If you could add something to Kentico, what would it be and why?

Replace outdated authentication approach with OWIN & Asp.Net Identity

Leverage ASP.Net identity and OWIN to futureproof Kentico for .Net 5. Approach / Benefits:

OWIN

- Replace the Kentico bootstrapping process with an OWIN pipeline.
- Register Kentico modules via OWIN pipeline, for example the URL Rewriting engine and Kentico’s own Web API implementation.
- Follows “API-first” ideology.
- Provides developers with a great deal of control over the pipeline and intercepting requests via custom middleware.
- Can support backwards compatibility via custom middleware to keep existing features available (like RequestEvents).

ASP.Net Identity

- Replace the standard WebForms authentication with Identity cookie uthentication: http://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/
- Standardised framework.
- Free wins with OAuth support and many other identity providers.
- Authentication/authorization across different aspects of application (WebForms, WebAPI, SignalR, etc) when combined with OWIN.

28 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Jonathan Healey shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Richard Shackleton commented  ·   ·  Flag as inappropriate

    Hi Martin,

    In terms of OWIN:

    We have needed to hook into the request pipeline in the past to make checks to redirect/rewrite requests based on business logic. Having the ability to do this as early as possible will remove some overhead on the initial request.

    Using the OWIN pipeline also allows us to separate the webforms environment and multiple WebAPI environments with their own specific configurations. We have had scenarios before where changes to the WebAPI configuration have impacted the Kentico dashboard as this also uses WebAPI.

    In terms of Identity:

    The main scenario we have encountered is using WebAPI in conjunction with Forms Authentication.

    There is a disconnect when doing this. However, if we could use the Identity framework then we could share the same authentication token between the two systems whilst maintaining a stateless API.

    The Identity framework also supports using OAuth with only simple configuration which will make the authentication more extensible with 3rd party services or SSO.

  • AdminMartin Hejtmanek (Chief Technical Officer, Kentico) commented  ·   ·  Flag as inappropriate

    Hi Richard,

    We are now developing it only for MVC, but technically it may work also for WebForms as it is leveraging the standard model. We will either test it within regular dev cycle or I may try it and write some article about it if it is possible.

    Cannot guarantee that right now though.

    Can you guys tell us more about what particular scenarios right now you need to cover?

Feedback and Knowledge Base