Skip to main content
Skip table of contents

.NET Core 2.x native OpenID Connect example

.NET has OIDC support built into it and the following is a basic example of one way to utilise it to connect to OpenAthens Keystone. Other options are available.

It is assumed that user has knowledge of developing applications using and this example is based off the Core Web Application template. (See:

Goal in this example

Authenticate a user and display all the received claims on a page. In the real world you would read the claims and feed them into your authorisation / user-session management process.


Add the OIDC dependencies

Update the dependencies part of your project (e.g. project.json, NuGet) to include both:


Configure Startup.cs to use OpenID Connect

Configure Startup.cs to use OIDC. Update the ConfigureServices method, e.g:

services.AddAuthentication(options => {
               options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            // Here "oidc" is the AuthenticationScheme
            .AddOpenIdConnect("oidc", options => {
                options.Authority = "";
                options.ClientId = "{ClientID}";
                options.ClientSecret = "{ClientSecret}";
                options.GetClaimsFromUserInfoEndpoint = true;
                options.ResponseType = "code id_token";
                options.ClaimActions.MapUniqueJsonKey("eduPersonTargetedID", "eduPersonTargetedID");
                options.ClaimActions.MapUniqueJsonKey("eduPersonScopedAffiliation", "eduPersonScopedAffiliation");
           //   If you plan to map extended attributes, such as username etc:
          options.ClaimActions.MapUniqueJsonKey("username", "username");
                options.CallbackPath = newPathString("/redirect");


Between the app.UseStaticFiles() and app.UseMVC() lines, add:

            //app.UseAuthenticatoin(); Adds the OIDC middleware

For additional settings that can be used you should refer to the Microsoft core documentation on the OpenIdConnectOptions class: 

Add in login and view claim to _Layout.cshtml

Add the following into _Layout.cshtml which will display a Login link if a user session does not exist and will display a link to logout and view the returned claims if a user session does:

                    <ul class="nav navbar-nav navbar-right">
                        @if (User.Identity.IsAuthenticated)
                            <li><a asp-controller="Account" asp-action="Claims">Account Profile</a></li>
                            <li><a asp-controller="Account" asp-action="Login">Login</a></li>

Create User portal pages

Create a new folder in Views called Account

Add a new MVC View page called Claims and paste in the following code which will display all claims that have been returned:

<div class="row">
    <div class="col-md-12">

        <h3>Claims associated with current User</h3>
        <table class="table">
            @foreach (var claim in User.Claims)

Create a AccountController class and add the following:

   public class AccountController: Controller
       public async Task Login(stringreturnUrl = "/")
            // specifying the scheme here "oidc"
            await HttpContext.ChallengeAsync("oidc", newAuthenticationProperties() { RedirectUri = returnUrl });
       public IActionResult Claims()
       public IActionResult AccessDenied()

Example of accessing the attributes

An example of accessing the claims returned is:

Name = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name)?.Value,
EmailAddress = User.Claims.FirstOrDefault(c => c.Type == "email")?.Value,
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.