Skip to main content

Local Authentication (Email & Password)

Use the broker’s local login endpoint (POST /api/auth/login) with your own credential validator.

Step 1: Install the package

dotnet add package PrimusSaaS.Identity.Broker

Step 2: Configure Program.cs and middleware

Register a credential validator and the broker.

using PrimusSaaS.Identity.Broker;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddScoped<IPrimusAuthCredentialValidator, PortalAuthCredentialValidator>();
builder.Services.AddPrimusAuthBroker(builder.Configuration, builder.Environment.IsDevelopment());
builder.Services.AddControllers();

var app = builder.Build();
app.UseAuthentication();
app.UseAuthorization();
app.UsePrimusCsrfProtection();
app.MapControllers();
app.MapPrimusAuthBroker();
app.Run();

Example credential validator:

using PrimusSaaS.Identity.Broker;

public class PortalAuthCredentialValidator : IPrimusAuthCredentialValidator
{
    public Task<PrimusAuthUser?> ValidateCredentialsAsync(string email, string password, CancellationToken ct = default)
    {
        // Validate user from your database and return a PrimusAuthUser on success.
        return Task.FromResult<PrimusAuthUser?>(new PrimusAuthUser { Id = "1", Email = email, Role = "Admin" });
    }
}

Step 3: Configure appsettings.json

{
  "ConnectionStrings": {
    "DefaultConnection": "Server=localhost;Database=PrimusDB;Trusted_Connection=True;"
  },
  "DatabaseProvider": "sqlserver",
  "SeedAdmin": {
    "Email": "admin@primus.com",
    "Password": "ChangeMe123!"
  }
}
How to get configuration values
  • DefaultConnection is your database connection string.
  • SeedAdmin creates an initial user for local login (optional).

Step 4: Configure endpoint

Broker endpoints are mapped by app.MapPrimusAuthBroker().

  • POST /api/auth/login
  • POST /api/auth/logout
  • GET /api/auth/me

Local login is protected by CSRF. Call GET /api/auth/providers once on app startup to seed the CSRF cookie before posting to /api/auth/login.

Step 5: Test the endpoint

curl -X POST http://localhost:5000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{ "email": "admin@primus.com", "password": "ChangeMe123!" }'

Then call GET /api/auth/me to confirm the session.