Last post Jan 15, 2014 11:59 AM by silas2
Jan 11, 2014 01:11 PM|silas2|LINK
I've just made my first MVC5 app, and I'm looking at the OWIN security, trouble is I need it to work with my legacy Forms Authentication database (not Facebook!) The only article I can find about using OWIN with Forms auth is
http://blogs.msdn.com/b/webdev/archive/2013/07/03/understanding-owin-forms-authentication-in-mvc-5.aspx, but the links to the repositories are broken and the code I can find is incomplete.
Is it just too soon to get this working?
Jan 11, 2014 04:02 PM|BrockAllen|LINK
OWIN security is equivalent to Forms auth in older ASP.NET. ASP.NET Identity is equivalent to Membership in older ASP.NET. Each is a piece of the security puzzle, but they do different jobs. You can mix & match them if you'd like.
He's an old post that tries to make this distinction:
And here are some posts that might get you started with OWIN cookie authentication middleware:
So with this post that discusses just the cookie middleware, it'd be up to you to invoke your membership APIs to verify the user's credentials and then use the APIs mentioned in the post to log the user in.
Jan 15, 2014 10:09 AM|silas2|LINK
Thanks for getting back to me, I have been digging around and I had come across that post before. However, I'm still in the dark as to what the best route for upgrading all the existing Forms Authenticated/Membershiped/Authorized legacy stuff to OWIN given
that they don't seem to sit together.
Can OWIN delegate/federate for authentication to Forms Auth, just like to google, twitter et al?
Is there a simple way of porting all the old aspnet_Membership, etc tables over?
Is there something in the pipeline and we should wait rather than bust a gut now (I see more stuff on Claims and Forms Auth for Sharepoint)
Or .....? Recreate all the logins....
Jan 15, 2014 11:35 AM|BrockAllen|LINK
Why not just stick with what you have? You don't have to use the new OWIN authentication middleware and you don't have to use the new ASP.NET Identity for storing credentials.
Jan 15, 2014 11:59 AM|silas2|LINK
Right, fair enough. I suppose you get a bit freaked out when the Forms Authentication radio button is conspicuous by its absence in the MVC5 'scaffolding' wizard.
It does seem like a shame there isn't a wrapper for the Forms Auth to turn it into a federated login so that our legacy asp.net apps can seemlessly become part of the new membership world.