In my previous post, "ASP.NET MVC 5 Authentication Breakdown", I broke down all the parts of the new ASP.NET MVC authentication scheme. That's great, but I didn't have a working example that you, a curious developer, could download and play around with. So I set out today to figure out what the bare minimum code needed was. Fiddling around, I was able to get OWIN powered authentication into an ASP.NET MVC app. Follow this guid to get it into your application as well.

No fluff, just the real stuff

TL;DR go to https://github.com/khalidabuhakmeh/SimplestAuthMvc5 to clone the code.

NuGet Packages

You will need the following packages from NuGet in your presumably empty ASP.NET MVC project.

  1. Microsoft.AspNet.Identity.Core
  2. Microsoft.AspNet.Identity.Owin
  3. ASP.NET MVC 5
  4. Microsoft.Owin.Host.SystemWeb
  5. Microsoft.Owin.Security
  6. Microsoft.Owin.Security.Cookies
  7. Microsoft.Owin.Security.OAuth
  8. Owin

Notice how the majority of them center around Owin.

Start Up Classes

OWIN follows of a convention of needing a class called StartUp in your application. I followed the standard pattern of using a partial class found in the default ASP.NET MVC 5 bloated template.

Here is the main code file:

using Microsoft.Owin;
using Owin; [assembly: OwinStartup(typeof(SimplestAuth.Startup))] namespace SimplestAuth
{
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuthentication(app);
}
}
}

Followed by the implementation of the ConfigureAuthentication method:

    public partial class Startup
{
public void ConfigureAuthentication(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login")
});
}
}

Web.Config settings

OWIN doesn't use the standard forms authentication that I've grown to love, it implements something completely different. For that reason, I have to remember this snippet of config.

<system.web>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
</modules>
</system.webServer>

The FormsAuthenticationModule is removed, and additionally the authentication mode is set to None. Although, I know the site will have authentication; that authentication will be handled by OWIN.

Authentication Controller

Now it's business time! Now we just need a controller to authentication and create the cookie for authentication. We'll also implement log out, because sometimes our users want to leave (not sure why though :P).

Note: I'm using AttributeRouting here. Giving it a try, but I love Restful Routing.

public class AuthenticationController : Controller
{
IAuthenticationManager Authentication
{
get { return HttpContext.GetOwinContext().Authentication; }
} [GET("login")]
public ActionResult Show()
{
return View();
} [POST("login")]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel input)
{
if (ModelState.IsValid)
{
if (input.HasValidUsernameAndPassword)
{
var identity = new ClaimsIdentity(new [] {
new Claim(ClaimTypes.Name, input.Username),
},
DefaultAuthenticationTypes.ApplicationCookie,
ClaimTypes.Name, ClaimTypes.Role); // if you want roles, just add as many as you want here (for loop maybe?)
identity.AddClaim(new Claim(ClaimTypes.Role, "guest"));
// tell OWIN the identity provider, optional
// identity.AddClaim(new Claim(IdentityProvider, "Simplest Auth")); Authentication.SignIn(new AuthenticationProperties
{
IsPersistent = input.RememberMe
}, identity); return RedirectToAction("index", "home");
}
} return View("show", input);
} [GET("logout")]
public ActionResult Logout()
{
Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
return RedirectToAction("login");
}
}

I'll leave out the implementation of the views, because it is pretty standard Razor syntax. The thing to take note in the code above is the creation of a ClaimsIdentity. All yourcode needs to do is generate this class, and it doesn't matter from where: Database, Active Directory, Web Service, etc. The rest of the code above is really just boilerplate. You'll just need to use the AuthenticationManager from the OWIN context to SignInand SignOut.

Conclusion

There you have it. A basic breakdown of what you need to do to get OWIN authentication in your ASP.NET MVC applications without the craziness that comes standard in the Visual Studio templates. The standard templates in Visual Studio force you to use Entity Framework and has a lot of ceremony for what is essentially a really simple solution. So do yourself a favor and dump that mess and just implement something that makes more sense for you and your team.

Update

A reader ran into a nasty redirect issue in his production environment after deploying. This was a simple IIS Setup issue. If you are experiencing the same issue, please do the following in your IIS environment:

  • Disable Windows Authentication Module
  • Disable Forms Authentication Module (should have already)
  • Enable Anonymous Authentication Module

Having multiple authentication methods on can lead to very strange behaviors. Good luck and I'd love to hear how your projects are going. I also recommend you read one of my later posts on securely storing passwords.

ASP.NET MVC 5 Authentication Breakdown的更多相关文章

  1. 【记录】ASP.NET MVC 4/5 Authentication 身份验证无效

    在 ASP.NET MVC 4/5 应用程序发布的时候,遇到一个问题,在本应用程序中进行身份验证是可以,但不能和其他"二级域名"共享,在其他应用程序身份验证,不能和本应用程序共享, ...

  2. Forms Authentication in ASP.NET MVC 4

    原文:Forms Authentication in ASP.NET MVC 4 Contents: Introduction Implement a custom membership provid ...

  3. [转]Implementing User Authentication in ASP.NET MVC 6

    本文转自:http://www.dotnetcurry.com/aspnet-mvc/1229/user-authentication-aspnet-mvc-6-identity In this ar ...

  4. ASP.NET MVC:Form Authentication 相关的学习资源

    看完此图就懂了 看完下面文章必须精通 Form authentication and authorization in ASP.NET Explained: Forms Authentication ...

  5. ASP.NET MVC with Entity Framework and CSS一书翻译系列文章之目录导航

    ASP.NET MVC with Entity Framework and CSS是2016年出版的一本比较新的.关于ASP.NET MVC.EF以及CSS技术的图书,我将尝试着翻译本书以供日后查阅. ...

  6. 【第三篇】ASP.NET MVC快速入门之安全策略(MVC5+EF6)

    目录 [第一篇]ASP.NET MVC快速入门之数据库操作(MVC5+EF6) [第二篇]ASP.NET MVC快速入门之数据注解(MVC5+EF6) [第三篇]ASP.NET MVC快速入门之安全策 ...

  7. ASP.NET MVC View 和 Web API 的基本权限验证

    ASP.NET MVC 5.0已经发布一段时间了,适应了一段时间,准备把原来的MVC项目重构了一遍,先把基本权限验证这块记录一下. 环境:Windows 7 Professional SP1 + Mi ...

  8. ASP.NET MVC项目演练:用户登录

    ASP.NET MVC 基础入门 http://www.cnblogs.com/liunlls/p/aspnetmvc_gettingstarted.html 设置默认启动页面 public clas ...

  9. asp.net mvc 各版本区别

    MVC 6 ASP.NET MVC and Web API has been merged in to one. Dependency injection is inbuilt and part of ...

随机推荐

  1. no.1 voice

    1. import win32com.client text="hello world" speaker = win32com.client.Dispatch("SAPI ...

  2. Linux mail 查看

    Linux 下查看mail的命令参数: 一般系统收到邮件都会保存在“/var/spool/mail/[linux username]"文件中,在Linux中输入mail,就进入了收件箱,并显 ...

  3. 第一个VS2015 Xaramin Android项目

    20170323新增:VS环境配置 打开VS,菜单栏选工具(Tools) 选项\ 一般有2个地方需要修改 1 2 新建第一个项目,什么都没有修改的情况下(已经配置好环境变量)直接运行,会发现如下错误: ...

  4. 【Git】 GitLab配置优化及汉化

    GitLab配置 1.修改GitLab绑定的域名 a.修改/etc/gitlab/gitlab.rb配置文件,修改成自己的域名 external_url 'http://gitlab.example. ...

  5. 别人的Linux私房菜(4)安装CentOS7

    linux磁盘分区参考: 添加磁盘分区(总30G). BIOS boot 2MB 系统自定义文件系统 分区格式为主要分区 /boot 1GB  文件系统为xfs  主要分区 / 10GB 文件系统为x ...

  6. Java 浮点数相加

    刚刚遇到个需求,需要对金额求和,上线的时候才知道这时个,这个字段是个小数. 随手就改了个Double ,然后,跑下,没啥问题,直接上线了 然后,就fuck 了 加出一大堆的小数,大概是这样的 pack ...

  7. ubuntu下签名命令

    Platform: RockchipOS: Android 6.0Kernel: 3.10.92 拷贝签名文件/signapk.jar和apk到同一目录下. 签名文件:rk3288/build/tar ...

  8. str相关操作

    大小写转换:*——记住 * upper() 全大写 title() 首字母大写(只要是不属于英文字母的都是分隔符) 切来切去: center(10,'*') 强行用*在原字符串左右两端拼接,拼接成十个 ...

  9. eclipse怎么删除多余的tomcat server(2)

    首先你的Server要是可用状态,就是说当前这个tomcat处于可用状态才能点击那个Create Launch Configuration

  10. k8s docker集群搭建

    一.Kubernetes系列之介绍篇   •Kubernetes介绍 1.背景介绍 云计算飞速发展 - IaaS - PaaS - SaaS Docker技术突飞猛进 - 一次构建,到处运行 - 容器 ...