---
title: "Implement OAuth Authentication in .NET Core (Step-by-Step Guide)"  
description: "Authentication is a critical part of any modern web application. Instead of building authentication from scratch, developers often rely on OAuth 2.0, a secure a"  
author: "Anubhav Sharma"  
published: 2026-04-07  
updated: 2026-04-09  
canonical: https://answers.mindstick.com/blog/187/implement-oauth-authentication-in-dot-net-core-step-by-step-guide  
category: "asp.net"  
tags: [".net programming", "asp.net", "asp.net mvc"]  
reading_time: 3 minutes  

---

# Implement OAuth Authentication in .NET Core (Step-by-Step Guide)

[Authentication](https://www.mindstick.com/blog/177/authentication-and-authorization-in-asp-dot-net) is a critical part of any modern [web application](https://www.mindstick.com/articles/13069/progressive-web-application-pwas-all-you-need-to-know-about). Instead of building authentication from scratch, developers often rely on **[OAuth 2.0](https://www.mindstick.com/articles/337508/enhancing-application-security-with-oauth-2-0)**, a secure and industry-standard protocol for authorization.

In this blog, we’ll learn how to implement [OAuth authentication](https://answers.mindstick.com/qa/112143/how-do-i-implement-oauth-authentication-in-my-application) in **.NET Core** using providers like **Google**, **Microsoft**, or **Facebook**.

## What is OAuth?

OAuth (Open Authorization) is a protocol that allows users to authenticate using third-party services without sharing their passwords.

### Example:

Instead of creating a new account, users can:

- “Login with Google”
- “Login with Facebook”

## Why Use OAuth in .NET Core?

- No need to manage passwords
- Faster user onboarding
- Secure and widely trusted
- Reduces development effort

## Prerequisites

Before starting, ensure you have:

- Installed **.NET SDK**
- Basic knowledge of [ASP.NET Core](https://www.mindstick.com/articles/326150/asp-dot-net-core-why-it-is-best-suited-for-banking-and-finance-sectors)

A project created using:

```cs
dotnet new mvc
```

## Step 1: Create ASP.NET Core Project

```cs
dotnet new mvc -n OAuthDemo
cd OAuthDemo
```

## Step 2: Install Required Packages

```cs
dotnet add package Microsoft.AspNetCore.Authentication.Google
dotnet add package Microsoft.AspNetCore.Authentication.MicrosoftAccount
```

## Step 3: Configure OAuth in appsettings.json

```cs
"Authentication": {
  "Google": {
    "ClientId": "YOUR_GOOGLE_CLIENT_ID",
    "ClientSecret": "YOUR_GOOGLE_CLIENT_SECRET"
  },
  "Microsoft": {
    "ClientId": "YOUR_MICROSOFT_CLIENT_ID",
    "ClientSecret": "YOUR_MICROSOFT_CLIENT_SECRET"
  }
}
```

## Step 4: Configure Authentication in Program.cs

```cs
var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = "Cookies";
    options.DefaultChallengeScheme = "Google";
})
.AddCookie()
.AddGoogle(options =>
{
    options.ClientId = builder.Configuration["Authentication:Google:ClientId"];
    options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];
})
.AddMicrosoftAccount(options =>
{
    options.ClientId = builder.Configuration["Authentication:Microsoft:ClientId"];
    options.ClientSecret = builder.Configuration["Authentication:Microsoft:ClientSecret"];
});

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();
```

## Step 5: Add Login Controller

```cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Mvc;

public class AccountController : Controller
{
    public IActionResult Login(string provider)
    {
        var redirectUrl = Url.Action("Callback");
        var properties = new AuthenticationProperties
        {
            RedirectUri = redirectUrl
        };

        return Challenge(properties, provider);
    }

    public async Task<IActionResult> Callback()
    {
        var result = await HttpContext.AuthenticateAsync();

        if (!result.Succeeded)
            return RedirectToAction("Login");

        var claims = result.Principal.Claims;

        return View("Profile", claims);
    }

    public IActionResult Logout()
    {
        return SignOut("Cookies");
    }
}
```

## Step 6: Add Login Buttons (View)

```html
<a href="/Account/Login?provider=Google">Login with Google</a>
<a href="/Account/Login?provider=Microsoft">Login with Microsoft</a>
```

## Step 7: Configure OAuth Providers

## Google Setup

- Go to Google [Cloud](https://www.mindstick.com/services/cloud-development) Console
- Create OAuth Client ID

Add redirect URI:

```plaintext
https://localhost:5001/signin-google
```

## Microsoft Setup

- Go to Azure Portal
- Register your app

Add redirect URI:

```plaintext
https://localhost:5001/signin-microsoft
```

## OAuth Flow (How It Works)

- User clicks login button
- Redirected to provider (Google/Microsoft)
- User authenticates
- Provider sends [authorization code](https://www.mindstick.com/interview/34218/how-do-you-secure-the-oauth-2-0-authorization-code-flow)
- App exchanges code for access token
- User is logged in

![Implement OAuth Authentication in .NET Core (Step-by-Step Guide)](https://answers.mindstick.com/blogs/077fa37b-781b-4568-b0ca-e27766af155e/images/80919175-2de0-481e-860a-7b5113a19e0a.png)

## Security Best Practices

- Always use HTTPS
- Store secrets securely (User Secrets / Key Vault)
- Validate tokens properly
- Use minimal scopes
- Enable CSRF protection

## Common Issues & Fixes

| Issue | Fix |
| --- | --- |
| Redirect URI mismatch | Check exact URL |
| Invalid client ID | Verify credentials |
| Login fails silently | Enable logging |
| Claims missing | Check scopes |

## Advanced Enhancements

- Add JWT token support
- Store [user data](https://www.mindstick.com/news/2294/according-to-tiktok-employees-in-china-have-access-to-user-data-from-the-uk-and-the-eu) in database
- Role-based authorization
- Multi-provider login system
- Refresh tokens implementation

## Conclusion

Implementing OAuth in **.NET Core** makes authentication secure, scalable, and user-friendly. With minimal setup, you can enable [social login](https://www.mindstick.com/blog/11679/how-to-use-social-login-for-google-yahoo-and-facebook) and improve [user experience](https://www.mindstick.com/articles/12731/the-importance-of-feedback-to-the-user-experience) significantly.

---

Original Source: https://answers.mindstick.com/blog/187/implement-oauth-authentication-in-dot-net-core-step-by-step-guide

Copyright © MindStick Software Pvt. Ltd. This Markdown version is provided for developers, AI systems, and offline reading.
