I need to support mixed (Cookie + Basic or Cookie + Digest) authentication in ASP.NET MVC5 OWIN projects.
The goal is to easily add basic or digest authentication to any Visual Studio project that uses Cookie or other custom authentication (using our custom wizard).
Mixed authentication (i.e. Cookie + Basic) should work as follows:
- Try cookie authentication;
- If the above has not been completed with the 403 error (in our case, if the resource is accessed from the MS Office application), instead of the "403 unauthorized" response, basic authentication is issued.
The above is also called "Mixed Authentication Authentication" , and we used a special HTTP module to achieve this in previous versions of Visual Studio, before MVC5 / OWIN.
The easiest solution I'm going to implement now:
- Create a copy of the Microsoft.Owin.Security.Cookies middleware from
Katana Sources ;
- Implement a return to basic (or digest) authentication in the Handler authentication implementation. For basic authentication, I'm going to use the implementation from Thinktecture.IdentityModel .
- Make the project a new middleware instead of a middleware for cookies.
, Microsoft "" ,
Microsoft.
cookie Basic Digest ( ), 403?