Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Require Authentication for all requests to an OWIN application

I am working with a self-hosted OWIN application and am trying to figure out how to require authentication/authorization for all requests (or arbitrary requests).

Some of the individual components in the pipeline have their own Authorization facilities (ex. WebAPI, SignalR, Nancy) but that seems somewhat redundant when I want to restrict everything. Additionally, some middle-ware does not have authorization support (ex. Microsoft.Owin.StaticFiles).

If my OWIN Startup looks something like this:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.RequireSsl();

        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        //...
        app.UseGoogleAuthentication();

        // ** Need to add something that restricts access **

        app.UseDirectoryBrowser();
    }
}   

How do I require the user have authenticated (redirecting if necessary) before serving the directory browser? (The directory browser could arbitrarily be other OWIN components.)

like image 718
vossad01 Avatar asked May 07 '14 17:05

vossad01


People also ask

What is OWIN based authentication?

OWIN (Open Web Interface for . NET) is a standard for an interface between . NET Web applications and Web servers. It is a community-owned open-source project. The OAuth authorization framework enables a third-party application to obtain limited access to a HTTP service.

What is OWIN authentication in MVC?

A new security design for MVC,Owin Authentication middleware,is recommended for higher security. The security features can be shared by other components which are hosted on OWIN. OWIN provides the underlying set of components to asp.net applications to enable, then to be flexible,portable,and lightweight.

What is Microsoft OWIN security?

Microsoft.Owin.Security.Cookies. Middleware that enables an application to use cookie based authentication, similar to ASP. NET's forms authentication.


Video Answer


1 Answers

Put this between your auth middleware and the components you want to protect. It will check to ensure that each request is authenticated.

        app.Use(async (context, next) =>
        {
            var user = context.Authentication.User;
            if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
            {
                context.Authentication.Challenge();
                return;
            }
            await next();
        });
like image 185
Tratcher Avatar answered Nov 10 '22 18:11

Tratcher