Reputation: 23436
How to compose multiple authentication handlers in Katana?
I want to create a web API service which exposes a resource that can be accessed using either a client certificate OR a JWT token for authentication.
I found some middleware that validates a client certificate and some nice instructions how to create your own authentication middleware. Microsoft has middleware OAuthBearerAuthenticationMiddleware that validates JWT tokens. Obviously I can't just install them both as the first middleware will terminate the pipeline when authentication fails.
So I thought I would create a composite authentication middleware class that owns two AuthenticationHandler objects and would call AuthenticateAsync() for the handlers from its AuthenticateCoreAsync() until one returns a valid AuthenticationTicket. The problem is that the CreateHandler methods in the AuthenticationMiddleware class are protected, so I can't seem to compose these objects.
I cannot instantiate the OAuthBearerAuthenticationHandler class myself as it is internal.
How can I re-use these existing middleware components to enable both types of authentication without copying the code into my own handler?
Or am I going about this the wrong way and is there another way of having two authentication methods on the same web API service?
Upvotes: 0
Views: 964
Answers (1)
Reputation: 18482
It is actually not true that authentication middleware terminates the pipeline when authentication fails. It is designed to be composable.
Every middleware can contribute zero or one identity which becomes a ClaimsPrincipal in the end.
Upvotes: 4
Related Questions
- Git push results in "Authentication Failed"
- How to enumerate an enum?
- Catch multiple exceptions at once?
- How do I cast int to enum in C#?
- How to iterate over a dictionary?
- JWT vs cookies for token-based authentication
- How do I generate a random integer in C#?
- How to implement REST token-based authentication with JAX-RS and Jersey
- How to explain Katana and OWIN in simple words and uses?