Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Require Authentication for all requests to an OWIN application

Tags:

c#

.net

authentication

asp.net

owin

I am working with a self-hosted OWIN application and am trying to figure out how to require authentication/authorization for all requests (or arbitrary requests).

Some of the individual components in the pipeline have their own Authorization facilities (ex. WebAPI, SignalR, Nancy) but that seems somewhat redundant when I want to restrict everything. Additionally, some middle-ware does not have authorization support (ex. Microsoft.Owin.StaticFiles).

If my OWIN Startup looks something like this:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.RequireSsl();

        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        //...
        app.UseGoogleAuthentication();

        // ** Need to add something that restricts access **

        app.UseDirectoryBrowser();
    }
}

How do I require the user have authenticated (redirecting if necessary) before serving the directory browser? (The directory browser could arbitrarily be other OWIN components.)

like image 718
vossad01 Avatar asked May 07 '14 17:05

vossad01

People also ask

What is OWIN based authentication?

OWIN (Open Web Interface for . NET) is a standard for an interface between . NET Web applications and Web servers. It is a community-owned open-source project. The OAuth authorization framework enables a third-party application to obtain limited access to a HTTP service.

What is OWIN authentication in MVC?

A new security design for MVC,Owin Authentication middleware,is recommended for higher security. The security features can be shared by other components which are hosted on OWIN. OWIN provides the underlying set of components to asp.net applications to enable, then to be flexible,portable,and lightweight.

What is Microsoft OWIN security?

Microsoft.Owin.Security.Cookies. Middleware that enables an application to use cookie based authentication, similar to ASP. NET's forms authentication.

Video Answer

1 Answers

Put this between your auth middleware and the components you want to protect. It will check to ensure that each request is authenticated.

        app.Use(async (context, next) =>
        {
            var user = context.Authentication.User;
            if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
            {
                context.Authentication.Challenge();
                return;
            }
            await next();
        });
like image 185
Tratcher Avatar answered Nov 10 '22 18:11

Tratcher
Sign in to Comment

Related questions

To fetch the unique characters from a string?
Handling session time out when ajax call to C# mvc controller not working
Why am I getting a "does not contain a constructor that takes 0 arguments" error? C#
Cross-thread operation not valid in Windows Forms
Binding a property from a class to XAML directly
UserControl inside ContentControl
XML reading child nodes
WCF client and server
Call System.IDisposable.Dispose on object 'emailForm' before all references to it are out of scope
Converting DateTime to SmallDateTime in c#
Google Analytics Api on Azure
Display Success message on the same page when submit
int.TryParse not working
Unity behavior for registering the same type twice and resolving only the singleton
Does the prefix "On" in the name of the C# methods imply anything?
Change slider bar color
C# String greater than or equal code string
C# typedef generics
ASP.NET button not firing on click event
concatenation of c#razor string with html string with trailing slash [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!