Skip to main content Skip to docs navigation

Integrate myMLA SSO

Learn how to integrate the myMLA SSO platform with a .Net Core site for authenticating users.

On this page

To set up the integration of the myMLA SSO platform with your .Net Core website, you will need to follow a few steps. The examples shown below are for .Net 6 (the latest release for .Net at the time of writing). If your site is a .Net Core site that uses an earlier version of .Net, please refer to the Pre .Net 6 section. This is mainly in reference to the Program.cs and StarUp.cs files.

The appsettings.json instructions are the same regardless what version .Net is being used.

NuGet

To integrate myMLA SSO platform with a .Net Core project, you will need to download the following library from NuGet - Auth0.AspNetCore.Authentication. All examples shown on this site use this NuGet library.

appsettings.json

You will need to reference various values to be able to access the myMLA SSO platform. The easiest place to store these is as part of the appsettings.json file. The most common items you will need are described below.

Domain
The domain where the authentication is issued from (the domain for myMLA SSO).
ClientId
The ClientId for your application. This allows myMLA SSO to authenticate where the user request is coming from.
ClientSecret
This is effectively the password for your application when accessing the myMLA SSO platform.
Audience
These are the list of protected APIs your app would like to access.

Below is an example of these settings defined as part of a section in appsettings.json file.

            
    "myMLA": {
        "Domain": "MYMLA_DOMAIN",
        "ClientId": "YOUR_CLIENT_ID",
        "ClientSecret": "YOUR_CLIENT_SECRET",
        "Audience": "THE_API_TO_ACCESS"
    }

Note: These values could also be stored in a Key Vault (e.g. Azure Key Vault or AWS Key Management Service).

Program.cs

You will need to inject the appropriate services in the Program.cs file. To do so you will need to call the AddAuth0WebAppAuthentication method from the service collection for the app builder. The examples shown below outline how to reference the values stored in the appsettings.json file.

For basic authentication integration, the following needs to be added to the Program.csfile.

            
    builder.Services.AddAuth0WebAppAuthentication(options =>
    {
        options.Domain = builder.Configuration["myMLA:Domain"];
        options.ClientId = builder.Configuration["myMLA:ClientId"];
        options.Scope = "openid profile email offline_access";
    });

For basic authentication integration as well access to protected API's, the following needs to be added to the Program.csfile. You must set UseRefreshTokens to true to allow seamless interaction between your app and the protected API.

            
    builder.Services.AddAuth0WebAppAuthentication(options =>
    {
        options.Domain = builder.Configuration["myMLA:Domain"];
        options.ClientId = builder.Configuration["myMLA:ClientId"];
        options.ClientSecret = builder.Configuration["myMLA:ClientSecret"];
        options.Scope = "openid profile email offline_access";
    })
        .WithAccessToken(options =>
        {
            options.Audience = builder.Configuration["myMLA:Audience"];
            options.UseRefreshTokens = true;
        });

You may have noticed that in addition to configuring the appsettings.json values, you also need to declare the scopes required for your applications. The scopes should be separated by a space (" "). You may add other scopes in addition to those used below.

openid
Indicates that the application intends to use OIDC (Open ID Connect authentication protocol) to verify the user's identity. (Required)
profile
Gives the application access to the user's myMLA SSO profile data.
email
Gives the app access to the user's primary email address in the form of the email claim.
offline_access
This must be included in order to receive refresh tokens. Refresh tokens allow the application to re-authenticate the user without any user interaction. This is particularly useful when using protected APIs.

You then need to configure the app that was built by the app builder to use the .Net Core Authentication and Authorization middleware.

            
    app.UseAuthentication();
    app.UseAuthorization();

Pre .Net 6

.Net 6 (and by default ASP Identity web sites for .Net 6) use top level statements. This style was not avialable before .Net 6. In this case there would normally be a Startup.cs file that would be referenced by the Program.cs file.

The Startup.cs file has two main methods - The ConfigureServices method and the Configure method.

Inside the ConfigureServices method, inject the required services into the application builder by calling AddAuth0WebAppAuthentication from the service collection. The option values are exactly the same as those outlined for .Net 6.

            
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuth0WebAppAuthentication(options => {
            options.Domain = builder.Configuration["myMLA:Domain"];
            options.ClientId = builder.Configuration["myMLA:ClientId"];
            options.ClientSecret = builder.Configuration["myMLA:ClientSecret"];
            options.Audience = builder.Configuration["myMLA:Audience"];
            options.Scope = "openid profile email offline_access";
        });

        // Other set up options
    }

You then need to configure the app builder to use the .Net Core Authentication and Authorization middleware inside the Configure method.

            
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.UseAuthentication();
        app.UseAuthorization();

        // Other set up options
    }