The OWIN OpenID Connect Middleware
This chapter from Modern Authentication with Azure Active Directory for Web Applications, by Vittorio Bertocci, focuses on the OpenID Connect middleware and supporting classes. These are the cornerstones of ASP.NET’s support for web sign-on.
As you saw in Chapter 5, “Getting started with web sign-on and Active Directory,” in the most common case, the OpenID Connect middleware requires very few parameters to enable web sign-on. Beneath that simple surface, however, are knobs for practically anything you want to control: protocol parameters, initialization strategies, token validation, message processing, and so on. This chapter will reveal the various layers of the object model for you, showing how you can fine-tune the authentication process to meet your needs.
OWIN and Katana
When I wrote Programming Windows Identity Foundation (Microsoft Press) in 2009, I didn’t have to spend much time explaining HttpModule, the well-established ASP.NET extensibility technology on which WIF was built. This time around, however, I cannot afford the luxury of assuming that you are already familiar with OWIN and its implementation in ASP.NET—this is the foundational technology of the new generation of authentication libraries.
OWIN is a stable standard at this point, but its implementations are still relatively new technologies. You can find plenty of information online, but the details are rapidly changing (as I write, ASP.NET vNext is in the process of renaming lots of classes and properties), and you need to have a solid understanding of the pipeline and model underlying the identity functionality.
In this section I provide a quick tour of OWIN (as implemented in Katana 3.0.1) and the features that are especially relevant for the scenarios I’ve described throughout the book. For more details, you can refer to the online documentation from the ASP.NET team.