Legacy ASP.NET Support with .NET 4.x

carlitos · June 9, 2025, 7:35pm

Does auth0 support legacy ASP. NET with .NET 4.x (not .NET core or standard)? I inherited a legacy app and would like to use auth0 because they want to add a mobile app to their offering but right now authentication is done via legacy webforms. I do plan on modernizing this app to .NET Core soon, but can’t right at this moment.

remus.ivan · June 9, 2025, 10:49pm

Hi @carlitos,

Welcome to the Auth0 Community !

For ASP.NET legacy apps you can follow the guidelines for the ASP.NET OWIN quickstarts to help integrate your application with Auth0. This version will still support your 4.x version, but updating to a .NET Core sounds like a great plan for the future.

I hope this helps!
Best regards,
Remus

carlitos · June 10, 2025, 1:29am

Thanks - what I’m really interested in is how Auth0 or OWIN handles creating the actual user session cookie. Secondarily, will this work side-by-side with that legacy ASP. NET app along with a modern API build in .NET Core? Will Auth0 return a JWT for the newer stuff? I am proposing this because they want to add the mobile app prior to upgrading the legacy app which means I need to bootstrap a web API that will live side-by-side with the legacy ASP. NET app.

remus.ivan · June 10, 2025, 5:38pm

Hi @carlitos.

Lets break it down here.

When integrating ASP. NET app with Auth0, the ASP. NET (OWIN) SDK follows the standard Authorization Code Flow ( this is also when an SSO session cookie is created - see Auth0 Session Layer documentation), so after a code was exchanged for a token the session within your application is created by the cookie middleware ( as described in the Configuration of the middleware part of the SDK ).

Sure! You can integrate all this parts within Auth0.

Legacy ASP. NET App: A “Regular Web Application” in Auth0.
Modern .NET Core API: A separate “API” in Auth0.
Mobile App: A “Native Application” that uses the Authorization Code Flow with PKCE

My guess is that you are referring to the mobile application. Auth0 returns a standard ID token when your users authenticate in the legacy app,but you can make a call using your modern API as an audience identifier so you can retrieve a token for your mobile app as well. If using one of our SDKs, this will check automatically for the auth0 SSO cookie created earlier and retrieve a new Access Token.

I hope this helps clarify things a bit better, and if you have other questions let me know.
Thanks,
Remus

Topic		Replies	Views
Question about implementation of legacy applications Get Help auth0 , api , login	4	3015	October 31, 2019
SDK for older asp.net web application Get Help configuration , application	2	890	July 25, 2023
Auth0 with .Net Framework without Owin Get Help quickstarts-regular-web-application , sdks-quickstarts	3	1437	May 23, 2023
Auth0 for both WebForms, MVC 5, and MVC Core applications Get Help	4	6090	September 3, 2019
Microsoft Classis ASP site Get Help configuration , application	4	1014	May 12, 2023

Legacy ASP.NET Support with .NET 4.x

Related topics