---
title: "A New Auth0 ASP.NET SDK to Secure Your API
"
description: "Announcing the new Auth0 ASP.NET Core API SDK. Simplify API security with built-in DPoP support, JWT Bearer compatibility, flexible configuration, and zero lock-in."
authors:
  - name: "Kailash B"
    url: "https://auth0.com/blog/authors/kailash-b/"
date: "Dec 5, 2025"
category: "Announcements"
tags: ["aspnet-core", "dotnet", "jwt", "authentication "]
url: "https://auth0.com/blog/auth0-aspnetcore-authentication-api-sdk-beta/"
---

# A New Auth0 ASP.NET SDK to Secure Your API


<style>
    
  /* Increases spacing between bullet points */   
    li {padding-bottom: .7em; }

  /* Hides Disqus module */
  #disqus_thread {display: none;}

</style>
We are thrilled to announce the beta release of our brand-new resource server SDK: `Auth0.AspNetCore.Authentication.Api`. This new SDK is designed to simplify and streamline the process of securing your ASP.NET Core APIs using Auth0, offering a modern, easy-to-use experience built on the latest ASP.NET Core idioms.

## Why a New SDK?

While existing packages like `Microsoft.AspNetCore.Authentication.JwtBearer` provide a solid foundation for JWT authentication, they often present certain limitations. For example, as of now, the Microsoft package does not natively include support for the OAuth 2.0 Demonstration of Proof-of-Possession (DPoP) specification, which is crucial for enhanced security in certain scenarios. Integrating the expanding feature set supported by Auth0 becomes challenging when relying on third-party libraries.

`Auth0.AspNetCore.Authentication.Api` provides a cleaner, more intuitive way to integrate token validation and authorization into your services. It leverages the power of `Microsoft.AspNetCore.Authentication.JwtBearer` while abstracting away the complex configuration and policy setup needed to work with Auth0.

# Key Features

The new `Auth0.AspNetCore.Authentication.Api` SDK provides a comprehensive, single-package solution for securing your APIs:

* **Complete JWT Bearer functionality:** Full compatibility with all features from `Microsoft.AspNetCore.Authentication.JwtBearer`.  
* **Built-in DPoP support:** Enhanced security with [Demonstrating-Proof-Of-Possession](https://auth0.com/blog/protect-your-access-tokens-with-dpop/) security as defined by [**RFC 9449**](https://www.rfc-editor.org/rfc/rfc9449).  
* **Auth0 optimized:** Pre-configured settings to align with standard Auth0 authentication patterns.  
* **Flexible configuration:** Utilizes the options pattern, providing full access to the underlying JWT Bearer configuration.  
* **Zero lock-in:** Benefit from DPoP enhancements while retaining the ability to use standard JWT Bearer features.

## Get started today\!

Integrating the new SDK is straightforward. The main steps involve installing the NuGet package and configuring it in your `Program.cs` or `Startup.cs` file.

### Installation
#### Pre-requisites 

- .NET 8 or above

You can download the package from [NuGet](https://www.nuget.org/packages/Auth0.AspNetCore.Authentication.Api/) OR use the command below to configure the latest version of the package in your project.

```shell
dotnet add package Auth0.AspNetCore.Authentication.Api
```

### Configuration example

Here is a quick look at the configuration in an ASP.NET Core minimal API project:

```C#
using Auth0.AspNetCore.Authentication.Api;
using Microsoft.AspNetCore.Authentication.JwtBearer;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuth0ApiAuthentication(options =>
{
    options.Domain = builder.Configuration["Auth0:Domain"];
    options.JwtBearerOptions = new JwtBearerOptions
    {
        Audience = builder.Configuration["Auth0:Audience"]
    };
});

builder.Services.AddAuthorization();

var app = builder.Build();

if (!app.Environment.IsDevelopment())
{
    app.UseHttpsRedirection();
}

app.UseAuthentication();
app.UseAuthorization();

// Public endpoint - no authentication required
app.MapGet("/api/public", () => 
    Results.Ok(new { Message = "This endpoint is public" }))
    .WithName("GetPublic");

// Protected endpoint - requires authentication
app.MapGet("/api/private", () => 
    Results.Ok(new { Message = "This endpoint requires authentication" }))
    .RequireAuthorization()
    .WithName("GetPrivate");

app.Run();
```

## Start Integrating Today

The code presented above constitutes the basic use of the SDK, intended solely to provide a generalized overview of its straightforward application.

To get started with a more detailed walkthrough, please refer to our [Quick Start guide](https://auth0.com/docs/quickstart/backend/aspnet-core-webapi).

For users who are migrating from the `Microsoft.AspNetCore.Authentication.JwtBearer` package, our [Migration Guide](https://github.com/auth0/aspnetcore-api/blob/master/MIGRATION.md) offers necessary instructions.

Additionally, to explore advanced scenarios such as DPoP and others, see our list of [Examples](https://github.com/auth0/aspnetcore-api/blob/master/EXAMPLES.md)

The `Auth0.AspNetCore.Authentication.Api` SDK is currently in beta release. Your feedback and contributions are welcome\!  

If you encounter any issues or have suggestions, please feel free to raise an issue on our [GitHub repository](https://github.com/auth0/aspnetcore-api).