| title | ASP.NET Tutorial | ||||||
|---|---|---|---|---|---|---|---|
| name | ASP.NET | ||||||
| image | /media/platforms/asp.png | ||||||
| tags |
|
||||||
| snippets |
|
||||||
| alias |
|
<%= include('../_includes/_package', { pkgRepo: 'auth0-aspnet', pkgBranch: 'master', pkgPath: 'examples/auth0-aspnet-mvc4-sample/', pkgFilePath: 'examples/auth0-aspnet-mvc4-sample/aspnet4-sample1/Web.config', pkgType: 'replace' }) %>
Otherwise, please follow the steps below to configure your existing ASP.NET app (any kind: WebForms, MVC 1, 2, 3 or 4) to use it with Auth0.
::: panel-info System Requirements This tutorial and seed project have been tested with the following:
- Microsoft Visual Studio 2015
- Auth0-ASPNET v1.4.0 :::
Use the NuGet Package Manager (Tools -> Library Package Manager -> Package Manager Console) to install the Auth0-ASPNET package, running the command:
${snippet(meta.snippets.dependencies)}
This package will add a
LoginCallback.ashxto your project, which will process the login.
After authenticating the user on Auth0, we will do a POST to a URL on your web site. For security purposes, you have to register this URL on the Application Settings section on Auth0 Admin app.
http://localhost:PORT/LoginCallback.ashxThe NuGet package also created three settings on <appSettings>. Replace those with the following settings:
${snippet(meta.snippets.setup)}
${lockSDK}
Once the user successfully authenticated to the application, a ClaimsPrincipal will be generated which can be accessed through the Current property:
public ActionResult Index()
{
string email = ClaimsPrincipal.Current.FindFirst("email").Value;
}
The user profile is normalized regardless of where the user came from. We will always include these: user_id, name, email, nickname and picture. For more information about the user profile read this.
Congratulations!
You can use the usual authorization techniques since the LoginCallback.ashx handler and the Http Module will generate an IPrincipal on each request. This means you can use the declarative [Authorize] or <location path='..'> protection or code-based checks like User.Identity.IsAuthenticated
To clear the cookie generated on login, use the FederatedAuthentication.SessionAuthenticationModule.SignOut() method on the AccountController\Logout method.
To allow users to link accounts from different providers, read Link Accounts.
You will need the access_token of the logged in user. You can get it from:
${'<%= ClaimsPrincipal.Current.FindFirst("access_token").Value %>'}
If you want to flow the identity of the user logged in to a web site, to a WCF service or an API, you have to use the callbackOnLocationHash: true parameter on the login widget constructor. When sending that paramter, Auth0 will generate an id_token which is a JsonWebToken that can be either send straight to your service or it can be exchanged to generate an ActAs token. Read more about this.
We recommend creating one application per environment in Auth0 and have different client ids and secret per environment. Read more about this.