/auth0-aspnetcore-authentication

SDK for integrating Auth0 in ASPNET Core

Primary LanguageC#OtherNOASSERTION

Auth0 SDK for ASP.NET Core applications

A library based on Microsoft.AspNetCore.Authentication.OpenIdConnect to make integrating Auth0 in your ASP.NET Core application as seamlessly as possible.

Release Downloads License AzureDevOps

📚 Documentation - 🚀 Getting Started - 💻 API Reference - 💬 Feedback

Documentation

  • Quickstart - our interactive guide for quickly adding login, logout and user information to an ASP.NET MVC application using Auth0.
  • Sample App - a full-fledged ASP.NET MVC application integrated with Auth0.
  • Examples - code samples for common ASP.NET MVC authentication scenario's.
  • Docs site - explore our docs site and learn more about

Getting started

Requirements

This library supports .NET 6 and .NET 7.

Installation

The SDK is available on Nuget and can be installed through the UI or using the Package Manager Console:

Install-Package Auth0.AspNetCore.Authentication

Configure Auth0

Create a Regular Web Application in the Auth0 Dashboard.

If you're using an existing application, verify that you have configured the following settings in your Regular Web Application:

  • Click on the "Settings" tab of your application's page.
  • Scroll down and click on "Advanced Settings".
  • Under "Advanced Settings", click on the "OAuth" tab.
  • Ensure that "JSON Web Token (JWT) Signature Algorithm" is set to RS256 and that "OIDC Conformant" is enabled.

Next, configure the following URLs for your application under the "Application URIs" section of the "Settings" page:

  • Allowed Callback URLs: https://YOUR_APP_DOMAIN:YOUR_APP_PORT/callback
  • Allowed Logout URLs: https://YOUR_APP_DOMAIN:YOUR_APP_PORT/

Take note of the Client ID, Client Secret, and Domain values under the "Basic Information" section. You'll need these values to configure your ASP.NET web application.

ℹ️ You need the Client Secret only when you have to get an access token to call an API.

Configure the SDK

To make your ASP.NET web application communicate properly with Auth0, you need to add the following configuration section to your appsettings.json file:

  "Auth0": {
    "Domain": "YOUR_AUTH0_DOMAIN",
    "ClientId": "YOUR_AUTH0_CLIENT_ID"
  }

Replace the placeholders with the proper values from the Auth0 Dashboard.

Make sure you have enabled authentication and authorization in your Startup.Configure method:

...
app.UseAuthentication();
app.UseAuthorization();
...

Integrate the SDK in your ASP.NET Core application by calling AddAuth0WebAppAuthentication in your Startup.ConfigureServices method:

services.AddAuth0WebAppAuthentication(options =>
{
    options.Domain = Configuration["Auth0:Domain"];
    options.ClientId = Configuration["Auth0:ClientId"];
});

Login and Logout

Triggering login or logout is done using ASP.NET's HttpContext:

public async Task Login(string returnUrl = "/")
{
    var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
        .WithRedirectUri(returnUrl)
        .Build();

    await HttpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
}

[Authorize]
public async Task Logout()
{
    var authenticationProperties = new LogoutAuthenticationPropertiesBuilder()
        // Indicate here where Auth0 should redirect the user after a logout.
        // Note that the resulting absolute Uri must be added in the
        // **Allowed Logout URLs** settings for the client.
        .WithRedirectUri(Url.Action("Index", "Home"))
        .Build();

    await HttpContext.SignOutAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
    await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}

For more code samples on how to integrate the auth0-aspnetcore-authentication SDK in your ASP.NET MVC application, have a look at our examples.

This SDK also works with Blazor Server, for more info see the Blazor Server section in our examples.

API reference

Explore public API's available in auth0-aspnetcore-authentication.

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.


Auth0 Logo

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.