SSO

SSO with JWT in ASP.NET MVC and Web API

SSO with JWT in ASP.NET MVC and Web API

This article explains how to implement Single Sign-On (SSO) in an ASP.NET MVC application and consume a secure Web API using JWT tokens. We use OpenID Connect, a standard identity protocol used by providers like Auth0, Azure AD, and Okta.

🔐 Overview

  • User logs in via an identity provider (SSO)
  • MVC app receives a JWT access token
  • MVC app sends the JWT to a Web API
  • The Web API validates the JWT and returns data

🔧 Step 1: Configure Identity Provider

Register your ASP.NET MVC app with an identity provider like Auth0 or Azure AD. Set the redirect URI to https://localhost:5001/signin-oidc.

🖥️ Step 2: ASP.NET MVC App (Login Client)

Install the required NuGet packages:

Install-Package Microsoft.Owin.Security.OpenIdConnect
Install-Package Microsoft.Owin.Host.SystemWeb
Install-Package Microsoft.Owin.Security.Cookies

Configure OWIN Startup:

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    ClientId = "your-client-id",
    Authority = "https://your-idp.com/",
    RedirectUri = "https://localhost:5001/signin-oidc",
    ResponseType = "id_token token",
    Scope = "openid profile email",
    SignInAsAuthenticationType = "Cookies",
});

🔒 Step 3: Web API (Protected Backend)

Install the JWT middleware:

Install-Package Microsoft.Owin.Security.Jwt

Configure JWT validation in Startup.cs:

app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
    TokenValidationParameters = new TokenValidationParameters
    {
        ValidIssuer = "https://your-idp.com/",
        ValidAudience = "your-api-audience",
        IssuerSigningKeys = ... // Load from JWK
    }
});

📡 Step 4: Call Web API Using Access Token

client.DefaultRequestHeaders.Authorization = 
    new AuthenticationHeaderValue("Bearer", accessToken);

var response = await client.GetAsync("https://localhost:5002/api/secure/userinfo");

✅ Conclusion

With SSO and JWTs, users can securely log in once and access protected APIs across applications. This setup improves security, simplifies user management, and supports modern authentication protocols.

Comments

Post a Comment

Popular posts from this blog

Free sso

Create Free SSO with Keycloak Create a Free SSO System with Keycloak Want to add Single Sign-On (SSO) to your apps without paying for enterprise tools? You can do this completely free using Keycloak — a powerful open-source identity and access management solution. 🔧 What You'll Learn How to run Keycloak locally Set up users and clients Use SSO to authenticate in ASP.NET or any app 🚀 Step 1: Run Keycloak Locally You can run Keycloak using Docker in development: docker run -p 8080:8080 \ -e KEYCLOAK_ADMIN=admin \ -e KEYCLOAK_ADMIN_PASSWORD=admin \ quay.io/keycloak/keycloak:24.0.1 start-dev Then go to http://localhost:8080 and log in with: Username: admin Password: admin 🔐 Step 2: Set Up Realm, Client, and Users Create a Realm A realm is like a project or tenant. Go to the top-left menu and click “Create Realm” . Create a Client In your realm, go to Clients → Cr...
Read more

Best Free SSO Options

  🧰 Best Free SSO Options Tool Description Free? Protocols Keycloak Fully-featured open-source identity provider ✅ 100% free OpenID Connect, OAuth2, SAML Authentik Lightweight, modern alternative to Keycloak ✅ Free, open-source OIDC, SAML IdentityServer (Duende) Free for development (IdentityServer v4 is OSS) ✅ Dev only OIDC, OAuth2 Gluu Enterprise-grade open source IAM ✅ Community Edition OIDC, SAML Firebase Authentication Free tier available ✅ With limits OIDC, custom tokens Auth0 Free for up to 7,000 active users ✅ Limited OIDC, OAuth2 🚀 Example: Setup Free SSO with Keycloak 🔹 Step 1: Run Keycloak Locally (with Docker) bash Copy Edit docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.1 start-dev Go to: http://localhost:8080 Login: admin / admin 🔹 Step 2: Create a Realm, Client, and Users Create a Realm (e.g., MyRealm ) Create a Client : Client ID: myclient Client type: OpenID Connect → C...
Read more