Use the Microsoft.IdentityModel.Protocols.OpenIdConnect
and System.IdentityModel.Tokens.Jwt
libraries. Update web.config
to configure OIDC metadata endpoint, client ID/secret, and redirect URIs. Then replace WS-Fed middleware with OWIN or ASP.NET OIDC middleware for handling tokens and claims.
How to Migrate from WS-Federation to OpenID Connect in ASP.NET Framework 4.8?

We currently have an ASP.NET Web Forms application targeting .NET Framework 4.8 that uses WS-Federation with Auth0 configured via web.config
for authentication. Due to modernization and security recommendations, we are looking to migrate this setup to OpenID Connect (OIDC) while still staying on .NET Framework 4.8 (not Core).
Our questions are:
What are the exact steps and libraries (e.g., OWIN middleware, Katana, etc.) required to implement OIDC in a .NET 4.8 Web Forms app?
Can OIDC authentication co-exist temporarily with WS-Federation during transition?
How can we store and manage tokens securely post-authentication?
Are there any best practices or official Microsoft documentation for this migration path?
Any guidance or code samples will be highly appreciated.
ASP.NET Core Training
2 answers
Sort by: Most helpful
-
Small Pebbles 0 Reputation points
2025-05-22T08:41:23.1266667+00:00 -
Pradeep M 9,685 Reputation points Microsoft External Staff Volunteer Moderator
2025-05-22T11:04:40.2833333+00:00 Hi Mubashir Ali,
Thank you for reaching out to Microsoft Q & A forum.
To migrate from WS-Federation to OpenID Connect (OIDC) in an ASP.NET Web Forms app (.NET Framework 4.8), use OWIN (Katana) middleware. Install these NuGet packages: Microsoft.Owin.Host.SystemWeb, Microsoft.Owin.Security.Cookies, and Microsoft.Owin.Security.OpenIdConnect.Configure OIDC in a Startup.cs file using cookie authentication and your identity provider (e.g., Auth0). You can run OIDC and WS Fed side by side during transition and control which flow to use per request. Tokens are stored in secure cookies by default; store long-lived tokens securely on the server if needed. Useful reference: Microsoft OWIN Docs.
If you have found the answer provided to be helpful, please click on the "Accept answer/Upvote" button so that it is useful for other members in the Microsoft Q&A community.