Question: Can we simply hook into the OWIN pipeline to set and retrieve the security authentication ticket (cookie)?
I'm searching for the best approach to roll our own security/membership for an MVC 5 application. I have no issue with registration, sign-in, password change, two factor, password recovery etc. My concern is the pipeline.
Project: The project is a multi-tenant SaaS application that requires many changes to the the Identity framework. We are exploring writing our own, which we have done for many projects in the past.
We do not make use of claims or outside providers such as Google or Twitter for authentication, all accounts are local db role based accounts. The project does not use EF.
We explored creating our own store for Identity, however, by the time it's fully implemented, there were too many areas of concern and it felt as though though the User Manager was simply in the way. Code was starting to bloat beyond a level of what is needed to role our own.
Passwords are created, managed, and stored securely and are not of concern for this question.
We are using our custom authentication mechanism wired in the OWIN pipeline. We are using our own custom middleware into the owin pipeline and thus will enable the authentication to happen
The only process that needs to be done is your middleware should validate the identity and the cookie authentication middle ware in the pipeline will set the cookie based on the established identity.
The way this will be working is the ordering of the middlewares and the use of the AuthenticationManager in the Owin authentication pipeline.
We too are using social logins like Google, Facebook etc that co-exist with our own custom authentication provider middleware, we also use JWT middleware for implicit flow authentication.
Long answer short is : Yes
More details : based on your further post on the exact details that need to be attended to.