Blog Posts for: Authentication

Using Roles with the ASP.NET Core JWT middleware

12 July 2016

Here is a great find: The JWT middleware in ASP.NET Core knows how to interpret a “roles” claim inside your JWT payload, and will add the appropriate claims to the ClaimsIdentity. This makes using the [Authorize] attribute with Roles very easy. This is best demonstrated with a simple example. First of all I head over to and create a JSON Web Token with the following payload: { "iss": "", "aud": "blog-readers", "sub": "123456", "exp": 1499863217, "roles": ["Admin", "SuperUser"] } Note the array of roles in the “roles” claim.

Adding parameters to the OpenID Connect Authorization URL

07 July 2016

I am busy working on some more samples for ASP.NET Core to demonstrate various techniques people can use Auth0 to authenticate their users. In most of our samples we use the standard OpenID Connect middleware, and one of the things I wanted to do was to pass extra parameters when the request is made to the Authorization endpoint. At Auth0 we allow users to authenticate with multiple social and Enterprise providers.

Using the ASP.NET OAuth providers without ASP.NET Identity

27 April 2015

Introduction I think very few ASP.NET developers realise that the ASP.NET authentication providers and ASP.NET Identity really have nothing to with each other. It is two completely independent technologies which are brought together nicely by the default ASP.NET MVC project template to allow users to sign in with the social media accounts, or link a social media sign in to their existing user account. ASP.NET Identity is the technology which provides user management, role management and authentication.

Advanced configuration in the ASP.NET 5 Generic OAuth Provider

21 April 2015

Introduction In my previous blog post I introduced the new generic OAuth 2 authentication provider which has been added to ASP.NET 5 by showing you how to configure it to authenticate with GitHub. In this blog post I will discuss two more advanced configuration options, namely requesting extra permissions via the Scope, and retrieving user information after authorization. The code I use in this blog post is mostly a straight forward copy-and-paste exercise from the sample in the ASP.

An introduction to the ASP.NET 5 Generic OAuth Provider

14 April 2015

Introduction Over the past 2 years I have been involved in the OWin Authentication Providers project, which enables developers to allow users of their ASP.NET applications to sign in with a wide range of services such as GitHub, LinkedIn, Yahoo and others. It started off with a blog post on how to allow users to sign in with their Google+ accounts via OAuth, and then it went on to LinkedIn and Yahoo and before long a Nuget package was born and the number of providers grew to where it stands at 23 today.