OWIN and OAuth What are they and how to use them?

10

I'm looking at WebApi tutorials with authentication / authorization and I came across these two concepts, although explained in the tutorials the definitions are not clear.

Even if you search the web, the explanations in English are confusing (for me) and in Portuguese they did not help either.

    
asked by anonymous 25.07.2015 / 04:45

1 answer

13

The OWIN (Open Web Interface for. Net) is a solution to generalize application access to the host. Before it existed to run ASP.Net it needed IIS or it would have to modify its own ASP.Net components to use another host . IIS was a dependency, and worse, the components that communicate with IIS were heavy.

In the new .Net philosophy of having more open solutions it was necessary to create a standard way of communication between the application and the host , thus allowing the use of other hosts , including the application itself to take care of this, and communication can be made in a more flexible, lightweight, customized for each situation.

OWIN is precisely the specification of how this communication works. Some implementations of this specification are: Katana that allows the self-host application, the Helios that allows use with IIS.

You have a answer about your use here on the site.

OAuth is a standard as well, a specification of how applications should authorize. It does not matter if the application is for the web, mobile or desktop, as long as it communicates in the specified standard way and through HTTP protocol.

You can use various authorization providers, provided by you in isolation, or, most commonly, through third parties. So you do not have to worry about the whole process, you just need to know if the user is authorized or not.

In this way, data that needs to be safe stays out of the application and probably in the hands of those who know to keep them safe and has the confidence of the owner of the information. The application only receives what is relevant to it.

One implementation of the default for .Net is the DotNetOpenAuth . With it you just need to learn the API and do not have to worry about the standard itself. There are other implementations. OWIN uses the OWIN OAuth 2.0 Authorization Server for this.

Wikipedia article on it .

    
25.07.2015 / 17:04