Adding authentik login to asp.net application

May 13 2024

All you need to do to add authentik login to asp.net is to add these options to your services:

builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = "Cookies";
    options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
    options.Authority = oauthAuthority;
    options.ClientId = oauthId;
    options.ClientSecret = oauthSecret; // Securely store and load this value
    options.ResponseType = "code";

    options.SaveTokens = true;

    options.Scope.Add("openid");
    options.Scope.Add("profile");
    options.Scope.Add("email");

    options.GetClaimsFromUserInfoEndpoint = true;

    options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
    {
        NameClaimType = "name"
    };

    // Optionally handle events
    options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
    {
        OnAuthenticationFailed = context =>
        {
            // Log or handle authentication failures
            return Task.CompletedTask;
        },
        OnTokenValidated = context =>
        {
            // Additional token validation can go here
            return Task.CompletedTask;
        }
    };
});

The config options can be obtained from creating a oauth2 application on authentik and pasting them here

options.Authority = oauthAuthority;
options.ClientId = oauthId;
options.ClientSecret = oauthSecret;

All you need to do now is add [Authorize] to your controllers and done!

Well, unless you actually want to get the user info you can use this neat little extension i made

public class UserClaims
{
    public string UserId { get; set; }
    public string Email { get; set; }
    public bool EmailVerified { get; set; }
    public string Username { get; set; }
    public string Nickname { get; set; }
    public string[] Groups { get; set; }
}

public static class HttpContextExtensions
{
    public static UserClaims GetUserClaims(this HttpContext context)
    {
        var claims = context.User.Claims;

        var userClaims = new UserClaims
        {
            UserId = claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value,
            Email = claims.FirstOrDefault(c => c.Type == ClaimTypes.Email)?.Value,
            EmailVerified = claims.FirstOrDefault(c => c.Type == "email_verified")?.Value == "true",
            Username = claims.FirstOrDefault(c => c.Type == "preferred_username")?.Value,
            Nickname = claims.FirstOrDefault(c => c.Type == "nickname")?.Value,
            Groups = claims.Where(c => c.Type == "groups").Select(c => c.Value).ToArray(),
        };

        return userClaims;
    }
}



// somewhere in one of your routes you can do this
var uinfo = HttpContext.GetUserClaims(); // HttpContext is reachable from anywhere no need to define it or anything
// maybe add iot tot he viewbag so it can be used everywhere
ViewBag.User = uinfo;