Pilgrim.SSO
1.1.0
dotnet add package Pilgrim.SSO --version 1.1.0
NuGet\Install-Package Pilgrim.SSO -Version 1.1.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Pilgrim.SSO" Version="1.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Pilgrim.SSO" Version="1.1.0" />
<PackageReference Include="Pilgrim.SSO" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Pilgrim.SSO --version 1.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Pilgrim.SSO, 1.1.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Pilgrim.SSO@1.1.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Pilgrim.SSO&version=1.1.0
#tool nuget:?package=Pilgrim.SSO&version=1.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Pilgrim.SSO
A reusable SSO (Single Sign-On) package for ASP.NET Zero projects, providing comprehensive OIDC authentication, refresh token management, and CSRF protection.
Features
- OIDC Authentication: Full OpenID Connect implementation with Microsoft Entra ID support
- Refresh Token Management: Automatic token rotation with theft detection
- CSRF Protection: Double-submit cookie pattern with DataProtection encryption
- Security Best Practices: Server-side state, httpOnly cookies, PKCE, nonce validation
- Multi-tenancy Support: Built-in ABP tenant resolution and management
- ASP.NET Zero Integration: Seamless integration with ABP framework
Installation
Install via NuGet Package Manager:
dotnet add package Pilgrim.SSO
Or via Package Manager Console:
Install-Package Pilgrim.SSO
Quick Start
1. Configure Services
In your Startup.cs or Program.cs, configure SSO:
services.Configure<SsoOptions>(Configuration.GetSection("Sso"));
services.AddSingleton<ICsrfTokenService, CsrfTokenService>();
services.AddScoped<IOidcStateService, OidcStateService>();
services.AddScoped<IRefreshTokenManager, RefreshTokenManager>();
2. Add OIDC Authentication
services.AddAuthentication()
.AddOpenIdConnect("YourProvider", options =>
{
options.Authority = "https://login.microsoftonline.com/{tenant-id}";
options.ClientId = "your-client-id";
options.ClientSecret = "your-client-secret";
// Additional configuration...
});
3. Use CSRF Middleware
app.UseMiddleware<CsrfValidationMiddleware>();
4. Extend the Base Controller
public class SsoTokenAuthController : SsoTokenAuthControllerBase
{
// Your SSO implementation
}
Configuration
Add to your appsettings.json:
{
"Sso": {
"Authority": "https://login.microsoftonline.com/{tenant-id}",
"ClientId": "your-client-id",
"ClientSecret": "your-client-secret",
"RedirectUri": "https://yourapp.com/signin-oidc",
"PostLogoutRedirectUri": "https://yourapp.com/signout-callback-oidc"
}
}
Components
Controllers
SsoTokenAuthControllerBase: Base controller for SSO token authentication endpoints
CSRF Protection
ICsrfTokenService: Interface for CSRF token generation and validationCsrfTokenService: Implementation using ASP.NET Core Data ProtectionCsrfValidationMiddleware: Middleware for automatic CSRF validation
OIDC State Management
IOidcStateService: Interface for OIDC state managementOidcStateService: Redis-backed state storage with encryption
Refresh Token Management
IRefreshTokenManager: Interface for refresh token operationsRefreshTokenManager: Secure refresh token storage and rotationIRefreshTokenRepository: Repository interface for token persistence
Security Features
- Token Theft Detection: Automatic detection of refresh token replay attacks
- Secure Storage: Encrypted tokens with httpOnly cookies
- PKCE Support: Proof Key for Code Exchange for enhanced security
- State Validation: Server-side OIDC state validation
- CSRF Protection: Double-submit cookie pattern with encryption
Requirements
- .NET 10.0 or later
- ASP.NET Zero / ABP Framework 10.3.0+
- Redis (for distributed state management)
Documentation
For detailed documentation and implementation examples, visit the repository.
License
MIT License - see LICENSE file for details
Support
For issues and questions, please use the Bitbucket issue tracker.
About
Developed by Pilgrim Consulting for ASP.NET Zero projects requiring enterprise-grade SSO capabilities.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net9.0
- Abp.AspNetCore (>= 10.3.0)
- Abp.AspNetZeroCore.Web (>= 5.1.0)
- Abp.RedisCache (>= 10.3.0)
- Azure.Identity (>= 1.17.1)
- Microsoft.AspNetCore.Authentication.OpenIdConnect (>= 9.0.8)
- Microsoft.AspNetCore.DataProtection.Abstractions (>= 9.0.8)
- Microsoft.EntityFrameworkCore (>= 9.0.8)
- Microsoft.Graph (>= 5.101.0)
- Microsoft.IdentityModel.Protocols.OpenIdConnect (>= 8.15.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.