0

Given a scenario where a web hosted IdentityServer3 only handles authorization, being user authentication handled by an external custom service, what is required to implement to support this? A custom OWIN middleware?

vvolkgang
  • 471
  • 8
  • 26

1 Answers1

1

Either connect to your "external custom service" form within your IUserService (idsrv specific) - or treat it as an external identity provider. In that case you need to write a Katana authentication middleware for it (reusable Katana component).

For the UserService check the IdentityServer docs. For Katana authentication middleware - not sure if there is official documentation for that - I covered that briefly it in my Web API security course.

http://www.pluralsight.com/courses/webapi-v2-security

leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • Why would you choose one or the other? Could you enhance your answer with this information and implementation guides for both? – vvolkgang May 21 '15 at 10:05
  • 1
    posted a new question based on your answer [here](http://stackoverflow.com/questions/30485401/substitute-identityserver3-login-system) – vvolkgang May 27 '15 at 15:04