OWIN Claims Transformation Middleware–Take 2

Thanks to some good feedback from @grumpydev, @loudej and Chriss Ross – I changed my original claims transformation middleware (see here). What I learned is, that for better compatibility and discoverability, you should not expose the types of a specific framework (in my case Katana) on your public API surface. It is OK to use that framework internally – if you can live with that dependency. Here’s my 2nd take:

public class ClaimsTransformationMiddleware

{

    readonly ClaimsTransformationOptions _options;

    readonly Func<IDictionary<string, object>, Task> _next;

 

    public ClaimsTransformationMiddleware(
      Func<IDictionary<string, object>, Task> next,
      ClaimsTransformationOptions
options)

    {

        _next = next;

        _options = options;

    }

 

    public async Task Invoke(IDictionary<string, object> env)

    {

        // use Katana OWIN abstractions (optional)

        var context = new OwinContext(env);

        var transformer = _options.ClaimsAuthenticationManager;

 

        if (context.Authentication != null &&

            context.Authentication.User != null)

        {

            context.Authentication.User = transformer.Authenticate(

                context.Request.Uri.AbsoluteUri,

                context.Authentication.User);

        }

 

        await _next(env);

    }

}

 

Note that I am not deriving from OwinMiddleware anymore and also use the AppFunc on the Invoke method (instead of IOwinContext).

Note: This middleware does not work with Katana’s passive authentication mode. But that’s another issue.

This entry was posted in IdentityModel, Katana, WebAPI. Bookmark the permalink.

2 Responses to OWIN Claims Transformation Middleware–Take 2

  1. Hmm, I like this idea. Wouldn’t you need to return the OwinContext thought? Isn’t the OwinContext that you created only valid in that scope? I still need to play around a lot more with this to check it out.. I’ll let you know. What do you mean by passive authentication? Thanks, for the post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s