gistfile1.md

project.json

{
  // ...
  "dependencies": {
    "Microsoft.AspNet.Server.IIS": "1.0.0-beta1",
    "Microsoft.AspNet.Mvc": "6.0.0-beta1",
    "Microsoft.AspNet.Owin": "1.0.0-beta1",
    "Microsoft.Owin": "3.0.0",
    "Microsoft.Owin.Security": "3.0.0",
    "Microsoft.Owin.Security.Jwt": "3.0.0-rc2"
  },
  "frameworks" : {
    "aspnet50" : { }
  }
}

Startup class

using Microsoft.AspNet.Builder;
using Microsoft.Framework.DependencyInjection;
using Microsoft.Owin.Builder;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.DataHandler.Encoder;
using Microsoft.Owin.Security.Jwt;
using Owin;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;

namespace TodoApi
{
  using AppFunc = Func<IDictionary<string, object>, Task>;

  public class Startup
  {
    public void ConfigureServices(IServiceCollection services)
    {
      services.AddMvc();
    }

    public void Configure(IApplicationBuilder app)
    {
      app.UseOwin(addToPipeline =>
      {
        addToPipeline(next =>
        {
          var appBuilder = new AppBuilder();
          appBuilder.Properties["builder.DefaultApp"] = next;

          var issuer = "https://{YOU}.auth0.com/";
          var audience = "{YOUR_AUTH0_CLIENT_ID}";
          var secret = TextEncodings.Base64Url.Decode(
            "{YOUR_AUTH0_CLIENT_SECRET}");
          
          appBuilder.UseJwtBearerAuthentication(
              new JwtBearerAuthenticationOptions
              {
                AuthenticationMode = AuthenticationMode.Active,
                AllowedAudiences = new[] { audience },
                IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                {
                  new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
                },
              });

          return appBuilder.Build<AppFunc>();
        });
      });

      app.UseMvc();
    }
  }
}

Download sample