First, OWIN is not what you think. OWIN defines an interface between a web application and the host. OWIN is a way to add features to an ASP.NET application.
OAuth is an authentication protocol. It is unclear why your web application security is unknown. Perhaps contact the team that support the applications and ask.
The common approach is reading the documentation to find deprecated or breaking changes going to a new API. Do a source code analysis to find deprecated code. Make a plan to update and test.
OWIN is a specification on how web servers and web applications should be built in order to decouple one from another and allow movement of ASP.NET applications to environments where at the current state it is not possible. Katana is project name to
implement OWIN in ASP.NET, please check the
tutorial .
First, OWIN is not what you think. OWIN defines an interface between a web application and the host. OWIN is a way to add features to an ASP.NET application.
First Thanks for taking your time to reply my query!
I am from IT support team. I know we should use https to secure web communication other than that, I do not know what other protocols are involved on web communication other that http/https, TCP/IP where auth0/OWIN might be used. That is why I am struggling
to identify whether any applications or servers utilising auth0/OWIN in our network. We purchase applications from third party and support them. If you can advise me, how can I identify whether any applications in our network uses auth0/owin for web authentication
and what version of auth0/owin are in use? that will be my first step in understanding this protocol and towards addressing this vulnerability in our network.
If I identify one particular application is using it, I can go back to application support or vendor and get help to address this vulnerability issue.
None
0 Points
2 Posts
Reported Security Vulnerability with Auth0, owin version 2.0 or above
Sep 26, 2018 09:22 AM|MrMaker|LINK
Help required to identify auth0 /owin older version in an organisational network devices.
Links:
https://nvd.nist.gov/vuln/detail/CVE-2018-15121
https://auth0.com/docs/security/bulletins/cve-2018-15121
All-Star
34101 Points
13355 Posts
Re: Reported Security Vulnerability with Auth0, owin version 2.0 or above
Sep 26, 2018 04:03 PM|mgebhard|LINK
First, OWIN is not what you think. OWIN defines an interface between a web application and the host. OWIN is a way to add features to an ASP.NET application.
http://owin.org/
https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/
OAuth is an authentication protocol. It is unclear why your web application security is unknown. Perhaps contact the team that support the applications and ask.
https://oauth.net/2/
The common approach is reading the documentation to find deprecated or breaking changes going to a new API. Do a source code analysis to find deprecated code. Make a plan to update and test.
https://www.nuget.org/packages/Microsoft.Owin/
A forum cannot answer this question. If you are using OWIN; obviously disabling OWIN will cause unwanted application behavior.
Not really, read the links to get a better understanding of OWIN and Kantans.
https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/
AuthO is a paid service. If you need help with AuthO then go through the AuthO support channels. This is an ASP.NET forum and not related to AuthO.
All-Star
17685 Points
3349 Posts
Microsoft
Re: Reported Security Vulnerability with Auth0, owin version 2.0 or above
Sep 27, 2018 02:18 AM|Nan Yu|LINK
Hi MrMaker ,
OWIN is a specification on how web servers and web applications should be built in order to decouple one from another and allow movement of ASP.NET applications to environments where at the current state it is not possible. Katana is project name to implement OWIN in ASP.NET, please check the tutorial .
To meet the OWIN4 support , from this github issue :
For web applications, the standard OIDC middleware should be used as per the Quickstart:
https://auth0.com/docs/quickstart/webapp/aspnet-owin
For Web API, the package has been updated for OWIN 4. Please refer to Quickstart:
https://auth0.com/docs/quickstart/backend/webapi-owin
Best Regards,
Nan Yu
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.
None
0 Points
2 Posts
Re: Reported Security Vulnerability with Auth0, owin version 2.0 or above
Sep 27, 2018 11:56 AM|MrMaker|LINK