Adding AD authentication to OWIN Server Middleware pipeline

0
votes

I have inherited a project that has been developed using OWIN, Server Middleware that manages a kind-of WebApi in order to communicate with mobile devices using ApiKeys. The Server side has a small web interface (which really is a set of test pages) but did not have authentication added. I am trying to wrap my head around the different frameworks being used and the ways one can authenticate around these OWIN techniques.

Let me show what I have first:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        log.Info("RT Server app starting up ...");
        // Initialize the ApiKey Needed for ApiClient Library
        ApiClient.ApiKey = Globals.ApiKey;
        // Initialize the Services Library
        Services.Startup.Initialize();//creates a configuration map of values for devices
        // Setup Server Middleware
        app.Use(typeof(ServerMiddleware), "RTrak.Server", "RTrak.Server");
        app.Use(typeof(ServerMiddleware), "RTrak.Server.Pages", "RTrak.Server");
         // HttpListener listener =   (HttpListener)app.Properties["System.Net.HttpListener"];//throws an KeyNotFoundException
         // listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
        //ConfigureAuth(app)
    }

    public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = MyAuthentication.ApplicationCookie,
            LoginPath = new PathString("/Login"),
            Provider = new CookieAuthenticationProvider(),
            CookieName = "RTrakCookie",
            CookieHttpOnly = true,
            ExpireTimeSpan = TimeSpan.FromHours(12), // ...
        });
    }

the ServerMiddleware 

   public ServerMiddleware(OwinMiddleware next, string baseNamespace, string defaultClass) : base(next)
    {
        BaseNamespace = baseNamespace;
        DefaultClass = defaultClass;
    }

    public override async Task Invoke(IOwinContext owinContext)
    {
        var absolutePath = owinContext.Request.Uri.AbsolutePath;
        string serverNamespace = BaseNamespace;

        Type type;
        string classToLoad = "";

        if (absolutePath == "/")
            classToLoad = DefaultClass;
        else
        {
            classToLoad = absolutePath.Substring(1).Replace('/', '.');
            if (classToLoad.EndsWith("."))
                classToLoad = classToLoad.Substring(0, classToLoad.Length - 1);
        }
        type = Type.GetType($"{serverNamespace}.{classToLoad}, {serverNamespace}", false, true);

        if (type == null)
        {
            classToLoad += ".Default";
            type = Type.GetType($"{serverNamespace}.{classToLoad}, {serverNamespace}", false, true);
        }

        if (type != null)
        {
            try
            {
                object objService = Activator.CreateInstance(type);
                ((Resource)objService).Execute(owinContext);
            }
            catch (System.MissingMethodException)
            {
                //"403 INVALID URL");
            }
        }
        else
            await Next.Invoke(owinContext);
    }
}

That ServerMiddleware is first calling Default Pages class that is HTML markup which links to the other test Pages

enter image description here

A thought was to add an MVC LoginController with AdAuthenticationService managing cookies Model to manage login that is configured as part of the Startup noted in the line ConfigAuth(app), but the middleware is ignoring the controller. Is MVC appropriate here?

then, I am looking at this ServerMiddleware and trying to understand how to intercept the Default page browser call with ActiveDirectory authentication.

I know that I may be overlooking something. Many thanks for anything (suggestions or resources) you can offer to help clear up this confusion for me.

1
asp.netauthenticationowin

1 Answers

0
votes

What I did to resolve this was to leave the OWIN Middleware objects alone except for Startup.cs had to define CookieAuthentication route 

        app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
        {
            AuthenticationType = "ApplicationCookie",
            LoginPath = new Microsoft.Owin.PathString("/Auth/Login")
        });

      app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

for the pages that were built as OWIN Resources. These OWIN Resource "Pages" then check 

                if (!this.Context.Authentication.User.Identity.IsAuthenticated)

I then implement an MVC controller that uses the AdAuthenticationService as above and UserManager to manage the AD credentials and Identity where the OWIN resource redirects to the MVC view+controller for authentication. That controller handles the login page actions. Upon authentication, the MVC redirects to the OWIN resource pages.

Thus, OWIN Middleware and MVC can live side-by-side so long as OWIN does not try to define the routes that MVC wants to use. Owin can maintain its own authentication as well.