MVC 5 customise OWIN authentication options in web.config

Question

Is it possible to specify some of the options in the web.config file? When creating a new project you get this startup class by default and the old forms authentication section is web.config is gone.

    // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
    public void ConfigureAuth(IAppBuilder app)
    {
        // Enable the application to use a cookie to store information for the signed in user
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });
        // Use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

    }

I'd like to be able to specify some of the options on CookieAuthenticationOptions listed here:

http://blogs.msdn.com/b/webdev/archive/2013/07/03/understanding-owin-forms-authentication-in-mvc-5.aspx#_Understanding_OWIN_Forms

in web.config (like the expiry timeout for example).

Answer 1

An alternative to putting OWin-related properties in appSettings is to write a custom ConfigurationSection. This class could contain all the plumbing that is necessary. Plus, an XML schema may add code completion.

---

• HowTo: Create a ConfigSection
• HowTo: Apply XML Schema on config files

---

Sample Code

public static class IAppBuilderExtensions {
    public static void ApplyConfigSettings(this IAppBuilder appBuilder) {
        var config = (OWinConfigSection) System.Configuration.ConfigurationManager.GetSection("owinConfig");
        if (config == null) return;
        if (config.GoogleAuthentication.Enabled) appBuilder.UseGoogleAuthentication();
    }
}

public class OWinConfigSection : ConfigurationSection {
    [ConfigurationProperty("GoogleAuthentication", IsRequired=false)]
    public GoogleConfigurationElement GoogleAuthentication
    { get { return (GoogleConfigurationElement)this["GoogleAuthentication"]; } }
}

public class GoogleConfigurationElement : ConfigurationElement {
    [ConfigurationProperty("Enabled", DefaultValue = "false", IsRequired = false)]
    public bool Enabled
    { get { return (bool)this["Enabled"]; } set { this["Enabled"] = value; } }
}

Put the following XML snippet inside the configSections of the configuration element:

<section name="owinConfig" type="OWinConfigSection" requirePermission="false" />

Then, just call app.ApplyConfigSettings(); somewhere during OWin Startup.

Sample Schema

<?xml version="1.0" encoding="utf-8"?>
<xs:schema id="XMLSchema1" xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:complexType name="owinConfig_T">
    <xs:all minOccurs="0">
      <xs:element name="GoogleAuthentication" type="GoogleAuthentication_T" />
    </xs:all>
  </xs:complexType>
  <xs:complexType name="GoogleAuthentication_T">
    <xs:attribute name="Enabled" use="optional" default="false">
      <xs:annotation>
        <xs:documentation>Set to true to enable Authentication via Google OAuth</xs:documentation>
      </xs:annotation>
    </xs:attribute>
  </xs:complexType>
  <xs:element name="owinConfig" type="owinConfig_T" />
</xs:schema>

Answer 2

Cookie middleware or none of the auth middlewares has any corresponding web.config setting to configure properties. They are code only. Alternatively you can have appSettings in your web.config and assign those appSetting values in the ConfigureAuth method.

<appSettings>
    <add key="ExpireTimeSpanInMinutes" value="10" />
  </appSettings>

public void ConfigureAuth(IAppBuilder app)
    {
var expireTimeSpan = TimeSpan.FromMinutes(Int32.Parse(ConfigurationManager.AppSettings["ExpireTimeSpanInMinutes"]));
....
..
}