ASP.NET Web API (OWIN) Introduction
Download this sample project configured with your Auth0 API Keys.
- Microsoft Visual Studio 2015 Update 3
- Microsoft.Owin.Security.Jwt NuGet Package V3.0.1
- System.IdentityModel.Tokens.Jwt NuGet Package v4.0.2
- Auth0.OpenIdConnectSigningKeyResolver NuGet Package v1.0.0
At some point, your APIs may need to allow limited access to users, servers, or servers on behalf of users. This tutorial demonstrates how to use the OAuth 2.0 authorization features of Auth0 to give your applications (or third-party applications) limited access to your APIs on behalf of users. For more information, check out our documentation.
Limited Region Support
This feature is only available for tenants under the US region. We will rollout this feature to every region in the following weeks.
This Quickstart will guide you through the various tasks related to using Auth0-issued JSON Web Tokens to secure your ASP.NET (OWIN) Web API.
Seed & Samples
If you would like to follow along with this Quickstart you can download the seed project. The seed project is just a basic ASP.NET Web API with a simple controller and some of the NuGet packages which will be needed included. It has also defined some of the required Auth0-related settings in the
appSettings key of the
The final project after each of the steps is also available in the Sample repository. You can find the final result for each step in the relevant folder inside the repository.
1. Enable OAuth 2.0 API Authorization
To execute the steps in this tutorial, you will need to enable a flag under your Account Settings. This will allow you to opt-in and out of this feature at any point in time while it remains under preview.
- Open the Dashboard and browse to Account Settings -> Advanced.
- Scroll down to the Settings section and turn on the flag "OAuth 2.0 API Authorization (Preview)"
You will see that the API section is now displayed on your sidebar.
2. Create a Resource Server (API)
In the APIs section of the Auth0 Dashboard, click the Create API button. Provide a Name and Identifier for your API. Be sure to choose the RS256 signing algorithm.
Also update the
web.config file in your project with the correct Domain and API Identifier for your API, e.g.
<appSettings> <add key="Auth0Domain" value="YOUR_AUTH0_DOMAIN" /> <add key="Auth0ApiIdentifier" value="YOUR_API_IDENTIFIER" /> </appSettings>
3. Install Dependencies
To use Auth0 Access Tokens with ASP.NET Core you will use the JWT Middleware which is available in the
Microsoft.Owin.Security.Jwt NuGet package. Also install the
Auth0.OpenIdConnectSigningKeyResolver NuGet package which will assist you in verifying the token signature.
Install-Package Microsoft.Owin.Security.Jwt Install-Package Auth0.OpenIdConnectSigningKeyResolver
The seed project contains both these NuGet packages, but if you are adding it to your own existing project you will only need to add the one which is relevant for your scenario.
That's all you need to start working with Auth0 in your Web API!
Please continue with the Authentication tutorial to secure your Web API.