAppAuthentication
in your Startup.ConfigureServices
method:
services.AddAuth0WebAppAuthentication(options =>
{
options.Domain = Configuration["Auth0:Domain"];
options.ClientId = Configuration["Auth0:ClientId"];
});
Triggering login or logout is done using ASP.NET's HttpContext
:
public async Task Login(string returnUrl = "/")
{
var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
.WithRedirectUri(returnUrl)
.Build();
await HttpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
}
[Authorize]
public async Task Logout()
{
var authenticationProperties = new LogoutAuthenticationPropertiesBuilder()
// Indicate here where Auth0 should redirect the user after a logout.
// Note that the resulting absolute Uri must be added in the
// **Allowed Logout URLs** settings for the client.
.WithRedirectUri(Url.Action("Index", "Home"))
.Build();
await HttpContext.SignOutAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
For more code samples on how to integrate the auth0-aspnetcore-authentication SDK in your ASP.NET MVC application, have a look at our examples.
Explore public API's available in auth0-aspnetcore-authentication.
- Auth0WebAppOptions
- Auth0WebAppWithAccessTokenOptions
- LoginAuthenticationPropertiesBuilder
- LogoutAuthenticationPropertiesBuilder
- Auth0WebAppAuthenticationBuilder
- Auth0WebAppWithAccessTokenAuthenticationBuilder
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
- Auth0's general contribution guidelines
- Auth0's code of conduct guidelines
- This repo's contribution guide
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.