Using Auth0 in ASP.NET Web API

When consuming an API there are two things to consider: how to validate the token (1) and getting a token (2).

1. Securing the API

On the server, follow these steps to secure the API.

Install the following NuGet package

Install-Package WebApi.JsonWebToken

Add the following code snippet on the Register method of WebApiConfig.cs:

config.MessageHandlers.Add(new JsonWebTokenValidationHandler()
{
    Audience = "YOUR_CLIENT_ID",  // client id
    SymmetricKey = "YOUR_CLIENT_SECRET"   // client secret
});

Protect your Web API with the [Authorize] attribute

public class CustomersController : ApiController
{
    // GET api/customers
    [Authorize]
    public IEnumerable<string> Get()
    ...
}

You can get the attributes of the user on the Web API side by doing:

  ClaimsPrincipal.Current.Claims.SingleOrDefault(c => c.Type == "email").Value

Consuming the secure API

Download the sample

Browse the sample on GitHub: https://github.com/auth0/auth0-webapi-js-sample