This is a demo application shows usage about OAuth in both server and client side, based on IdentityServer.
The demo is built on top of ASP.Net 4.5 (website, document and code).
Thanks to Visual Studio Community and Visual Studio Code, which the demo is coding with.
...
...
...
-
ASP.Net Web API -
-
ASP.Net Identity -
-
ASP.Net CORS -
...
...
I prefer not to binding with any exactly server or host environment, so OWIN and Katana is used in the demo. I suggest you to read this article, it clearly clearified the relationship between OWIN and Katana, also the motivation of Katana project.
Many components of Katana Project are used in the demo. For more information about Katana, check it's website, document and code.
Below is the main components used from OWIN/Katana stack:
-
Owin - OWIN IAppBuilder startup interface.
-
Microsoft.Owin - Provides a set of helper types and abstractions for simplifying the creation of OWIN components.
-
Microsoft.Owin.Diagnostics - Provides middleware components to assist in developing OWIN-based applications, i.e., IAppBuilder.UseWelcomePage() and IAppBuilder.UseErrorPage(). The UseWelcomePage extensions can be used to add a simple html page to your application to verify the site is up and running. The UseErrorPage extensions can be used to add an Exception filter to the request pipeline that will display exception and request details. Notice that the ErrorPage can only show exceptions that happen in the OWIN pipeline, if error occur in MVC or WebAPI routine, ErrorPage is not applicable.
-
Microsoft.Owin.Security - Common types which are shared by the various authentication middleware components.
-
Microsoft.Owin.Security.OAuth - Middleware that enables an application to support any standard OAuth 2.0 authentication workflow.
-
Microsoft.Owin.Security.Cookies - Middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.
-
Microsoft.Owin.Cors -
-
Microsoft.Owin.Hosting - Provides default infrastructure types for hosting and running OWIN-based applications.
-
Microsoft.Owin.Host.HttpListener - OWIN server built on the .NET Framework's HttpListener class. Currently the default server used for self-hosting. See NuGet.
-
Microsoft.Owin.SelfHost - Includes components needed to host an OWIN-based application in a custom process. It is NOT an actual component itself, but a combine package of Owin, Microsoft.Owin, Microsoft.Owin.Hosting, Microsoft.Owin.Host.HttpListener and Microsoft.Owin.Diagnostics, use it to make life easier.
-
OwinHost - Provides a stand-alone executable (OwinHost.exe) which can be used to host an OWIN-based application, use Microsoft.Owin.Host.HttpListener(below) internally. See NuGet.
Note: For other option of a webserver which hosts WebAPI as well, you can check KestrelHttpServer from ASP.Net.
Many part of this demo is followed by Taiseer Joudeh's great serials of articles, I strongly recommand you to read these:
- Token Based Authentication using ASP.NET Web API 2, Owin, and Identity
- AngularJS Token Authentication using ASP.NET Web API 2, Owin, and Identity
- Enable OAuth Refresh Tokens in AngularJS App using ASP .NET Web API 2, and Owin
- ASP.NET Web API 2 external logins with Facebook and Google in AngularJS app
- Decouple OWIN Authorization Server from Resource Server