Authorize by ClaimIdentity by Owin

Authorize by ClaimIdentity by Owin

1. Package needed

• Owin
• Microsoft.Owin.Security.OAuth
• Microsoft.Owin.Security.Cookies
• Microsoft.Owin
• Microsoft.AspNet.WebApi.Owin

2. Startup.cs definition

[assembly:OwinStartup(typeof(GoldWebApi.App_Start.Startup))]
namespace GoldWebApi.App_Start
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
        }
    }
}

3. By using Cookie

• Add these function call in startup.cs

app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                CookieHttpOnly = false,
                CookieName = "Auth",
                ExpireTimeSpan = TimeSpan.FromMinutes(1)
            });

• Define this action webapi

 [HttpGet]
        public string Login(string userName,string passWord)
        {
            string realPassword = string.Empty;
            if(AccountDic.TryGetValue(userName,out realPassword))
            {
                if (passWord == realPassword)
                {
                    this.SignIn(HttpContext.Current.GetOwinContext().Authentication, this.CreateClaimIdentity(userName));
                    return "Authenticated";
                }
            }
            return "Deny";
        }

         private void SignIn(IAuthenticationManager authenticationManger, ClaimsIdentity identity)
        {
            authenticationManger.SignIn(new AuthenticationProperties()
            {
                ExpiresUtc = DateTime.UtcNow.AddMinutes(1),
                IsPersistent = true
            }, identity);
        }

        private ClaimsIdentity CreateClaimIdentity(string userName)
        {
            return new ClaimsIdentity(new List<Claim>() { new Claim(ClaimTypes.Name, userName) }, DefaultAuthenticationTypes.ApplicationCookie);
        }

4.By Token

• Add these call in startup.cs
  app.UseOAuthBearerAuthentication(GoldWebApi.Controllers.AccountController.OAuthBearerOptions);
• Add these definition in webapi

[HttpGet]
        public string LoginByTicket(string userName,string passWord)
        {
            string realPassword = string.Empty;
            if (AccountDic.TryGetValue(userName, out realPassword))
            {
                if (passWord == realPassword)
                {
                    return this.GenerateTicket(this.CreateClaimIdentity(userName));
                }
            }
            return "Deny";
        }

        private string GenerateTicket(ClaimsIdentity identity)
        {
            var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
            ticket.Properties.IssuedUtc = DateTime.Now;
            ticket.Properties.ExpiresUtc = DateTime.Now.AddMinutes(1);

            return OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
        }

5. By Basic Authentication

• package install: Thinktecture.IdentityModel.Owin.BasicAuthentication
• Add these in startup.cs

app.UseBasicAuthentication("localhost", ValidateUserCredential);

public Task<IEnumerable<Claim>> ValidateUserCredential(string userName, string passWord)
        {
            return Task.FromResult<IEnumerable<Claim>>(new List<Claim>() { new Claim(ClaimTypes.Name, userName) });
        }

Summary
For all those Authentication mode, we can use Authorize Attribute in our webapi controller/action to apply the Authentication/Authorization. Owin will take the infrustructure job for us.