ASP .NET 5 (MVC6) External Forms Authentication

Question

I'm currently investigating an elegant solution to this problem, but I wanted to get this question out here in order to get any advice/suggestions/answers to this problem.

I am working with an authentication system (forms authentication) that the client uses for authentication.

Current Steps:

1. Redirect to URL for forms authentication.
2. Enter Username/Password
3. Get back form data. Specifically: Context.Request.Form["Token"]

I am able to perform all of these steps. I am trying to think of the right path to get the middleware to take care of this problem. I'm currently wondering if I could simply use the Microsoft.AspNet.Authentication.Cookies to solve this problem. With this approach, I would implement my own ICookieManager to look at the Form data.

Advice/Suggestions/Answers?

Thank you in advance!

Answer 1

I came up with my own answer to this question, so I wanted to share.

As I said, I am working with a forms authentication system. Part of the forms data is a 'Token' value. My solution involved two parts:

1. I created a middleware component to intercept form data, look for a 'Token' value in the forms data, and write that to a cookie.

2. I used Microsoft's Cookie authentication middleware implementation, but I had to override one of the options, TicketDataFormat. Their implementation expects a serialized/encrypted ClaimsIdentity. My token was not that, so I had to implement my own thing to create a ClaimsIdentity based off the token.

I'll be happy to share more detail if anyone is interested, but that is the jist of my solution.

Answer 2

I don't have a specific advice for you.

However now it's available quite good official documentation: ASP.NET 5 Security

There you can find more information, including Authentication in ASP.NET 5

I hope it will help you.