5G networks are highly heterogeneous, with ultradense base stations (BSs), due to the low penetration of millimeter waves and the availability of different access technologies. However, the continuous heterogeneity and densification of 5G networks pose great challenges to network security, especially for user mobility support. In the process of user handover between BSs or between different network domains, user access authentication and security session establishment are far riskier compared to 4G networks. On one hand, the overhead of handover authentication increases significantly as handovers become more frequent in an ultradense network. On the other hand, the differentiation of security schemes in heterogeneous networks poses a big challenge to handover authentication. Successfully designing a secure, privacy-preserving, and efficient handover authentication protocol for heterogeneous and ultra-dense 5G networks would substantially expand the prospects of future 5G network applications. Although numerous solutions (e.g., challengeresponse-based, public key cryptography-based, physical layer information-based, and blockchain-based solutions) have been proposed to solve the cross-domain handover authentication problem, most of them surfer from security and privacy vulnerabilities and unreasonable performance overhead. In this paper, we propose XAuth, a secure and privacy-preserving authentication protocol for both intra-domain and inter-domain handover in 5G Heterogeneous Networks (HetNets) based on blockchain. The proposed protocol can achieve mutual authentication, key agreement between User Equipment (UE) and target network, and is characterized by forward secrecy, backward secrecy, user anonymity, and conditional privacy preservation. Formal security analysis and comprehensive performance evaluation demonstrate the security and effectiveness of the proposed protocol.