I have an app that uses my own membership system. It uses ASP.NET MVC 3 which I'm updating to ASP.NET MVC 5. It's not possible to change the membership to use a new one like ASP.NET Identity. But, for the authentication side, do you think it is a good idea to replace my auth-ticket system with OWIN.Security? Are there any traps that I should know about?
Asked
Active
Viewed 307 times
1
amiry jd
- 27,021
- 30
- 116
- 215
2 Answers
4
The Katana security middleware is independent from ASP.NET Identity. You can use them both or just one.
Brock Allen
- 7,385
- 19
- 24
-
+BrockAllen thanks to help. It's nice to hear this from you. I read all your blog posts about identity and owin; You're good :D Asking this question was about knowing about any dark side or traps, which it seems there isn't any. Thanks again. – amiry jd May 26 '14 at 05:50
1
There are some cases where it makes very good sense to use just the Owin/Katana middleware, but not involve aspnet identity.
I just rolled up a prototype webforms application using OpenID Connect against an Azure Domain. My domain is Federated with an on-prem ADFS. By the time I got OpenID Connect and the GraphAPI working, I realized that I didn't really need much from aspnet identity.
I use the GraphAPI to grab extra info about the user and their group memberships, and I am adding that info as claims on the user principal... my site's code can operate against just the information in the claims.
Of course, if you want to do any custom profile or role stuff in your application, it probably makes sense to link it to aspnet identity too.. create an aspnet identity user when a new user authenticates, map that user's AD groups to roles, etc. Then you can manage application specific data for the user directly in the application via aspnet identity, while relying on Azure AD for the core authentication, basic profile, and group/role assignments.
Stephen M. Redd
- 5,378
- 1
- 24
- 32