Getting Started with OpenID Connect in ASP.NET Core

byKailash Chandra Behera -
0

In modern web applications, authentication and authorization are critical components for ensuring secure access to resources. One of the most widely adopted standards for authentication is OpenID Connect (OIDC).

OpenID Connect lets you log in users using a third-party identity provider (IdP) and get some basic profile information about them, all using standard OAuth 2.0 flows.

In this post, we’ll explore what OpenID Connect is and how to implement it in an ASP.NET Core application.

Getting Started with OpenID Connect in ASP.NET Core

Getting Started

OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol. It allows clients (like web or mobile) applications to verify the identity of a user based on the authentication performed by an authorization server (like Google, Microsoft, Okta, etc.).

How It Works (Basic Flow)

  1. User tries to log in to a web app.
  2. The app redirects the user to the identity provider (e.g. Google).
  3. User logs in at the identity provider.
  4. The identity provider redirects back to the app with:
    • ID Token (JWT containing user identity info)
    • Access Token (optional, for calling APIs)
  5. The app validates the ID token and logs the user in.

Example Use Case

  • A user clicks “Sign in with Google.”
  • Your app uses OpenID Connect to:
    • Redirect the user to Google for login
    • Receive an ID token with user info like name, email, and profile picture
    • Use that info to create/log in the user in your app

Benefits of OpenID Connect

  • Federated Login (login once, use many apps)
  • Standardized and widely adopted
  • Secure and built on OAuth 2.0 best practices
  • Interoperable between many providers (Google, Microsoft, Auth0, etc.)

Intigrate OpenID Connect in ASP.NET Core

Let’s walk through integrating OpenID Connect in an ASP.NET Core MVC application using a generic identity provider.

Install the Required NuGet Package

To install the OpenID Connect package using the NuGet Package Manager in a .NET project. This package provides the middleware needed to integrate OIDC authentication with ASP.NET Core., follow these steps:

  1. Open your project in Visual Studio.
  2. In the Solution Explorer, right-click on your project.
  3. Select "Manage NuGet Packages...".
  4. Go to the "Browse" tab.
  5. In the search box, type: Microsoft.AspNetCore.Authentication.OpenIdConnect.
  6. Find the Microsoft.AspNetCore.Authentication.OpenIdConnect package in the results and click Install.
  7. Accept any license agreements that appear.

Configure Authentication
Open the Startup.cs or Program.cs and update according to below code. 
 using Microsoft.AspNetCore.Authentication.Cookies;  
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;  
 var builder = WebApplication.CreateBuilder(args);  
 // Add authentication services  
 builder.Services.AddAuthentication(options =>  
 {  
   options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;  
   options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;  
 })  
 .AddCookie()  
 .AddOpenIdConnect(options =>  
 {  
   options.Authority = "https://your-idp.com"; // Replace with your identity provider  
   options.ClientId = "your-client-id";  
   options.ClientSecret = "your-client-secret"; // If applicable  
   options.ResponseType = "code";  
   options.SaveTokens = true;  
   options.Scope.Add("openid");  
   options.Scope.Add("profile");  
   options.Scope.Add("email");  
   options.GetClaimsFromUserInfoEndpoint = true;  
   options.CallbackPath = "/signin-oidc"; // Default callback path  
 });  
 builder.Services.AddControllersWithViews();  
 var app = builder.Build();  
 app.UseAuthentication();  
 app.UseAuthorization();  
 app.MapDefaultControllerRoute();  
 app.Run();

Protect Routes with [Authorize]
Add the [Authorize] attribute to controllers or actions that require authentication: 
 using Microsoft.AspNetCore.Authorization;  
 using Microsoft.AspNetCore.Mvc;  
 [Authorize]  
 public class DashboardController : Controller  
 {  
   public IActionResult Index()  
   {  
     return View();  
   }  
 }

Manage Session
Create an AccountController to manage user sessions: 
 using Microsoft.AspNetCore.Authentication;  
 using Microsoft.AspNetCore.Authentication.Cookies;  
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;  
 using Microsoft.AspNetCore.Mvc;  
 public class AccountController : Controller  
 {  
   public IActionResult Login(string returnUrl = "/")  
   {  
     return Challenge(new AuthenticationProperties { RedirectUri = returnUrl },  
       OpenIdConnectDefaults.AuthenticationScheme);  
   }  
   public IActionResult Logout()  
   {  
     return SignOut(new AuthenticationProperties { RedirectUri = "/" },  
       OpenIdConnectDefaults.AuthenticationScheme,  
       CookieAuthenticationDefaults.AuthenticationScheme);  
   }  
 }

Summary

OpenID Connect (OIDC)is a powerful and standardized way to authenticate users in ASP.NET Core applications. It helps ensure secure, modern, and scalable authentication. I hope this was helpful to you.

Thanks

Tags

Kailash Chandra Behera

I am an IT professional with over 13 years of experience in the full software development life cycle for Windows, services, and web-based applications using Microsoft .NET technologies.

You may like these posts

Previous Post Next Post

نموذج الاتصال