EasyHostingASP.NET | Best and Cheap ASP.NET Core 1.1 hosting. ASP.NET Core 1.1 is the latest version of ASP.NET. Instead of building incrementally on ASP.NET 4, Microsoft opted to do a full rewrite of the ASP.NET stack. The end result is a leaner and more modular framework than ever before. And now, integrating with Stormpath’s open source ASP.NET Core authentication library for ASP.NET Core 1.1 means you never need to build auth in-house again.

What’s changed? For starters, MVC and Web API have been unified into a single pipeline. Dependency injection is provided out of the box. And, most exciting of all, ASP.NET is now cross-platform!


Not only does this mean native hosting on Linux (woot!), but the modular design of the framework gives you more flexibility to use exactly the components that you want. Like Entity Framework but don’t want to use SQL Server? Not a problem! Not a fan of IIS? Kestrel is blazingly fast and works great with nginx.

How about an application with full-fledged user authentication, no database required? In this tutorial, you’ll learn how to use scaffold a basic ASP.NET Core application and plug in Stormpath user authentication with two lines of code.

Let’s get started.

What is Stormpath?

Stormpath is an API service that allows developers to create, edit, and securely store user accounts and user account data, and connect them with one or multiple applications.

Our API enables you to:

  • Authenticate and authorize your users
  • Store data about your users
  • Perform password and social-based login
  • Send password reset messages
  • Issue API keys for API-based web apps
  • And much more! (Check out our Product Documentation.)

In short: we make user account management a lot easier, more secure, and more scalable than what you’re probably used to.

Ready to get started? Register for a free developer account here.

Creating a New ASP.NET Core Project

This tutorial assumes that you have already installed the latest .NET Core SDK for your platform. You can follow along in Visual Studio if you’re on Windows, or using Visual Studio Code or your favorite text editor on other platforms.

Creating a New Project in Visual Studio

  1. Click on File – New Project.
  2. Under Visual C# – .NET Core, pick the ASP.NET Core Web Application (.NET Core) template.
  3. On the New ASP.NET Core Project dialog, pick the Web Application template.
  4. Click Change Authentication and pick No Authentication. You’ll be adding it yourself!

Creating a New Project Without Visual Studio

You can use the generator-aspnet Yeoman plugin to scaffold a new ASP.NET Core site. Follow the instructions to install the generator, and then run:

Pick the Web Application Basic template and follow the prompts in the console.

Get Your API Credentials

Your application will need an API Key and Secret in order to communicate with Stormpath. The best way to provide these is through environment variables. You can also hardcode the values into your application code, but we recommend environment variables as a best practice for security.

To save your Stormpath API credentials as environment variables, follow these steps:

  1. If you haven’t registered for Stormpath already, create a free developer account.
  2. Log in to the Admin Console and click the Create API Key button on the right side of the page to create and download an API key file.
  3. Open the apiKey.properties file up in your favorite text editor. Using the command line (or PowerShell), execute these commands:

If you’re on a non-Windows platform, the bash commands are :

Install the Stormpath ASP.NET Core Middleware

This part’s easy! The Stormpath.AspNetCore NuGet package contains everything you need to use Stormpath from your application. Install it using the NuGet Package Manager, or from the Package Manager Console:

If you’re not using Visual Studio, simply edit the project.json file and add this line to the dependencies group:

Then, run dotnet restore on the command line to download the package

Add Stormpath to Startup.cs

At the top of your Startup.cs file, add this line:

Next, add Stormpath to your services collection in ConfigureServices():

Finally, inject Stormpath into your middleware pipeline in Configure()

Note: Make sure you add Stormpath before other middleware you want to protect, such as MVC.

With only two lines of code, the Stormpath middleware will automatically handle registration, login, logout, password reset, and email verification. Pretty cool! By default, this functionality is exposed on the /register, /login routes (and so on).

Customizing the Default View

When a user logs in, the Stormpath middleware will set Context.User automatically. You can use the IsAuthenticated property in your views to show different content depending on whether the user is logged in.

In your Views/Shared/_Layout.cshtml file, replace the existing navbar with one that will update when a user logs in:

Bask in the Glory of Easy ASP.NET Core Authentication

Time to try it out!

  1. Fire up your application and open it in a browser.
  2. Click the Log In or Register link in the navbar. You’ll be redirected to the default Stormpath login view.
  3. Click Create an Account and fill out the form. Enter the same credentials in the login form to log in with the new account.
  4. You’ll be redirected back to your application. Check the navbar. You’re logged in!
  5. Log out again. Easy as pie.

Updating the navbar is cool, but what about protecting access to controllers that only your logged-in users should use? You’re in luck…

Add an MVC Controller Secured by Stormpath

The Stormpath middleware plugs right into the ASP.NET authentication system, which means you can use the [Authorize] attribute to protect your routes and actions with ease. To demonstrate, add a new MVC controller to allow logged-in users to view their profile:

Create a new file in the Controllers folder called ProfileController.cs. Paste this code into the new file (you may need to tweak the namespace to match the rest of your code):

Next, create a new folder under Views called Profile. Create a new view file called Index.cshtml and use the @inject directive to get the Stormpath IAccount object for the logged-in user:

Run your application again, and ensure that you are logged out.

Try accessing /profile. You’ll be redirected to the login page. When you log in, you’ll automatically be redirected to the Profile view. Awesome!

Alexia Pamelov