Using C# Extension Methods for Auth0 Authentication

How to use C# extension methods to simplify Auth0 configuration for ASP.NET web applications.
Read more

Brought for you by @andrea.chiarelli

Please let us know if you have any questions! :speech_balloon:

Do you know other ways to simplify Auth0 dev experience in .NET? Share it with us!

Hi,
I’ve written an article on Web Authentication. JSON Web Token (JWT) and its authentication into your Angular 8 project with a secure backend API running on Node.JS.
https://www.c-sharpcorner.com/article/json-web-auth-using-angular-8-and-nodejs/

Hey there Nicholas!

We have special place for such content. Can I ask you to create a topic in Show Your Auth0 category where we highlight such things? It will be easier for everyone to find it there. Once you create it please delete the reply here. Thank you!

This topic was automatically closed 27 days after the last reply. New replies are no longer allowed.

Can you elaborate the use of ‘CookieAuthenticationDefaults’ here as authentication will not happen through cookie, right ?
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme

Hi @SidK, :wave:
Thank you for joining the Auth0 Community.

Your question is a bit tricky and would require a specific article :slightly_smiling_face:. I’ll try to explain in a few words here.

The reason for this has to do with authentication schemes, that is, a mechanism that specifies how to perform the different authentication steps.

Focusing on our case, when your user authenticates with Auth0 using OpenID Connect, your application receives an ID token. This token grants that the user is authenticated and optionally provides some user information.
However, how does your application know that your user is authenticated before getting the token? How does your application know your user is authenticated each time it requests a new page?

You may think to check the existence of the ID token in each request. But this would require you to add the token to each request and check it opportunely, with all the potential security issues. The easiest way is to use a well-known and ready-to-use approach: the cookie scheme. This allows your application to automatically check the existence of the authentication cookie without requiring you to implement anything specific.

In other words, after your application receives the ID token from Auth0, an authentication cookie is created and sent to the browser. This cookie will be sent back to your application along with each request. This is why you have the cookie scheme configuration.

To answer your question “authentication will not happen through cookie, right?”, well, yes and no. You are combining two authentication schemes. The user is authenticated through OpenID Connection but each subsequent request is authenticated through the authentication cookie.

I hope this helps clarify.

By the way, bear in mind that you no longer need to build your own extension method to use Auth0. The Auth0 SDK for ASP.NET Core Authentication does it for you.