OWIN-based Authentication / Claims Support

Topics: Core
Apr 6, 2014 at 3:15 PM
Firstly--GREAT JOB on the smooth release of 1.8! FLAWLESS installation.

I'd like to see if I could get some guidance on the best integration points for a general OWIN-based Core Module to support authentication using Windows (if internal) and federated or OpenID support (e.g., Facebook, Twitter, LinkedIn). I can see from your framework that this should be a huge task, I just want to make sure I don't "break the framework" and make it hard for future upgrades. My guess is that this has already been considered and you have a strawman approach for this solution...

Thanks for your valuable time,
BK
Developer
Apr 6, 2014 at 6:31 PM
OWIN integration is currently on a branch - though has some failing unit tests. It is one of the things on the list for consideration for 1.9.

As the author of the NGM.OpenAuthentication module ( https://github.com/Jetski5822/NGM.OpenAuthentication ) once OWIN is supported, this module will be upgraded with the required middleware to make what you mentioned possible.

If you have time to look at this, maybe you could try and make those tests pass, and upgrade the module?
Coordinator
Apr 6, 2014 at 6:37 PM
There is a branch named feature/owin that you can use. It works, but it currently breaks some unit tests so we haven't shipped it yet.
I also have a local version of Identity working. You will need to reapply the changes manually as I assume they would conflict with the current code base. It's also multi-tenant, each tenant getting its own pipeline in the end. The fork contains a module with a sample middleware that you can enable/disable per tenant. The last middleware of the chain is Orchard/MVC.

The story of this feature is that I was tasked (inside Microsoft) to test the Identity libraries before they were public. Because it relies on Owin I needed to make it work first, and it was easier with the help of Louis Dejardin who is not only the inventor of Owin, architect of Claim based auth in Identity libraries and also primary architect of Orchard ;) I will try to share this branch too, because there is no way you could make that work, or you are a freaking genius with paranormal senses ;) as it required deep knowledge of the identity stack to know where to find magic strings!

In the end, with both owin and identity integration I was able to authenticate using forms auth and also google. The users/role management was left to Orchard as we already have everything needed. The goal would be to replace the current auth stack with AspNet.Identity, and also integrate open auth shapes so that users can customize how it's integrated.