Use social sign-in provider authentication without ASP.NET Core Identity

Facebook, Google, and external provider authentication in ASP.NET Core describes how to enable users to sign in using OAuth 2.0 with credentials from external authentication providers. The approach described in that topic includes ASP.NET Core Identity as an authentication provider.

This sample demonstrates how to use an external authentication provider without ASP.NET Core Identity. This is useful for apps that don't require all of the features of ASP.NET Core Identity, but still require integration with a trusted external authentication provider.

This sample uses Google authentication for authenticating users. Using Google authentication shifts many of the complexities of managing the sign-in process to Google. To integrate with a different external authentication provider, see the following topics:

Configuration

In the ConfigureServices method, configure the app's authentication schemes with the AddAuthentication, AddCookie and AddGoogle methods:

public void ConfigureServices(IServiceCollection services)
{
    services
        .AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddGoogle(options =>
        {
            options.ClientId = Configuration["Authentication:Google:ClientId"];
            options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
        });

    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}

The call to AddAuthentication sets the app's DefaultScheme. The DefaultScheme is the default scheme used by the following HttpContext authentication extension methods:

Setting the app's DefaultScheme to CookieAuthenticationDefaults.AuthenticationScheme ("Cookies") configures the app to use Cookies as the default scheme for these extension methods. Setting the app's DefaultChallengeScheme to GoogleDefaults.AuthenticationScheme ("Google") configures the app to use Google as the default scheme for calls to ChallengeAsync. DefaultChallengeScheme overrides DefaultScheme. See AuthenticationOptions for additional properties that override DefaultScheme when set.

In the Configure method, call the UseAuthentication method to invoke the Authentication Middleware that sets the HttpContext.User property. Call the UseAuthentication method before calling UseMvcWithDefaultRoute or UseMvc:

app.UseAuthentication();

To learn more about authentication schemes and cookie authentication, see Use cookie authentication without ASP.NET Core Identity.

Applying authorization

Test the app's authentication configuration by applying the AuthorizeAttribute attribute to a controller, action, or page. The following code limits access to the Privacy page to users that have been authenticated:

[Authorize]
public class PrivacyModel : PageModel
{
    public void OnGet()
    {
    }
}

Sign out

To sign out the current user and delete their cookie, call SignOutAsync. The following code adds a Logout page handler to the Index page:

public class IndexModel : PageModel
{
    public void OnGet()
    {
    }

    public async Task<IActionResult> OnPostLogoutAsync()
    {
        await HttpContext.SignOutAsync();
        return RedirectToPage();
    }
}

Notice that the call to SignOutAsync does not specify an authentication scheme. The app's DefaultScheme of CookieAuthenticationDefaults.AuthenticationScheme is used as a fall back.

Additional resources