ASP.NET (OWIN): Login
This tutorial demonstrates how to add user login to an ASP.NET OWin application. We recommend you to Log in to follow this quickstart with examples configured for your account.
I want to integrate with my app15 minutes
I want to explore a sample app2 minutes
Get a sample configured with your account settings or check it out on Github.
Get Your Application Keys
When you signed up for Auth0, a new application was created for you, or you could have created a new one.
You will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.
You need the following information:
- Client ID
- Client Secret
Configure Callback URLs
The Callback URL of your application is the URL where Auth0 will redirect to after the user has authenticated in order for the OWIN OpenID Connect middleware to complete the authentication process.
You will need to add this URL to the list of Allowed URLs for your application. The Callback URL for the seed project is
http://localhost:3000/callback, so be sure to add this to the Allowed Callback URLs section of your application. Also add
http://localhost:3000/ to the Allowed Logout URLs.
If you deploy your application to a different URL you will also need to ensure to add that URL to the Allowed Callback URLs and Allowed Logout URLs. The
web.config in the sample projects also contain two keys named
auth0:PostLogoutRedirectUri with these URLs. Be sure to change those as well.
That's all you need to start working with Auth0!
Configure your application to use Auth0
Universal Login is the easiest way to set up authentication in your application. We recommend using it for the best experience, best security and the fullest array of features. This guide will use it to provide a way for your users to log in to your ASP.NET MVC 5 application.
Install and configure the OpenID Connect middleware
The easiest way to enable authentication with Auth0 in your ASP.NET MVC application is to use the OWIN OpenID Connect middleware which is available in the
Microsoft.Owin.Security.OpenIdConnect NuGet package, so install that first:
Kentor.OwinCookieSaver NuGet package:
Now go to the
Configuration method of your
Startup class and configure the cookie middleware as well as the Auth0 middleware. Also be sure to register the Kentor OWIN Cookie saver middleware which must be added before any cookie handling middleware.
It is essential that you register both the Kentor Cookie Saver middleware, the cookie middleware, and the OpenID Connect middleware as all of them are required (in that order) for the authentication to work. The OpenID Connect middleware will handle the authentication with Auth0. Once the user has authenticated, their identity will be stored in the cookie middleware.
In the code snippet above, note that the
AuthenticationType is set to Auth0. This will be used in the next section to challenge the OpenID Connect middleware and start the authentication flow. Also note code in the
RedirectToIdentityProvider notification event which constructs the correct logout URL.
Add Login and Logout Methods
Next, you will need to add
Logout actions to the
Login action will challenge the OpenID Connect middleware to start the authentication flow. For the
Logout action you will need to sign the user out of the cookie middleware (which will clear the local application session), as well as the OpenID Connect middleware. For more information, you can refer to the Auth0 Logout documentation.
To add the Login and Logout links to the navigation bar, head over to
/Views/Shared/_Layout.cshtml and add code to the navigation bar section which displays a Logout link when the user is authenticated, otherwise a Login link. These will link to the
Login actions of the
Obtain an Access Token for Calling an API
If you want to call an API from your MVC application, you need to obtain an Access Token issued for the API you want to call. To receive and Access Token, pass an additional audience parameter containing the API identifier to the Auth0 authorization endpoint.
You will also need to configure the OpenID Connect middleware to add the ID Token and Access Token as claims on the
Update the OpenID Connect middleware registration in your
Startup class as follows:
- Set the
OpenIdConnectResponseType.CodeIdTokenToken. This will inform the OpenID Connect middleware to extract the Access Token and store it in the
- Handle the
RedirectToIdentityProviderto check to an authentication request and add the
- Handle the
SecurityTokenValidatedto extract the ID Token and Access Token from the
ProtocolMessageand store them as claims.
To access these tokens from one of your controllers, cast the
User.Identity property to a
ClaimsIdentity, and then find the particular claim by calling the