Published in


Authentication and authorization using Cognito in asp.NET


We had a problem that we wanted to authenticate our bunch of services using one source like whenever the user wants to access any of your services he/she will get an access grant from our Auth service and will be able to access all services. We solved this using AWS Cognito. Let see how we were able to crack the problem.
In this example, I will be using C# and .NET 5.


We will achieve this by first creating a user pool using the AWS console.

  1. Provide the name of your pool.

2. Click on review defaults and it will set up the pool using default settings and you can update according to your requirements.

Now that your pool is created so let us add an app client to integrate our application with this pool.

you need to provide a name to the app client and make sure all the checks are according to what you are seeing in the image.

Create a simple core web API project and install these packages

In your appsettings.json

You can get UserPoold in the General Settings tab.

and AppClientId and AppClientSecret from AppClients Tab.
Note : AppClientId and UserPoolClientId is same.

Now you need to configure Cognito identity in the ConfigureServices method inside Startup.cs class

Now let's start implementing login functionality using

You need to get these services through DI to implement authentication flows.

Login User

This is how you can get access and refresh tokens from Cognito. The first time when the user is created with a temporary password on the first login use has to update the password to get the access tokens. It returns a challenge that a new password is required. So we can check using that challenge and prompt use to update the temporary password.

Update Temporary password

To update temporary passwords we respond to that challenge and pass a new password with any required attributes you specified during the creation of UserPool in the AWS console.

Integrating backend API
Integration of backend API to validate the access token generated from Cognito and grant access to that API if this is passed.
Basically what we do is we check for the valid issuer and expiry of the token by using Cognito authority.

First, you need to configure Authentication Service in Startup.cs class in ConfigureServces method.

Afterwards, you can use the Authorize attribute on your endpoints to accept requests that are authenticated using AWS Cognito


In Addition, you can also implement forgot password and refresh token flows using AWS Cognito refer to this documentation.
If you have any suggestions or any confusion do send me feedback I can help you out in that regard.
thanks 😊




We’ve been shaping the innovation road-map since our inception, one byte perfection at a time.

Recommended from Medium

Programming Has No Age: How to Learn Java Even if You Think It’s Too Late

Reduce Cost and Increase Productivity with Value Added IT Services from buzinessware — {link} -

Python os.fpathconf() Method with example

Travis Authentication with Heroku

Advantages and Disadvantages of Computational Thinking

2/18 Pixel Racers Weekly Update

9 Tools To Increase Account Managers Efficiency

Reduce Cost and Increase Productivity with Value Added IT Services from buzinessware — {link} -

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Syed Hassaan Ahmed

Syed Hassaan Ahmed

Software Engineer (.NET , C# , JavaScript)

More from Medium

Real-time Code Quality with SonarLint in Visual Studio

Setup your CI/CD pipeline with Configuration as a Code and GitHub Actions in 1 minute.

How to implement Logging with Asp.Net Core, Elasticsearch and Kiabana

How I Upgrade my Code-Style of MediatR Pipeline using .NET 6