21

I'm reading around articles and checking exmaples and I see Owin Middlewares are used the same as WebAPI DelegatingHandler: logging incoming requests, validating headers and so on.

My only understanding is that Owin Middleware comes before DelegatingHandlers in the pipeline. So if you create an Owin middleware for let's say Authorization of users, you're able to deny a forbidden request faster, at a lower level.

Is there any difference in the two, or any advantages/disadvantages using either of them?

Dan Dinu
  • 32,492
  • 24
  • 78
  • 114
  • This is an excellent question that should elicit some very helpful answers on a subject that Microsoft and other online sources have failed to clarify. "There are either too many possible answers, or good answers would be too long for this format" is absolutely not the case here. Please reopen. – Todd Menier Feb 14 '17 at 15:22

4 Answers4

8

I'm also researching this to find out what differences are. I can come up with some idea that may help you. I think about the purpose they are the same, not so much different. But DelegatingHandler is old mechanism compare to owin Owin middlewares:

  1. The purpose of this is separating the server and the application. By doing this, you can inject a lot of modules to your pipeline(that is called owinmiddleware).
  2. By doing this, you can intercept the request at very early stage of httprequest before HttpMessageHandler of web api can process it. For example. you can read the data for initializing dependency before http controller is created.
  3. By doing modules, you can reuse the middleware that asp.net core is focusing.

DelegatingHandler:

  1. It is a part of web api. At this level, we have HttpRequestMessage, HttpResponseMessage, so we can easily manipulate with those rather than owin middleware( for example you can read the data from request message body without worrying we did something that is effecting the message)

  2. By doing that, actually, you are strongly depend on web api pipeline. I'm not saying that you can not reuse it in the furture but it may be happened.

Hope it gives you helpful information about that.

Thanks,

tlp
  • 129
  • 2
  • 5
  • This is good answer. From what I gathered from different online sources, video conferences, etc it looks that when _ASP.NET Web API_ was released there was no _Owin_. So _ASP.NET Web API_ introduced their own way of writing cross-cutting middleware. But during that time other framework arise, like _SignalR_ also from Microsoft. And now there was a problem, because we want to use these two different framework together, plus add some cross cutting functionality like authorization. Owin came from open source community and was adapted by _ASP.NET Web API_ in v2 and _SignalR_ also adapted in v2... – Mariusz Pawelski Feb 05 '21 at 18:34
  • ...So now you can use libraries written as Owin middlewares in both frameworks. [Here](https://channel9.msdn.com/Events/MVP-Virtual-Conference/MVP-Virtual-Conference-Americas-2015/Dev2-A-Brief-History-of-OWIN) is nice summary of history of _Owin_ for those interested ;) – Mariusz Pawelski Feb 05 '21 at 18:34
2

one of differences between owin middle ware and web API delegating handler is that by delegating handler you can write custom message handler for specific route.

Reza Javadi
  • 39
  • 8
  • This is far from being a complete answer. What are the other differences? Please elaborate. – Maciej Jureczko Oct 23 '17 at 09:27
  • Not true, because you can call specific middleware based on any criteria you can imagine on the incoming request (not only per route) by using methods as such Map, MapWhen, UseWhen. This mechanism is called middleware branching. https://learn.microsoft.com/fr-fr/aspnet/core/fundamentals/middleware/?view=aspnetcore-2.2 – Otman IGHOULASSEN May 23 '19 at 20:05
0

I was learning about authentication with OWIN middleware recently from this blog post.

This is what it says:

Advantage of using an OWIN middleware is that the identity established in the middleware can be shared by all the frameworks used in your application. For example, if you are using two frameworks, say ASP.NET Web API and SignalR, the identity established in an OWIN middleware will apply to both the frameworks. If you use message handler, the identity will be applicable only to ASP.NET Web API.

Check out this stackoverflow answer too.

Prachi Sharma
  • 331
  • 1
  • 5
  • 14
-1

Owin middleware implicitly performs certain authentication operations depending on the type of authentication you have set on the IAppBuilder. eg:

  1. Reads the bearer Jwt token from the request header.
  2. Validates the signing certificate of a Jwt token with the issuer.
  3. Checks the Jwt token start and end times
  4. Performs additional validations set in the TokenValidationParameters.
  5. Sets the identity 'ClaimsPrincipal' for the context of the request

API delegation handlers give the entire control to you. All the checks above will need to be manually implemented in one or a chain of handlers.

Mandar Sudame
  • 187
  • 2
  • 7