Secure Account Activation with ASP.NET Identity

Distribution of credentials to new users of a system is often done in an insecure way, with passwords being sent over unsecure e-mail. With ASP.NET Identity, the password recovery functionality can be used to create a secure account activation mechanism. The scenario for ASP.NET Identity, in the default MVC template is to let users self… Continue reading Secure Account Activation with ASP.NET Identity

Catching the System.Web/Owin Cookie Monster

Cookies set through the Owin API sometimes mysteriously disappear. The problem is that deep within System.Web, there has been a cookie monster sleeping since the dawn of time (well, at least since .NET and System.Web was released). The monster has been sleeping for all this time, but now, with the new times arriving with Owin,… Continue reading Catching the System.Web/Owin Cookie Monster

Using Owin External Login without ASP.NET Identity

ASP.NET MVC5 has excellent support for external social login providers (Google, Facebook, Twitter) integrating with the ASP.NET Identity system. But what if we want to use external logins directly without going through ASP.NET Identity? Using external logins together with ASP.NET Identity is very simple to get started with, but it requires all users to register… Continue reading Using Owin External Login without ASP.NET Identity

Writing an Owin Authentication Middleware

Owin and Katana offers a flexible pipeline for external authentication with existing providers for authentication by Google, Facebook, Twitter and more. It is also possible to write your own custom authentication provider and get full integration with the Owin external authentication pipeline and ASP.NET Identity. Anatomy of an Owin Authentication Middleware For this post I’ve… Continue reading Writing an Owin Authentication Middleware

Understanding the Owin External Authentication Pipeline

Owin makes it easy to inject new middleware into the processing pipeline. This can be leveraged to inject breakpoints in the pipeline, to inspect the state of the Owin context during authentication. When creating a new MVC 5.1 project a Startup.Auth.cs file is added to the project that configures the Owin pipeline with authentication middleware.… Continue reading Understanding the Owin External Authentication Pipeline