asp.net web api - Practical examples of OWIN middleware usage -
i consider self rank beginner owin , after reading lot of documentation have gotten more confused conflicting notions before began. know these multiple questions, feel answering these clear fundamental doubts regarding owin , how best use it. here questions:
- what can use owin middleware couldn't using message handlers or http modules? or both same thing except latter 2 tightly coupled iis?
- a lot of documentation says owin allows decoupling between web server , web application ie. removing dependency on iis hosting web api applications. have yet see example of web application or web api used owin , ported being hosted on iis , other web server. iis , self hosting way go decoupling between web server , web app?
- when searched owin middleware examples, got katana , helios 2 implementations of owin spec. katana done , wont go beyond revision3 , helios not yet supported microsoft per articles. future of owin in case?
- the detailed practical usage have seen far of using owin authentication using oauth 2. other such usages of keeping owin implementation in middle?
- in startup class's configuration method tried chain simple middleware code snippets below , able see request being sent in :-
but got errors:
how see request coming in , modify next component in middleware?
- what various kinds of middle ware have plugged-in in projects between web server , application?
thanks answering or of these above.
what can use owin middleware couldn't using message handlers or http modules? or both same thing except latter 2 tightly coupled iis?
decoupling iis part of it. owin middleware pipeline allows things "owin aware" involved in request, if choose. ihttphandler's handle single thing - not chain-able. compare pipeline more global.asax. i've seen lot of stuffed global.asax handlers doing sorts of things authentication, authorization, spitting out http headers p3p policies, x-frame-options, etc. part of problem developing reusable components difficult , depended on iis. owin attempts remove issues.
a lot of documentation says owin allows decoupling between web server , web application ie. removing dependency on iis hosting web api applications. have yet see example of web application or web api used owin , ported being hosted on iis , other web server. iis , self hosting way go decoupling between web server , web app?
that's true webapi 2 , signalr 2. mvc 5 , older can't decoupled iis @ moment. mvc 6 resolve issue , pretty big overhaul. asp.net website has tutorial or two on signalr self hosting on console app. you'll see in tutorial startup
class, if running on iis or iis express. thing console app differently is bootstrapping server httplistener in main
method.
[comment] respect point #2 above, owin components here? katana owin component or code write using katana or both put together?
owin not more an abstraction layer, specification, between web application , web server. there different "implementations" of owin depending on server want run on - katana owin implementation runs webapi 2 , signalr 2. kestrel example of owin implementation.
when searched owin middleware examples, got katana , helios 2 implementations of owin spec. katana done , wont go beyond revision3 , helios not yet supported microsoft per articles. future of owin in case?
that's still bit up-in-the-air, owin being used develop kestrel web server allows asp.net 5 core run on linux / os x.
the detailed practical usage have seen far of using owin authentication using oauth 2. other such usages of keeping owin implementation in middle?
signalr , webapi use owin. useful can run signalr hub windows service, same goes web api.
any other such usages of keeping owin implementation in middle?
platform independence. having owin in middle means can literally xcopy mvc 6 core web application running on iis kestrel on mac, , owin implementation takes care of rest.
in startup class's configuration method tried chain simple middleware code snippets below , able see request being sent in.
context.request
not have indexer in owin. use get<>
instead:
app.use(async (context, next) => { context.response.write("hello world 2: " + context.request.get<object>("owin.requestbody")); await next(); });
note owin.requestbody
bit of implementation detail, actual return type internal. i'm not sure attempting get, if want query string, use query
request, or headers
if want http header.
what various kinds of middle ware have plugged-in in projects between web server , application?
things handling security, middleware component handled nonces in content security policy, wrote on personal blog here. gist of allows me add http header nonce:
public void configuration(iappbuilder app) { app.use((context, next) => { var rng = new rngcryptoserviceprovider(); var noncebytes = new byte[16]; rng.getbytes(noncebytes); var nonce = convert.tobase64string(noncebytes); context.set("scriptnonce", nonce); context.response.headers.add("content-security-policy", new[] {string.format("script-src 'self' 'nonce-{0}'", nonce)}); return next(); }); //other configuration... }
from there, in razor views add nonce <script>
elements getting token owin context.
there lots of other things can used for. other frameworks can inject request / response process now. nancyfx framework can use owin now.
Comments
Post a Comment