OWIN 自定义认证服务

Question

I need to create a Single Page Application that support authentication. Our business already have a authentication service.

I just don't know where to start.

Scenario:

The user tries to access a protected method in a controller:

[Authorize]
public class MeController : Controller

Since he is not logged in, he's redirected to the login page:

 [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                //Call business authentication service
                if (GetClient().OpenSession(model.username, model.password))
                    // Set Cookie? Implement some Owin interfaces?
            }   
            // If we got this far, something failed, redisplay form
            return View(model);
        }

As you can see, this is under the opensession that I need to do something to create the cookie or...??

Also, since we would like to use Facebook and Google OWIN authentication, I thought I could implement my own OWIN classes?

In summary, the idea here is not to use SQL SERVER or any other database to store the users information. Just call our own service?

What to do?

Answer 1

Here's the link that you should get started with using OWIN for Authentication https://msdn.microsoft.com/en-us/magazine/dn745860.aspx

Before you get started get familiar with hwo OWIN works. Also beware that OWIN doesn't support cookie-less login but on the other hand it support Claims which is more than just a role provider.

There are pre-developed OAuth implementation of OWIN for Facebook, Google at Katana codeplex page. Also If you want to integrate more providers here 'sa github project that has developed almost all OAuth providers.

Good luck!!