19. December 2012 16:00
Just completed this spike and I'm happy with the outcome. Will post solution to Github soon.
Edit: Code available.
16. December 2012 19:39
Using OWIN has enabled me to build an application server with the following features:
- Self-hosted web apps and services using various frameworks
- Unified authentication mechanism
- Ability to DI my application's services into Fubu controllers, ServiceStack services, SignalR PersistentConnections etc
- Simpler end-to-end acceptance tests without having to go through the network stack
- All assets (html, css, js, etc) are embedded resources
- A delightfully simple deployment - a single .exe
I like this.. a lot! Nice job OWIN crew and supporting framework devs.
It is not possible to do this with asp.net due to it's tight coupling with IIS, but it looks like it will support OWIN in the future.
* Just a note on the diagram - RavenDB doesn't support owin yet, but I intend to tackle it soon.
Update: I'm in the process of reducing the number of components in this, specifically replacing the FubuMVC component with NancyFX. Mostly because of maintainance and future development and not anything owin specific.
12. December 2012 17:29
I've pushed to github a port of the AAL - Native Application to REST service - Authentication via Browser Dialog sample code that, instead of using WebAPI, uses Service Stack.
My implementation uses ServiceStack's request filters to verify that all requests have a valid security token in a similar way the sample WebAPI uses a delegating http handler. My understanding of ServiceStack's Authentication and authorization feature, as is currently designed, is that it doesn't support the situation where you authenticate externally first; ServiceStack wants to authenticate on your behalf through one of it's auth services.
As this is my first time playing with both ServiceStacks authentication and Azure Authentication Library, I'm sure there are things that can be improved. If so, let me know here, github or twitter :)
Up next - securing a Nancy app and any OWIN app with AAL.
Note: the original sample did not have any tests, unit or otherwise, so I just F5'd my way through this against my better judgement.