Web API Authentication in ASP.NET 5

Question

I\'ve been studying ASP.NET 5 for some time now and there is something I\'m yet confused. To implement authentication in Web API 2 what I used to do was basically use the OW

Answer 1

I ran into the exact same issue when trying to use the OWIN OAuth Authorization Server middleware in ASP.NET 5, so I decided to port the code myself. You can find the source at this GitHub repo https://github.com/XacronDevelopment/oauth-aspnet or just use the NuGet packages OAuth.AspNet.AuthServer and OAuth.AspNet.Tokens. Check out the source code to see how things are wired up; the samples in the source are the same samples Microsoft created here http://bit.ly/1MOGDEJ except with ASP.NET 5 examples added.

Answer 2

Indeed, there'll be no OAuthAuthorizationServerMiddleware in ASP.NET 5.

If you're looking for the same low-level approach, you should take a look at AspNet.Security.OpenIdConnect.Server: it's an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3 but that targets OpenID Connect, as you already figured out ( OAuth Authorization Service in ASP.NET Core).

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server

OpenID Connect is itself based on OAuth2 and is basically a superset offering standardized authentication features. Don't worry: you can, of course, use ANY OAuth2 client with ANY OpenID Connect server, including AspNet.Security.OpenIdConnect.Server.

Don't miss the MVC 6 sample: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev/samples/Mvc

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    Audience = "http://localhost:54540/",
    Authority = "http://localhost:54540/"
});

app.UseOpenIdConnectServer(options =>
{
    options.Provider = new AuthorizationProvider();
});

Good luck, and don't hesitate to ping me if you need help.