Owin claims-based Authentication Login Implementation

         Public Override AsyncTask grantresourceownercredentials (Oauthgrantresourceownercredentialscontext context) {varUsermanager = context. Owincontext.getusermanager<applicationusermanager>(); ApplicationUser User=awaitUsermanager.findasync (context. UserName, context.            Password); if(User = =NULL) {context. SetError ("invalid_grant","The user name or password is incorrect."); return; } claimsidentity oauthidentity=awaituser.            Generateuseridentityasync (Usermanager, Oauthdefaults.authenticationtype); Claimsidentity cookiesidentity=awaituser.            Generateuseridentityasync (Usermanager, Cookieauthenticationdefaults.authenticationtype); Authenticationproperties Properties=createproperties (user.            UserName); Authenticationticket Ticket=NewAuthenticationticket (oauthidentity, properties); Context.            Validated (ticket); Context.        Request.Context.Authentication.SignIn (cookiesidentity); }
AuthenticationManager is in the Microsoft.Owin.Security namespace, and this interface is defined in Microsoft.OWin.dll.

OWin, which is an open source project organized by members of the Microsoft ASP. The goal is to decouple servers and applications, in which the servers primarily refer to Web servers, such as IIS, and the full name is open Web Interface for. Net. Owin can be said to be a set of definitions, by default it is no concrete implementation of

In today's fast-growing web era, this model has not been able to meet the needs of flexible and changeable. The more lightweight and modular things, the faster you can adapt to changes, not to mention. NET now to attract the attention of the open source community, only to get this piece through, more and more powerful open source components to be able to appear. NET, such as writing an open source ASP. 

We said that Owin is a set of definitions, which is called "Application proxy (Application delegate)" by summarizing the interaction between the server and the application as a method signature.

Appfunc = func<idictionary<string, object>, task>;

Each component in a Owin-based application can interact with the server through such a proxy. The interaction here is actually working with the server to handle HTTP request, for example, those events in the ASP, authentication, authorization, caching, and so on, originally we were through a custom HTTP module, Get the HttpContext object containing the request and response, and handle it. And now all we can get is a dictionary.

But don't underestimate this dictionary, all of our information such as application state, request State,server State, and so on all exist in this data structure. This dictionary will be passed in the Owin processing request pipeline, yes, after Owin, we are no longer dealing with ASP. NET, but the pipeline is Owin, but this pipeline is more flexible and open than the ASP.

This dictionary can be used to add or change data in any of the components of the Owin pipeline when it is transferred. The Owin default defines the following data for us:

MVC 5 Default start Up configuration class

VS, in addition to referencing Owin related DLLs for us, and removing formsauthenticationmodule, we added a Startup.Auth.cs file to the App_start folder.

startup{configureauth (iappbuilder app) {//configure middleware Widgets app. Usecookieauthentication (new PathString ("/account/login"), Cookiesecure = Cookiesecureoption.never,});}} 

Usecookieauthentication is a iappbuilder extension method, defined in Microsoft.Owin.Security.Cookies.dll.

CookieAuthenticationExtensions.cs

Static Iappbuilder usecookieauthentication (options) {null) {new ArgumentNullException (options); App. Usestagemarker (pipelinestage.authenticate); return app;}    

With this data, we don't need to and. NET, such as HttpContextBase in ASP., and Httprequestmessage and Httpresponsemessage in the Web API. We don't have to think about system.web this DLL, we just have to get the information we want through owin and do what we want to do. Owin, however, does not have any relationship with the Web server or IIS itself.

Owin claims-based Authentication Login Implementation