Blog Posts for: Oauth

Authenticate with OAuth 2.0 in ASP.NET Core 2.0

04 January 2018

Almost 2 years ago I wrote a blog post about using the generic OAuth provider in ASP.NET Core. A lot has changed since then, so I thought it might be a good time to revisit this. For this blog post, we will create a simple website which allows users to sign in with their GitHub credentials. I will also demonstrate how we can store the access token received from GitHub to make GitHub API calls using Octokit.

Forcing user to sign in with their Google Organization (G Suite) account

12 September 2017

Microsoft has a nice document explaining how to allow users to sign in to your application with their Google accounts. I was curious to see how one could go about forcing users to sign in with their organizational account. Why would you want to do this? Well, let say your company is using G Suite as its directory service. Only allowing users to sign in with their organizational (G Suite) email address means that you only have to procure users on the G Suite directory service.

Managing Cookie Lifetime with ASP.NET Core OAuth 2.0 providers

05 December 2016

I recently received a support request from a customer regarding the session lifetime once a user has signed in using Auth0 as they wanted the users to remain logged in across browser sessions. For our Auth0 integration with ASP.NET Core we have written no special middleware and instead rely on the standard OpenID Connect or OAuth2 middleware for authenticating users in MVC applications. My initial response to the user was to simply configure the cookie middleware and specify an ExpireTimeSpan:

Creating a lightweight API wrapper with Refit

22 September 2015

Introduction With the explosion of web APIs it becomes much more common for applications to integrate in some fashion with external APIs. These APIs are typically RESTful APIs, and normally there will be an official wrapper available for a wide range of programming languages and platforms to allow other developers to more easily integrate with the API. Sometimes however this may not be the case. It may be that the service in question simply do not see providing a .

Calling contributors for OAuth providers for ASP.NET 5

08 September 2015

Introduction Almost two years ago I did a fun little experiment to see whether I could develop a Google+ OAuth provider for ASP.NET MVC 5. I then followed it up and created Yahoo and LinkedIn providers as well and decided that it was probably time to turn it into an open source project. The resulting project has been fairly successful and has 38 providers with 284 commits from 38 different contributors.

Popup OAuth authentication with ASP.NET and SignalR

30 June 2015

Introduction One of the SaaS tools which I like to use for all sorts of small app-to-app integrations is Zapier. If you have ever used Zapier before you may have noticed that authenticating with one of the many applications with which it integrates does not actually navigate away from the current page that you are on, but instead uses a simple HTML popup dialog to authenticate the user. For a recent project I was involved in I had to do something similar, so I have extracted the techniques into a demo application and I am writing this blog post to show how easy it is to do something like this.

Using the ASP.NET OAuth providers without ASP.NET Identity

27 April 2015

Introduction I think very few ASP.NET developers realise that the ASP.NET authentication providers and ASP.NET Identity really have nothing to with each other. It is two completely independent technologies which are brought together nicely by the default ASP.NET MVC project template to allow users to sign in with the social media accounts, or link a social media sign in to their existing user account. ASP.NET Identity is the technology which provides user management, role management and authentication.

Advanced configuration in the ASP.NET 5 Generic OAuth Provider

21 April 2015

Introduction In my previous blog post I introduced the new generic OAuth 2 authentication provider which has been added to ASP.NET 5 by showing you how to configure it to authenticate with GitHub. In this blog post I will discuss two more advanced configuration options, namely requesting extra permissions via the Scope, and retrieving user information after authorization. The code I use in this blog post is mostly a straight forward copy-and-paste exercise from the sample in the ASP.

An introduction to the ASP.NET 5 Generic OAuth Provider

14 April 2015

Introduction Over the past 2 years I have been involved in the OWin Authentication Providers project, which enables developers to allow users of their ASP.NET applications to sign in with a wide range of services such as GitHub, LinkedIn, Yahoo and others. It started off with a blog post on how to allow users to sign in with their Google+ accounts via OAuth, and then it went on to LinkedIn and Yahoo and before long a Nuget package was born and the number of providers grew to where it stands at 23 today.

OWIN OAuth provider for GitHub

27 November 2013

Update: 19 May 2015 - You can view an updated video version of this on my AspnetCasts YouTube channel. The updated version is targeted for use with ASP.NET MVC 5 and ASP.NET Identity. Update: 1 April 2015 - The latest and most up to date version of this guide is available on the OAuth for ASP.NET website Turns out I had some extra time on my hands - or maybe I am just procrastinating.