This sample application demonstrates the integration of Descope with a .NET Framework 4.8 backend and a traditional ASP.NET web application using JavaScript for user authentication flows.
- Features
- Installation
- Running the Application
- Environment Setup
- API Protection with TokenValidator
- Using Descope Web Component
- Issue Reporting
- License
Clone the repository:
git clone https://github.com/descope-sample-apps/dotnet-4.8-sample-appNavigate to the cloned repository directory. Install dependencies and build the solution by opening the .sln file in Visual Studio and restoring NuGet packages.
To start the application:
- Open the solution file (
.sln) in Visual Studio. - Set the
DescopeProjectIdenvironment variable (see Environment Setup). - Run the solution (F5 or the "Start" button in Visual Studio).
- Set the
DESCOPE_PROJECT_IDenvironment variable:
- Windows:
setx DESCOPE_PROJECT_ID "YOUR_DESCOPE_PROJECT_ID"
Replace YOUR_DESCOPE_PROJECT_ID with your actual Descope Project ID.
- Place your Descope Project ID in the SDK initialization in the
AuthenticatedPage.aspx, so that the web component will use your own flows:
const sdk = Descope({ projectId: "YOUR_DESCOPE_PROJECT_ID", persistTokens: true, autoRefresh: true });
The TokenValidator class is used to secure API endpoints by validating JWT tokens, passed to your backend as a Bearer Token. Here’s an example of how to protect an API controller:
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Threading.Tasks;
using System.Web.Http;
using Microsoft.IdentityModel.Tokens;
namespace DescopeSampleApp.Controllers {
public class SampleController : ApiController
{
public async Task<IHttpActionResult> Get()
{
var authorizationHeader = Request.Headers.Authorization;
if (authorizationHeader != null && authorizationHeader.Scheme.Equals("Bearer", StringComparison.OrdinalIgnoreCase))
{
var sessionToken = authorizationHeader.Parameter;
if (!string.IsNullOrEmpty(sessionToken))
{
// Validate the session token
var tokenValidator = new TokenValidator("YOUR_DESCOPE_PROJECT_ID");
try
{
var claimsPrincipal = await tokenValidator.ValidateSession(sessionToken);
return Ok("This is a sample API endpoint.");
}
catch (SecurityTokenValidationException)
{
return Unauthorized();
}
}
}
return Unauthorized();
}
}
}In the AuthenticatedPage.aspx file, use the Descope Web SDK to handle user authentication:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="DescopeSampleApp.WebForm1" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="https://unpkg.com/@descope/[email protected]/dist/index.umd.js"></script>
</head>
<body>
<form id="loginForm" runat="server">
<p>Welcome to the Authenticated Page!</p>
</form>
<script>
const sdk = Descope({ projectId: "YOUR_DESCOPE_PROJECT_ID", persistTokens: true, autoRefresh: true });
const sessionToken = sdk.getSessionToken()
const currentPath = window.location.pathname;
console.log(currentPath)
if ((sessionToken) && (!sdk.isJwtExpired(sessionToken))) {
// User is logged in
} else {
if (currentPath != '/login.aspx') {
// Redirect to login page
window.location.replace('/login.aspx');
}
}
</script>
</body>
</html>For any issues or suggestions, please open an issue on GitHub.
This project is licensed under the MIT License - see the LICENSE file for details.