Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OAuth in the new .NET world (OWIN)

7,403 views

Published on

Basic introduction to OAuth, and how it works in the new .net ecosystem, through OWIN and the Authentication Middleware

Published in: Technology
  • Does Microsoft.Owin.Security.OAuth support RFC 6749 completely? I am asking this I want to use the SSO with any oAuth compatible identity provider like ADFS, OPenAM and oracle identity.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

OAuth in the new .NET world (OWIN)

  1. 1. Emad Alashi • Senior Developer at Readify • ASP.NET/IIS MVP • www.DotNetArabi.com • www.EmadAshi.com • @emadashi 1
  2. 2. OAuth 2.0 & .NET Live with others 2
  3. 3. Pre-OAuth era (Yeah, History!) 3
  4. 4. Images data Resources email Username & password Username & password Etc. Username & password Username & password Username & password 4
  5. 5. Facebook Auth Flickr API Yahoo BBAuth Web Services Google AuthSub 5
  6. 6. 6
  7. 7. So how does it work? 7
  8. 8. Resource owner Authorization Server Authorization/Resources Server Client Resource Server 8
  9. 9. myPodcast.com 302 to fb.com/auth? data auth? clientID & scope & redirectUri=myPD.com/signin This app wants…are you sure? Yes please, allow myPD.com/signin? code & scope 302 to myPD.com/signin? data Welcome  fb.com/auth? clientId & code & redirectUri accessToken & tokenType & expires & refreshToken 11
  10. 10. OAuth in MVC 4 DotNetOpenAuth & OAuthWebSecurity 12
  11. 11. OAuth in MVC 5 OWIN 13
  12. 12. owin.org 14
  13. 13. OWIN (Open Web Interface for .NET) 15
  14. 14. OWIN with IIS 16
  15. 15. Middleware 1 Invoke(IOwinContext con) { DoINeedToAlterRequest? { } Middleware 2 Middleware 3 AllowSubsequentMiddleWares? { base.Next.Invoke(con); } NeedToAlterResponse? { } } 17
  16. 16. Authentication middleware 18
  17. 17. Authentication middleware Application Invoke ApplyResponseGrant AuthenticateCoreAsync ApplyResponseChallenge 19
  18. 18. Facebook example 20
  19. 19. Cookies middleware Facebook middleware Application Post: myPd.com/Account/Login(Facebook) 302 to Fb.com/oauth?redirectUri=signin-facebook ApplyResponseChallenge 302 to fb.com/oauth 401 (facebook) Get: myPd.com/signin-facebook?code=djlsjjce AuthenticateCoreAsync ---Create Idnetity 302 to Account/External 302 to myPD.com/Account/External Get: Account/External ApplyResponseGrant -----wrap claims in App ticket Create cookie SignInExternal ---Create Idnetity 21
  20. 20. Oauth Server mid. /auth?clientId&Response_Type /token?code=tyggyug redirectUri?token=uhuihuhkn aPage AuthHead: Bearer ygugjygj Invoke --validations Oauth Auth mid. signIn Application signIn ApplyResponseGrant AuthenticateCoreAsync 22
  21. 21. Microsoft.Owin.Security.Infrastructure AuthenticationMiddleware AuthenticationHandler • Constructor • CreateHandler • • • • AuthenticateCoreAsync InvokeAsync ApplyResponseGrantAsync ApplyResponseChallengeAsync 23
  22. 22. Authentication Middleware • Facebook • Google • Twitter • OAuth • Server • Authentication 24
  23. 23. Q&A Emad.ashi@gmail @EmadAshi 25

×