Handle New User Signup in ASP.NET Core

After following the ASP.NET Core v2.0 Login quickstart, I’m now wondering what’s the best way to handle either :

  1. a successful login event or
  2. a user’s first time to signup & login
    … after being returned from the Universal Login so that you can process additional steps like creating the user profile on your side of the application or asking for additional information.

The quickstart is using the standard OpenID Connect Middleware and not a separate package from Auth0. I haven’t been able to locate a good way to add event handling after a successful (or failed) sign-in.

Thanks a ton for the help!

From the OIDC protocol perspective the sign-up is just a secondary step to complete the authentication process, but in terms of response the result is the same: a token containing information about the user who just authenticated.

In your application you receive that user information (a unique user id at the very least). If you keep the user profile on your application, for instance, you can detect if the user id that the OIDC protocol send in the response doesn’t exist in your application, it means that it’s a new user.

There are multiple ways to do this. The OIDC middleware, in particular, offers an event (OnTicketReceived) that lets you analyze the information of the ticket created (the user that just logged in). In the event you could check if the user is a new user (no profile yet in your database) and add that as an additional claim (e.g. “IsProfileCompleted: true”). See here for an example of modifying/expanding the claims of the user that just logged in.
Then you could create a filter where you would enforce that the profile is completed by looking at the principal claims and, if the profile is not completed, redirect the user to a profile-completion page. You would apply that filter as a global filter or an attribute to certain controllers and/or actions.

1 Like

Thanks a ton Nicolas! This is super helpful. Didn’t know about the event that allows for adding additional claims. That’s awesome.

Is there a way to remove a claim after the signup process? For example, after they’ve filled out their profile?

(Apologies for the wrong response before, I posted on the wrong thread).

To alter claims after the authentication happened, you can obtain the current principal and authentication properties using AuthenticateAsync, modify the claims and then use SignInAsync to generate the new session cookie:

public async Task<IActionResult> ModifyClaims()
    // get the currently signed in principal
    // this assumes a user is already signed in
    var result = await HttpContext.AuthenticateAsync();
    var principal = result.Principal;
    var identity = (ClaimsIdentity)principal.Identity;
    // how to add a claim
    identity.AddClaim(new Claim("MyNewClaim", "1234"));
    // how to remove a claim
    var claimToRemove = identity.FindFirst("claimType");
    if (claimToRemove != null) {
    // set the new principal
    await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, result.Properties);
    // now continue with your logic
    return this.RedirectToAction("Home");
1 Like

You’re awesome! Thank you so much. This should totally go into the ASP.NET quick start walkthroughs. It would be super useful to anyone getting started.

1 Like

Thanks for providing such feedback @edb. I’ll transition it to our product teams!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.