diff --git a/rules/know-how-to-migrate-owin-to-asp-net-core/rule.md b/rules/know-how-to-migrate-owin-to-asp-net-core/rule.md new file mode 100644 index 00000000000..a786f48bea7 --- /dev/null +++ b/rules/know-how-to-migrate-owin-to-asp-net-core/rule.md @@ -0,0 +1,67 @@ +--- +type: rule +title: Do you know how to migrate OWIN to ASP.NET Core? +uri: know-how-to-migrate-owin-to-asp-net-core +authors: + - title: Nick Curran +related: + - choosing-authentication +created: 2023-07-31T23:22:58.333Z +guid: 004c52d9-30a5-4b9c-963a-e93988a31075 +--- +OWIN is the [Open Web Interface for .NET](http://owin.org/), which was intended to provide a standard interface .NET web servers and web applications for ASP.NET. It provided the ability to chain middleware together to form pipelines and to register modules. + +The [Katana libraries](https://github.com/aspnet/AspNetKatana/) provided a flexible set of popular components for OWIN-based web applications. These components were supplied through packages prefixed with `Microsoft.Owin`. + +Middleware and module registering functionality are now core features of ASP.NET Core. Microsoft provides adapters to and from the [OWIN interface for ASP.NET](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/owin?view=aspnetcore-7.0) that can be used to gradually migrate custom OWIN components. By contrast, ASP.NET Core has native ports for Katana components. + +## CORS functionality + +CORS functionality was enabled in OWIN with the [UseCors(...)](https://learn.microsoft.com/en-us/previous-versions/aspnet/mt181143(v=vs.113)) extension method. For ASP.NET Core, it is provided by the [UseCors(...)](https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.corsmiddlewareextensions.usecors?view=aspnetcore-7.0#microsoft-aspnetcore-builder-corsmiddlewareextensions-usecors(microsoft-aspnetcore-builder-iapplicationbuilder)) extension method in the [`Microsoft.AspNet.Cors`](https://www.nuget.org/packages/Microsoft.AspNet.Cors) package. + +```cs +public void Configuration(Owin.IAppBuilder app) { + // ... other logic ... + app.UseCors(getCorsOption()); + // ... other logic ... +} + +private static CorsOptions BuildCorsOptions() { + var corsPolicy = new CorsPolicy + { + AllowAnyMethod = true, + AllowAnyHeader = true, + SupportsCredentials = true + }; + corsPolicy.Origins.Add("https://staging.northwind.com"); + return new CorsOptions + { + PolicyProvider = new CorsPolicyProvider + { + PolicyResolver = context => Task.FromResult(corsPolicy) + } + }; +} +``` +::: bad +Figure: Basic OWIN CORS example. +::: + +```cs +var builder = WebApplication.CreateBuilder(args); +var app = builder.Build(); + +app.UseCors(corsPolicyBuilder => { + corsPolicyBuilder.AllowAnyMethod() + .AllowAnyHeader() + .AllowCredentials() + .WithOrigins(new string[] { "https://staging.northwind.com" }); +}) +``` +::: good +Figure: Basic OWIN CORS example ported to ASP.NET Core. +::: + +## Third-Party Authentication + +A common use for OWIN was to provide access to [third-party authentication sources](https://www.ssw.com.au/rules/choosing-authentication/). [AspNet.Security.OAuth.Providers](https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers) is a collection of security middleware that works natively in ASP.NET Core to support authentication sources such as GitHub and Azure DevOps. The full list of providers is published [here](https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers#providers), and the details of the migration differ from provider to provider.