Search code examples
c#asp.netasp.net-web-apikatana

OWIN/Katana & BasicAuthentication


I am trying to achieve a simple task: Secure my ASP.NET WEBAPI (built on top of Katana) with BASIC Auth. I know I could implement my own middleware or message handler or whatever. However I'm wondering if such a simple task is not already implemented? I found multiple samples on the web that shows how simple it should be. But all of these samples refer to a nuget package named microsoft.owin.security.basic which I can not find anywhere!? Can you help me?


Solution

  • First of all you should consider NOT doing basic authentication directly - but rather use the OAuth2 authorization server approach - read this first:

    http://leastprivilege.com/2013/11/13/authorization-servers-are-good-for-you-and-your-web-apis/

    http://leastprivilege.com/2013/11/13/embedding-a-simple-usernamepassword-authorization-server-in-web-api-v2/

    If you still want to do basic auth - then in this repo you will find an implementation for Katana:

    https://github.com/thinktecture/Thinktecture.IdentityModel/tree/master/source/Thinktecture.IdentityModel.Owin

    nuget: Thinktecture.IdentityModel.Owin