TapInAuth.Identity
0.5.1
dotnet add package TapInAuth.Identity --version 0.5.1
NuGet\Install-Package TapInAuth.Identity -Version 0.5.1
<PackageReference Include="TapInAuth.Identity" Version="0.5.1" />
<PackageVersion Include="TapInAuth.Identity" Version="0.5.1" />
<PackageReference Include="TapInAuth.Identity" />
paket add TapInAuth.Identity --version 0.5.1
#r "nuget: TapInAuth.Identity, 0.5.1"
#:package TapInAuth.Identity@0.5.1
#addin nuget:?package=TapInAuth.Identity&version=0.5.1
#tool nuget:?package=TapInAuth.Identity&version=0.5.1
TapInAuth
Tap to sign in. Drop-in passwordless authentication for ASP.NET Core and Blazor — passkeys, magic links, email OTP, and recovery codes — with an executive-grade UI that themes to your brand and a multi-tenant store baked in from day one.
What you get
| Method | Status | Package |
|---|---|---|
| 🔑 Passkeys (WebAuthn / FIDO2) | ✅ shipping | TapInAuth.Core (wraps Fido2.AspNet) |
| 📧 Magic link (email) | ✅ shipping | TapInAuth.Core |
| 🔢 Email OTP (6-digit code) | ✅ shipping | TapInAuth.Core |
| 🔄 Recovery codes (single-use) | ✅ shipping | TapInAuth.Core |
| 📱 SMS OTP sign-in (phone as secondary identifier) | ✅ shipping | TapInAuth.Core + TapInAuth.Sms.Twilio |
| 🤖 Bot-defense widgets (Turnstile / hCaptcha) | ✅ shipping | TapInAuth.Risk.Turnstile, TapInAuth.Risk.HCaptcha |
Plus: a Razor Pages UI and a Razor Components (Blazor Server) UI you can ship as-is or restyle with CSS variables, a tenant-aware EF Core store, an ASP.NET Core Identity adapter for existing apps, a built-in admin dashboard with audit feed, five email providers (SMTP, SendGrid, Postmark, Amazon SES, MessageBird) behind a single IEmailSender contract, and an MIT license.
5-line quickstart
// Program.cs
builder.Services
.AddTapInAuth(o =>
{
o.Logo.Path = "wwwroot/img/your-logo.svg";
o.Theme.Accent = "#2563EB";
o.Methods = TapInAuthMethod.Passkey
| TapInAuthMethod.MagicLink
| TapInAuthMethod.EmailOtp
| TapInAuthMethod.RecoveryCode;
})
.AddEfCoreStore<AppDbContext>()
.AddSmtpEmail(builder.Configuration.GetSection("Smtp"));
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages(); // surfaces TapInAuth.UI's sign-in / OTP / passkeys / recovery pages
app.MapTapInAuth(); // mounts /auth/* endpoints
That's the entire host-app surface. Sign-in page, magic-link landing page, OTP entry, passkey ceremony, recovery flow, admin dashboard — all in the library, all themed to your --tap-accent.
Already on ASP.NET Core Identity?
Swap one builder call:
builder.Services.AddTapInAuth(...)
.AddEfCoreStore<AppDbContext>() // still hosts magic-link, OTP, recovery, passkey tables
.AddIdentityAdapter<IdentityUser>() // user table → Identity's AspNetUsers
.AddSmtpEmail(...);
No second user table. UserManager<IdentityUser> runs the user side; TapInAuth runs everything else. See samples/Identity.Sample for the end-to-end demo.
Multi-tenant SaaS?
Tenancy is built in from day one — every store call is tenant-scoped. Add a resolver, point it at your tenant catalog, optionally override per-tenant logo / accent / WebAuthn RP id:
builder.Services.AddTapInAuth(...)
.AddEfCoreStore<AppDbContext>()
.AddTenantResolver<MySubdomainTenantResolver>()
.AddSmtpEmail(...);
See samples/SaaS.MultiTenant for the three-tenant demo with per-tenant logos, brand colors, and credential isolation.
Why TapInAuth?
| TapInAuth | fido2-net-lib | ASP.NET Core Identity passkeys | Bitwarden Passwordless.dev | |
|---|---|---|---|---|
| Passkeys (WebAuthn) | ✅ | ✅ (protocol only) | ✅ (Blazor template only) | ✅ (SaaS, $3/user/mo) |
| Magic link | ✅ | ❌ | ❌ | ❌ |
| Email/SMS OTP | ✅ | ❌ | ❌ | ❌ |
| Recovery codes | ✅ | ❌ | ❌ | ❌ |
| Built-in UI, themable | ✅ | ❌ | template only | hosted widget |
| Admin dashboard + audit log | ✅ | ❌ | ❌ | ✅ |
| Multi-tenant from day one | ✅ | N/A | ❌ | ✅ |
| Identity adapter | ✅ | N/A | N/A | N/A |
| OSS, self-hosted, no SaaS | ✅ | ✅ | ✅ | open-core |
Documentation
| Getting started | Add TapInAuth to a fresh or existing ASP.NET Core app |
| Concepts: multi-tenancy | Tenant resolution, per-tenant branding, isolation guarantees |
| Concepts: cookie handoff | How TapInAuth cooperates with AddAuthentication().AddCookie() |
| How-to: ASP.NET Core Identity adapter | Plug into an existing IdentityUser setup |
| How-to: passkeys | WebAuthn config, RP id, conditional UI |
| How-to: recovery codes | Generation, redemption, UX patterns |
| How-to: admin dashboard | Granting the admin role, audit feed |
| How-to: theming | Design tokens, logo handling, dark/light mode |
| How-to: SMS sign-in | Phone as secondary identifier, account-page management |
| Reference: options | Every TapInAuthOptions knob |
| Reference: endpoints | Every HTTP endpoint mounted by MapTapInAuth() |
| Reference: email providers | SMTP / SendGrid / SES / Postmark / MessageBird |
| Deploy | Azure · AWS · Docker · Kubernetes · IIS |
Repository layout
src/
TapInAuth.Abstractions/ Interfaces, DTOs, options
TapInAuth.Core/ Auth engine (magic link, OTP, SMS OTP, passkeys, recovery, hashing, rate limit, audit)
TapInAuth.AspNetCore/ DI extensions, endpoint mapping, cookie handoff, admin policy
TapInAuth.Identity/ ASP.NET Core Identity adapter
TapInAuth.Store.EntityFrameworkCore/ EF Core store (tenant-aware) + EF audit sink
TapInAuth.Email.Smtp/ MailKit-based IEmailSender
TapInAuth.Email.SendGrid/ SendGrid IEmailSender
TapInAuth.Email.Ses/ Amazon SES (v2) IEmailSender
TapInAuth.Email.Postmark/ Postmark IEmailSender
TapInAuth.Email.MessageBird/ MessageBird (Bird) IEmailSender
TapInAuth.Sms.Twilio/ Twilio ISmsSender
TapInAuth.Risk.Turnstile/ Cloudflare Turnstile bot-defense
TapInAuth.Risk.HCaptcha/ hCaptcha bot-defense
TapInAuth.UI/ Razor Pages UI (RCL) — sign-in, OTP, passkeys, recovery, account, admin
TapInAuth.UI.Blazor/ Razor Components UI (Blazor Server / interactive)
samples/
Mvc.Quickstart/ Single-tenant MVC app with all methods
Identity.Sample/ ASP.NET Core Identity + TapInAuth coexistence
SaaS.MultiTenant/ SaaS demo: subdomain tenants, per-tenant logo + theme
BlazorServer.Quickstart/ Blazor Server app using TapInAuth.UI.Blazor
tests/
TapInAuth.Abstractions.Tests/
TapInAuth.Core.Tests/
TapInAuth.AspNetCore.Tests/
Building locally
Prerequisites: .NET SDK 10.0.300+ (global.json enforces).
git clone https://github.com/tapinauth/tapinauth.git
cd tapinauth
dotnet restore
dotnet build -c Release
dotnet test -c Release
dotnet run --project samples/Mvc.Quickstart
The samples include Hermex — an in-process dev SMTP server with a browser inbox at /hermex — so you can sign in via magic-link or OTP without configuring real SMTP.
Contributing
See CONTRIBUTING.md. All commits must be signed off (DCO — git commit -s).
Security
See SECURITY.md for the threat model and how to report vulnerabilities.
License
MIT — see LICENSE. Trademark "TapInAuth" is held by Suresh Subramanian; the open-source license does not grant a trademark license.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- Fido2 (>= 4.0.1)
- Fido2.AspNet (>= 4.0.1)
- Fido2.Models (>= 4.0.1)
- TapInAuth.Abstractions (>= 0.5.1)
- TapInAuth.AspNetCore (>= 0.5.1)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 0.5.1 | 52 | 6/1/2026 |