The Authorization Area of the Owin Framework
This area of the Owin Framework is concerned with restricting access to your
website or web services. The way this works is as follows:
-
You must add middleware to the Owin pipeline that implements IMiddleware<IIdentity>.
This middleware will identify the caller and add an instance of IIdentity to the request
context. There are a few useful implemntations for this in the Owin Framework or you can write an implementation
that is specific to your needs.
-
You must add middleware to the Owin pipeline that implements IMiddleware<IAuthorization>.
This middleware will use the IIdentity instance in the request context to identify the caller,
check this identities permissions and return a 403 response if the user is not permitted. You will most often use the
standard Owin Framework implementation, but you can easily write your own as well.
-
You must register an impementation of IIdentityData with the IoC container.
This will be used to get the permissions associated with the caller's identity. The Owin Framework contains
an implementation of this that uses the Prius ORM to store identity data in a relational database. You can also
write your own implementation if you want custom behavior.
-
Middleware that is downstream of Authorization must specify the permission required to execute this request. The
Authorization middleware will use this permission to allow or deny the request. Standard Owin Framework middleware
such as the Static Files middleware can be configured with a required permission. The Pages middleware allows permissions
to be defined on each page and each service endpoint. If you write your own middleware you need to get an instance of
IUpstreamAuthorization during the routing phase or request processing and specify the required
permission for the request. Your code does not have to do anything other than set the name of the required permission,
everything else will be handled by the other components mentioned above.
-
You can optionally include the Owin Framework standard authorization UI middleware. This middleware will display
a user interface inside a <div> element on a page of your website. This UI allows
authorized users to manage users, groups, roles and permissions.
Further reading
The Authorization repository
Related Projects