OpenID Connect for User Authentication in ASP.NET Core

OpenID Connect for User Authentication in ASP.NET Core

OpenID Connect is a protocol for authenticating users. Learn how to use it for user authentication with ASP.NET Core in this quick tutorial.

mark

Looks good, Lee. I have a question or two. Can I use this with ASP.NET Identity if my Users/Roles/Claims are stored there? If so, what changes in the config? Evaluating product for our Internal Core 2 app + new IOS/Android Application hitting Web API. Thanks again.

Nate Barbettini

Sorry for the delay Mark! This article specifically looks at using an external identity provider (Okta), but the code in the “Check Your Work” section would be the same for ASP.NET Identity.

Karthik Rana

Hi, is it possible to get to know the changes required to work with 2.1.1?

Talha Ahmed

Any update on this for support on latest .net core > 2.1?

Andrew Regier

This might be useful for you: https://docs.microsoft.com/…

Bhavya Khanna

HI,
I want to same configurration in mvc web application.is ti possible?

Tim B.

Hi Lee, a super valuable post - thank you! The ASP.NET Core configuration part is dated (not that anyone expects web posts to stay current forever) and don’t help with ASP.NET Core 3.1/5.0 (there is no resemblance, even the Startup method in which the configuration is now made has been switched by Microsoft). Just a quick note since this is a very popular post by Google’s search standards.

leebrandt

Thanks for the heads up Tim! I’ll try and get an updated post out as soon as I can!

Hi Lee, Thanks for your post.

You wrote “get the tokens from the OpenID Connect provider (Okta) and store them in cookies for session management.”
First question, aren’t cookies deprecated ? Secondly even if I go with Sessions then how to manage Sessions on RESTful APIs ? Is there a work around to these issues ?

What makes you think cookies are deprecated? They’ve worked well for 20+ years and are still used by many FAANG companies, proving they scale just fine.