ASP.NET Core

Overview

ASP.NET Core is a production-ready framework for building web applications. This example integrates Zitadel with the built-in OpenID Connect handler using the Authorization Code Flow + PKCE to authenticate users securely and manage sessions.

Auth library

This example uses Microsoft.AspNetCore.Authentication.OpenIdConnect. The middleware handles the PKCE dance, exchanges authorization codes for tokens, keeps tokens available on the request, and plugs into the standard ASP.NET Core authentication/authorization pipeline.

---

What this example demonstrates

• Public landing page with “Sign in with Zitadel”.
• PKCE login handled by the ASP.NET Core OIDC middleware.
• Route protection via the auth/authorization middleware; profile page renders OIDC claims.
• Cookie-based session management with configurable idle timeout.
• Federated logout that clears the local session and redirects through Zitadel’s RP-initiated logout.

---

Getting started

Prerequisites

• .NET SDK 8 or later

Account setup

Create a Web application in Zitadel configured for Authorization Code + PKCE, then set:

Redirect URIs: http://localhost:3000/auth/callback
Post Logout Redirect URIs: http://localhost:3000/auth/logout/callback

These values must match the sample configuration.

Run the example

1. Clone the repository:

   git clone https://github.com/zitadel/example-auth-dotnet.git
   cd example-auth-dotnet

2. Copy .env.example to .env and fill in your values:

   PORT=3000
   SESSION_DURATION=3600
   ZITADEL_DOMAIN="https://your-zitadel-domain"
   ZITADEL_CLIENT_ID="your-zitadel-application-client-id"
   ZITADEL_CLIENT_SECRET="your-randomly-generated-client-secret"
   ZITADEL_POST_LOGOUT_URL="http://localhost:3000/auth/logout/callback"

3. Start the dev server (restores dependencies automatically):

   make start

The app will be available at http://localhost:3000.

---

Learn more and resources

• PKCE concept
• ASP.NET Core OIDC handler
• Zitadel OIDC guide
• Federated logout
• Example repository