Microsoft.Owin.Security

Provides extensions methods for app.Property values that are only needed by implementations of authentication middleware.

Returns the previously set AuthenticationType that external sign in middleware should use when the browser navigates back to their return url.

App builder passed to the application startup code

Called by middleware to change the name of the AuthenticationType that external middleware should use when the browser navigates back to their return url.

App builder passed to the application startup code AuthenticationType that external middleware should sign in as.

Controls the behavior of authentication middleware

In Active mode the authentication middleware will alter the user identity as the request arrives, and will also alter a plain 401 as the response leaves.

In Passive mode the authentication middleware will only provide user identity when asked, and will only alter 401 responses where the authentication type named in the extra challenge data.

Base Options for all authentication middleware

Initialize properties of AuthenticationOptions base class

Assigned to the AuthenticationType property

The AuthenticationType in the options corresponds to the IIdentity AuthenticationType property. A different value may be assigned in order to use the same authentication middleware type more than once in a pipeline.

If Active the authentication middleware alter the request user coming in and alter 401 Unauthorized responses going out. If Passive the authentication middleware will only provide identity and alter responses when explicitly indicated by the AuthenticationType.

Additional information about the authentication type which is made available to the application.

String constants used only by the Security assembly

Used by middleware extension methods to coordinate the default value Options property SignInAsAuthenticationType

Factory used to create IDataProtection instances

Returns a new instance of IDataProtection for the provider.

Additional entropy used to ensure protected data may only be unprotected for the correct purposes. An instance of a data protection service

Service used to protect and unprotect data

Called to protect user data.

The original data that must be protected A different byte array that may be unprotected or altered only by software that has access to the an identical IDataProtection service.

Called to unprotect user data

The byte array returned by a call to Protect on an identical IDataProtection service. The byte array identical to the original userData passed to Protect.

Base class for the per-request work performed by most authentication middleware.

Specifies which type for of AuthenticationOptions property

Base class for the per-request work performed by most authentication middleware.

Called once per request after Initialize and Invoke.

async completion

Called once by common code after initialization. If an authentication middleware responds directly to specifically known paths it must override this virtual, compare the request path to it's known paths, provide any response information as appropriate, and true to stop further processing.

Returning false will cause the common code to call the next middleware in line. Returning true will cause the common code to begin the async completion journey without calling the rest of the middleware pipeline.

Causes the authentication logic in AuthenticateCore to be performed for the current request at most once and returns the results. Calling Authenticate more than once will always return the original value. This method should always be called instead of calling AuthenticateCore directly.

The ticket data provided by the authentication logic

The core authentication logic which must be provided by the handler. Will be invoked at most once per request. Do not call directly, call the wrapping Authenticate method instead.

The ticket data provided by the authentication logic

Causes the ApplyResponseCore to be invoked at most once per request. This method will be invoked either earlier, when the response headers are sent as a result of a response write or flush, or later, as the last step when the original async call to the middleware is returning.

Core method that may be overridden by handler. The default behavior is to call two common response activities, one that deals with sign-in/sign-out concerns, and a second to deal with 401 challenges.

Override this method to dela with sign-in/sign-out concerns, if an authentication scheme in question deals with grant/revoke as part of it's request flow. (like setting/deleting cookies)

Override this method to deal with 401 challenge concerns, if an authentication scheme in question deals an authentication interaction as part of it's request flow. (like adding a response header, or changing the 401 result to 302 of a login page or external sign-in location.)

Initialize is called once per request to contextualize this instance with appropriate state.

The original options passed by the application control behavior The utility object to observe the current request and response async completion

Contains user identity information as well as additional authentication state.

Initializes a new instance of the class

Gets the authenticated user identity.

Additional state values for the authentication session.

Interface for providing pinned certificate validation, which checks HTTPS communication against a known good list of certificates to protect against compromised or rogue CAs issuing certificates for hosts without the knowledge of the host owner.

Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.

An object that contains state information for this validation. The certificate used to authenticate the remote party. The chain of certificate authorities associated with the remote certificate. One or more errors associated with the remote certificate. A Boolean value that determines whether the specified certificate is accepted for authentication.

Provides pinned certificate validation based on the certificate thumbprint.

Initializes a new instance of the class.

A set of thumbprints which are valid for an HTTPS request.

Validates that the certificate thumbprints in the signing chain match at least one whitelisted thumbprint.

Base class used for certain event contexts

Discontinue all processing for this request and return to the client. The caller is responsible for generating the full response.

Discontinue processing the request in the current middleware and pass control to the next one.

Continue with normal processing.

Discontinue processing the request in the current middleware and pass control to the next one.

Discontinue all processing for this request.

Discontinue all processing for this request and return to the client. The caller is responsible for generating the full response.

Gets or set the

Gets or sets the Protocol message

Used to provide the data protection services that are derived from the Data Protection API. It is the best choice of data protection when you application is not hosted by ASP.NET and all processes are running as the same domain identity.

Initializes a new DpapiDataProtectionProvider with a random application name. This is only useful to protect data for the duration of the current application execution.

Initializes a new DpapiDataProtectionProvider which uses the given appName as part of the protection algorithm

A user provided value needed to round-trip secured data. The default value comes from the IAppBuilder.Properties["owin.AppName"] when self-hosted.

Returns a new instance of IDataProtection for the provider.

Additional entropy used to ensure protected data may only be unprotected for the correct purposes. An instance of a data protection service

Helper code used when implementing authentication middleware

Add an additional ClaimsIdentity to the ClaimsPrincipal in the "server.User" environment key

Find response challenge details for a specific authentication middleware

The authentication type to look for The authentication mode the middleware is running under The information instructing the middleware how it should behave

Find response sign-in details for a specific authentication middleware

The authentication type to look for The information instructing the middleware how it should behave

Find response sign-out details for a specific authentication middleware

The authentication type to look for The authentication mode the middleware is running under The information instructing the middleware how it should behave

Base class used for certain event contexts

Creates an instance of this context

Prevents the request from being processed further by other components. IsRequestCompleted becomes true after calling.

True if the request should not be processed further by other components.

A strongly-typed resource class, for looking up localized strings, etc.

Returns the cached ResourceManager instance used by this class.

Overrides the current thread's CurrentUICulture property for all resource lookups using this strongly typed resource class.

Looks up a localized string similar to The AuthenticationTokenProvider's required synchronous events have not been registered..

Looks up a localized string similar to The default data protection provider may only be used when the IAppBuilder.Properties contains an appropriate 'host.AppName' key..

Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing..

Looks up a localized string similar to The state passed to UnhookAuthentication may only be the return value from HookAuthentication..

Provides pinned certificate validation based on the subject key identifier of the certificate.

Initializes a new instance of the class.

A set of subject key identifiers which are valid for an HTTPS request.

Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.

The algorithm used to generate the subject public key information blob hashes.

Implements a cert pinning validator passed on http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/?include_text=1

Initializes a new instance of the class.

A collection of valid base64 encoded hashes of the certificate public key information blob. The algorithm used to generate the hashes.

Validates at least one SPKI hash is known.

Encodes a structure of the type indicated by the value of the lpszStructType parameter.

Type of encoding used. The high-order word is zero, the low-order word specifies the integer identifier for the type of the specified structure so we can use the constants in http://msdn.microsoft.com/en-us/library/windows/desktop/aa378145%28v=vs.85%29.aspx A pointer to the structure to be encoded. A pointer to a buffer to receive the encoded structure. This parameter can be NULL to retrieve the size of this information for memory allocation purposes. A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter.