ASP.NET Web API (OWIN) Introduction
Download a sample project.
This Quickstart will guide you through the various tasks related to using Auth0-issued JSON Web Tokens to secure your ASP.NET (OWIN) Web API.
Seed & Samples
If you would like to follow along with this Quickstart you can download the seed project. The seed project is just a basic ASP.NET Web API with a simple controller and some of the NuGet packages which will be needed included. It has also defined some of the required Auth0-related settings in the
appSettings key of the
The final project after each of the steps is also available in the Sample repository. You can find the final result for each step in the relevant folder inside the repository.
Create an Application
Create an Auth0 account (or login) and add an authentication client instance from the dashboard. Once you create your client, you will be provided with credentials (Domain, Client ID, and Client Secret) which should be stored somewhere safe (do not commit this information to your git repo!). You can download the sample after you login and it will be pre-configured with your Default App credentials.
Be sure to update the
appSettings section in your
web.config file in the seed project with the correct values for your application.
The JWT middleware you will use depends on whether your JWT tokens are signed using HS256 or RS256.
For HS256 signed tokens you will need to add the standard JWT middleware which is included in the
System.IdentityModel.Tokens.Jwt NuGet package. For RS256 signed tokens you will need to add the Active Directory Services Bearer Token middleware which is included in the
Microsoft.Owin.Security.ActiveDirectory NuGet package.
Install-Package System.IdentityModel.Tokens.Jwt Install-Package Microsoft.Owin.Security.ActiveDirectory
The seed project contains both these NuGet packages, but if you are adding it to your own existing project you will only need to add the one which is relevant for your scenario.
That's all you need to start working with Auth0 in your Web API!
Please continue with the Authentication tutorial to secure your Web API.