ASP.NET Web API (OWIN) Getting Started
At some point, your APIs may need to allow limited access to users, servers, or servers on behalf of users. This tutorial demonstrates how to use the OAuth 2.0 authorization features of Auth0 to give your applications (or third-party applications) limited access to your APIs on behalf of users. For more information, check out our documentation.
This Quickstart will guide you through the various tasks related to using Auth0-issued Access Tokens to secure your ASP.NET (OWIN) Web API.
Seed and Samples
If you would like to follow along with this Quickstart you can download the seed project. The seed project is just a basic ASP.NET Web API with a simple controller and some of the NuGet packages which will be needed included. It has also defined some of the required Auth0-related settings in the
appSettings key of the
The final project after each of the steps is also available in the Sample repository. You can find the final result for each step in the relevant folder inside the repository.
Create a Resource Server (API)
In the APIs section of the Auth0 Dashboard, click the Create API button. Provide a Name and Identifier for your API. The identifier you set will later be used as the
audience when configuring
access_token verification. Be sure to choose the RS256 signing algorithm.
Also update the
web.config file in your project with the correct Domain and API Identifier for your API, e.g.
<appSettings> <add key="Auth0Domain" value="YOUR_AUTH0_DOMAIN" /> <add key="Auth0ApiIdentifier" value="YOUR_API_IDENTIFIER" /> </appSettings>