Authorize by ClaimIdentity by Owin

1. Package needed

• Owin
• Microsoft.Owin.Security.OAuth
• Microsoft.Owin.Security.Cookies
• Microsoft.Owin
• Microsoft.AspNet.WebApi.Owin

1. Startup.cs definition

[assembly:OwinStartup(typeof(GoldWebApi.App_Start.Startup))]namespace GoldWebApi.App_Start{ public class Startup { public void Configuration(IAppBuilder app) { } }}

1. By using Cookie

• Add these function call in startup.cs

app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, CookieHttpOnly = false, CookieName = "Auth", ExpireTimeSpan = TimeSpan.FromMinutes(1) });

• Define this action webapi

 [HttpGet] public string Login(string userName,string passWord) { string realPassword = string.Empty; if(AccountDic.TryGetValue(userName,out realPassword)) { if (passWord == realPassword) { this.SignIn(HttpContext.Current.GetOwinContext().Authentication, this.CreateClaimIdentity(userName)); return "Authenticated"; } } return "Deny"; } private void SignIn(IAuthenticationManager authenticationManger, ClaimsIdentity identity) { authenticationManger.SignIn(new AuthenticationProperties() { ExpiresUtc = DateTime.UtcNow.AddMinutes(1), IsPersistent = true }, identity); } private ClaimsIdentity CreateClaimIdentity(string userName) { return new ClaimsIdentity(new List<Claim>() { new Claim(ClaimTypes.Name, userName) }, DefaultAuthenticationTypes.ApplicationCookie); }

4.By Token

• Add these call in startup.cs
  app.UseOAuthBearerAuthentication(GoldWebApi.Controllers.AccountController.OAuthBearerOptions);
• Add these definition in webapi

[HttpGet] public string LoginByTicket(string userName,string passWord) { string realPassword = string.Empty; if (AccountDic.TryGetValue(userName, out realPassword)) { if (passWord == realPassword) { return this.GenerateTicket(this.CreateClaimIdentity(userName)); } } return "Deny"; } private string GenerateTicket(ClaimsIdentity identity) { var ticket = new AuthenticationTicket(identity, new AuthenticationProperties()); ticket.Properties.IssuedUtc = DateTime.Now; ticket.Properties.ExpiresUtc = DateTime.Now.AddMinutes(1); return OAuthBearerOptions.AccessTokenFormat.Protect(ticket); }

1. By Basic Authentication

• package install: Thinktecture.IdentityModel.Owin.BasicAuthentication
• Add these in startup.cs

app.UseBasicAuthentication("localhost", ValidateUserCredential);public Task<IEnumerable<Claim>> ValidateUserCredential(string userName, string passWord) { return Task.FromResult<IEnumerable<Claim>>(new List<Claim>() { new Claim(ClaimTypes.Name, userName) }); }

Summary
For all those Authentication mode, we can use Authorize Attribute in our webapi controller/action to apply the Authentication/Authorization. Owin will take the infrustructure job for us.