ASP.NET web application quick-start
A quick-start guide for getting you up and running with an ASP.NET Core Razor Page web application.
Before you begin
You have a tenant with a user for testing sign-in.
You have registered your application with the following options:
- OpenID Connect Authorization Code flow
- Your application redirect URL list must include the example application default URL:
- Optionally, disable SSL, then the default URL is
If you have already registered your application, replace the default URLs in the project property page (seen below) with your registered redirect URLs.
Alternatively, send instructions to SuperOffice by filling in the update form to add these URLs to your application definition.
you have received a unique application client ID and secret
you have Visual Studio (community, professional, or enterprise edition)
Clone or download the SuperOffice.DevNet.RazorPages from GitHub.
git clone https://github.com/SuperOffice/devnet-oidc-razor-pages-webapi.git
In Visual Studio, go to the Source directory and open the SuperOffice.DevNet.RazorPages.sln file.
In the appSettings.json file, enter the Environment, ClientId and ClientSecret settings. The environment setting pertains to SuperOffice online environment where the application will be operating. The options are sod, stage, or online.
The ClientId and ClientSecret refer to the application identifiers used by OpenID Connect.
These settings populate the OpenID Connect configuration options during the application's initialization and are defined in the Startup.cs file.
The default RedirectURL for this website is defined in the application property page. When you are ready to deploy this application to another website, or URL, make sure to update your application redirectURL by filling in the update application form. These can be changed in two places. The first is in the applications property pages:
Alternatively, in the solutions Properties folder, open the launchSettings.json file and change the applicationUrl and sslPort values.
The sslPort is only used if you enable SSL, seen in the previous image.
Under the Build menu, click Build Solution, or press the F6 key on the keyboard, to restore NuGet packages and build the solution file.
From the Debug menu, click Start Debugging, or press the F5 key. Observe that the application runs and opens in the browser.
Click the Login or Contacts link. The browser navigates to the SuperOffice SuperID sign-in page.
At this point, if you have multiple tenants, a list of available tenants is shown. Choose a tenant to grant access to your application.
If this is the 1st time accessing this tenant via this application, a consent dialog appears asking for application approval to gain access to your web service resources. Click I approve.
The browser callback is shown and navigates to the website's index page showing the list of claims and tokens.
Click the Contacts link and a list of all the contacts in the tenant will appear. This provides the opportunity to create a new company, or edit the name and department values for the listed companies.
Analyze the code.
The Startup.cs file contains information that:
Antiforgerycookie accordingly so that form posts work as expected in an iframe
- sets the
SameSitecookie to None by default, and to Unspecified in older browsers
- sets up the sign-out URL accordingly
The ContactDbContext.cs file acts as a local cache for Contact entities, as well as facilitates called to the SuperOffice WebApi REST API.
The SoHttpRestClient.cs file is an
HttpClient helper class to make REST requests.
If you have any issues with the sample, please post an issue on the repo issues page.