{
// ...
"dependencies": {
"Microsoft.AspNet.Server.IIS": "1.0.0-beta1",
"Microsoft.AspNet.Mvc": "6.0.0-beta1",
"Microsoft.AspNet.Owin": "1.0.0-beta1",
"Microsoft.Owin": "3.0.0",
Since Auth0 exposes OIDC discovery documents (https://{YOU}.auth0.com/.well-known/openid-configuration
), we can use the OpenID Connect middleware for Katana v3 (OWIN) to read that information and automatically configure our web app, so you don’t have to provide all the configuration values:
- Install the nuget package
Microsoft.Owin.Security.OpenIdConnect
(v3.x.x) - Go to
App_Start\Startup.Auth.cs
, and replace your implementation with the following:
With Auth0, you can specify the algorithm used to sign your JWT tokens:
So in scenarios when you are signing JWTs with RSRS256
algorithm, you need to perform some changes in your ASP.NET Web Api in order to validate them properly.
NOTE: You can download your
.cer
file fromhttps://{YOU}.auth0.com/cer
endpoint.
From app.UseJwtBearerAuthentication
method, just replace SymmetricKeyIssuerSecurityTokenProvider
with X509CertificateSecurityTokenProvider
specifying your public signing key:
-
For JS backend, create a table (TodoItem) and set the
READ
permission to"Authenticated User only"
. -
For .NET backend, set
AuthorizationLevel.User
inTodoItemController
and publish the service:
// GET tables/TodoItem
[AuthorizeLevel(AuthorizationLevel.User)]
public IQueryable GetAllTodoItems()
class Program | |
{ | |
private const string Auth0Domain = "{YOU}.auth0.com"; | |
private const string clientId = "{AUTH0_CLIENT_ID}"; | |
private const string targetClientId = "{THE_WAMS_CLIENT_ID_IN_AUTH0}"; | |
private const string id_token = "{USER_ID_TOKEN}"; | |
private const string wamsEndpoint = "https://auth0-tests.azure-mobile.net/tables/people"; | |
static void Main(string[] args) | |
{ |