This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We currently have an ASP.NET Web Forms application targeting .NET Framework 4.8 that uses WS-Federation with Auth0 configured via web.config for authentication. Due to modernization and security recommendations, we are looking to migrate this setup to OpenID Connect (OIDC) while still staying on .NET Framework 4.8 (not Core).
Our questions are:
What are the exact steps and libraries (e.g., OWIN middleware, Katana, etc.) required to implement OIDC in a .NET 4.8 Web Forms app?
Can OIDC authentication co-exist temporarily with WS-Federation during transition?
How can we store and manage tokens securely post-authentication?
Are there any best practices or official Microsoft documentation for this migration path?
Any guidance or code samples will be highly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 90%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Use the Microsoft.IdentityModel.Protocols.OpenIdConnect and System.IdentityModel.Tokens.Jwt libraries. Update web.config to configure OIDC metadata endpoint, client ID/secret, and redirect URIs. Then replace WS-Fed middleware with OWIN or ASP.NET OIDC middleware for handling tokens and claims.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 11%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Hi Mubashir Ali,
Thank you for reaching out to Microsoft Q & A forum.
To migrate from WS-Federation to OpenID Connect (OIDC) in an ASP.NET Web Forms app (.NET Framework 4.8), use OWIN (Katana) middleware. Install these NuGet packages: Microsoft.Owin.Host.SystemWeb, Microsoft.Owin.Security.Cookies, and Microsoft.Owin.Security.OpenIdConnect.Configure OIDC in a Startup.cs file using cookie authentication and your identity provider (e.g., Auth0). You can run OIDC and WS Fed side by side during transition and control which flow to use per request. Tokens are stored in secure cookies by default; store long-lived tokens securely on the server if needed. Useful reference: Microsoft OWIN Docs.
If you have found the answer provided to be helpful, please click on the "Accept answer/Upvote" button so that it is useful for other members in the Microsoft Q&A community.