Angular SPA with ASP.NET API and SSO

Current situation, the user fill in credentials and these are send to my API. When credentials are Ok the API sends back a session_token (which is stored by the API with username). With every call to the API this session_token is send in the header. So the API knows the username for that call and can do things (filter data for that user e.g.)

Now I want SSO with Auth0. Auth0 returns an access_token which is send to the API. So the API knows that the user is valid, but it has no clue of the users identity to filter data.

How to implement this with Auth0. I miss something ;-).

Regards Arnaud

The user’s identity will be in the sub claim in the JWT. Inside ASP.NET this will be available in the NameIdentifier claim.

You were not clear on whether you are using ASP.NET Core, or OWIN. So this is how you would do it for both:

For ASP.NET Core

// Inside your controller action, access the user id as follows:
var userId = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value;

For ASP.NET (OWIN)

// Inside your controller action, access the user id as follows:
var claimsPrincipal = User as ClaimsPrincipal;
var userId = claimsPrincipal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value;

Thnxs @jerrie1, for the answer.

I am not using CORE.

What to send to the API with every request for data? And how is that loaded in the Principal? I am new with this stuff :wink:

You will need to send along the access_token which can be obtained when a user logs in using Lock. How exactly this will work will depend on which platform you use to develop your front-end - e.g. Angular, iOS, etc…

For the API itself you can view the OWIN Web API quickstart and work through that, as it takes you through the entire process of developing the API:

For the frontend you will need to find the quickstart for whichever technology you are using. Please have a look at our quickstarts at Auth0

Thnxs, I will dive into that.

At the moment I am at the following point.

In my SPA I have a with href:

https://XXXX.eu.auth0.com/authorize?audience=xxxxx&scope=email&response_type=token&client_id=xxxxx&redirect_uri=http://localhost:5000/#!/home

I have to confirm my account and get a accessToken

I create local ASP.NET webapi (from an example, with the ping/secure) and when I do a get with the accessToken in the authorization header, I have access. Till now everything went well.

Now I want to known in the controller of the API, the user. I toke your code and put it in the controller and I retrieve a userId (auth0|xxxxxx) but I need the emailadres of the user, because with that I can indentify the user in my Database.

How to do that?

As noted, the access_token does not contain any information about the user other than the user’s ID. In order to get more information about the user, you will have to call the /userinfo endpoint, passing along the access_token

For more information, please read the following blog post:

You can find documentation on the /userinfo endpoint at:
https://auth0.com/docs/api/authentication#get-user-info

You can use the Auth0.NET SDK to call this endpoint. Documentation is available at:
Documentation

First install the NuGet package:

Install-Package Auth0.AuthenticationApi

Then, the code you will have to write is something like the following:

using Auth0.AuthenticationApi;

var client = new AuthenticationApiClient("XXXX.eu.auth0.com"));
var userInfo = await client.GetUserInfoAsync("your access_token");

HOWEVER, since you have to make an extra call to the Auth0 Authentication API each time to retrieve the user’s email address, I would highly recommend rethinking your DB structure, and instead identify the user in your database with their user ID, and not their email address