OWIN

Open Web Interface for .NET

NancyFX

MVC for cool people

http://nancyfx.org/

"Whoa, this framework is fantastic!"

"If only we had an integrated pipeline..."

What we need is a STANDARD!

OWIN

Open Web Interface for .NET

There's a spec

And like all specs, it's got no style.

http://owin.org/html/spec/owin-1.0.html

The Application Delegate

Func<IDictionary<string, object>, Task>

An asynchronous function that takes in the environment.

Environment, you say?

Environment, you say?

  • Request
  • Response
  • Additional Server State

Katana

https://katanaproject.codeplex.com/

At least it's git...

Katana is useful

  • Self-Host
  • System.Web wrapper
  • A bunch of middleware
  • HTTP-less test server

Basically, type-safe OWIN

IAppBuilder

IAppBuilder Use(object middleware, params object[] args)

...extension methods

public static void Use(
  this IAppBuilder app,
  Func<IOwinContext, Func<Task>, Task> handler
);

My First Handler

app.Use(async (context, next) => {
    var steal = _creditCardStealer.StealAsync(context.Request);
    await next();
    await steal;
});

End of the (pipe)line

// Non System.Web

app.UseWebApi();

// -----------------
// System.Web

/* No codes here! */

Middleware are (is?) Singleton

Singleton to Multipleton

appBuilder.Use((context, next) => {
   var org = context.Request["Organization"]
   var authMiddleware = GetMiddleware(org);
   
   return authMiddleware(context, next);
});

The Integrated Pipeline

app.UseStageMarker(PipelineStage.Authenticate);

public enum PipelineStage
{
    Authenticate = 0,
    PostAuthenticate = 1,
    Authorize = 2,
    PostAuthorize = 3,
    ResolveCache = 4,
    PostResolveCache = 5,
    MapHandler = 6,
    PostMapHandler = 7,
    AcquireState = 8,
    PostAcquireState = 9,
    PreHandlerExecute = 10,
}

The Integrated Pipeline

  • Ignored for non-integrated pipeline (ie. self-host)
  • marks the end of that stage - all steps before will run in this stage
  • If not specified, will be the last stage in the pipeline

Cookie Authentication

If a valid ticket exists in the appropriate cookie, set the identity for the request

Clear Windows Auth

IIS blindly adds windows identity to the request.  

Strip it out here

Login Path

We branch the pipeline here if it's a login request

Guest Login

If we've made it this far, and we don't have any identities, and we have guest access enabled, then we can set up the guest identity for the request here

Ensure Logged In

If we're here, have no identity and anonymous requests are not allowed, we simply redirect to the login page

Made with Slides.com