Enable Javascript

Please enable Javascript to view website properly

Toll Free 1800 889 7020

Looking for an Expert Development Team? Take 2 weeks Free Trial! Try Now

How to use Owin Authentication in Asp.net development (MVC)?

Learn the basics of Owin Authentication, its highlights, keys & components and how to use it in MVC by ASP.NET development experts. This post is intended for programmers who wish to use Owin Authentication in MVC, but lacking in guidance. This article will guide them and explain the Owin Authentication in apt way.


  • A new security design for MVC,Owin Authentication middleware,is recommended for higher security.The security features can be shared by other components which are hosted on OWIN.
  • OWIN provides the underlying set of components to ASP.NET applications to enable, then to be flexible,portable,and lightweight. A better performance and optimization with ASP.NET applications is an added advantage.
  • It (OWIN) can also secure apps hosted on IIS, including ASP.NET MVC as well as Web API and Web Forms.
  • OWIN extends its support as:

  • It supports Authentication functionality related withCookies
  • It also supports Expiry states
  • It supports Expiry state of session etc.
  • It supports the security protections using such secure tokens
  • It supports cases(claims) for such purposes
  • It also Supports formulation of web farms
  • It can also supports Redirection that’s not authorized

Highlights of OWIN:

OWIN specification is a solution to the problems such as:

  • Monolithic (New features in ASP.NET attached to the framework )
  • Tight Coupling to IIS
  • Turn off features are not easily located like the HTTP modules in the HTTP Pipeline.
  • Loose Coupling (Loose coupling allows to swap the components with each other)
  • Provide a minimal set of features
  • Promote open source

OWIN is a standard interface between .Net web servers and applications. The goal of OWIN is to decouple server and application depicted below:

/ *** [Request/ Response ->webserver (IIS) ->request/response ->OWIN ->request/response -> web framework (asp.net)] ***/

OWIN Keys & Component:

1) Environment

A dictionarywhich is passed to the application from the server to request and response. The application can workdirectly with this dictionary instead of the communication with the server. This helps to create the decoupled OWIN architecture.

2) Generic function

A delegate that is used as the parameter to the environment and also returns . We can connect or use different middleware and their components using this function.

Use of such basic keys shown below:

owin.RequestBody (this is a request body) owin.RequestHeaders( this is a Dictionary <string, string[]> which is used for request header) owin.RequestMethod (this is again a kind of string containing the HTTP method of request like (GET POST) etc.) owin.RequestPath (used for path request) owin.RequestPathBase (Request path that corresponds to the root of app) owin.RequestProtocol (RRequest used for protocol and versions basically)

How to create or add OWIN form Authentication from scratch:

  • Create an empty project in MVC, add the folders accordingly by naming as ABC and xyz or anything.
  • Add some important packages related to Owin authentication in the main package is :


And also can use such other packages named as:

Microsoft.Owin.Host.SystemWeb Microsoft.AspNet.Identity.Core Microsoft.Owin.Security.Cookies One more that usually add is of MVC addition i.e Microsoft.AspNet.mvc

In the above packages, the first three packages are related directly with Microsoft implementation of OWIN and the “Microsoft.Owin.Security.Cookies” is related to the security and identity point of view.


these packages get install through this: in visual studio go Tools -> now get package manager -> package manager console And write this

Install-Package (here the name of the package)

  • To install the packages , add the new item in the project solution,known as “OWIN startup class”.
  • At last configure OWIN in MVC,add essential code -
Add in config file class andname the file“AuthConfig.cs” , add the code : /** Public class AuthConfig { Public void Configuration(IAppBuilder objApp) { System.Web.Helpers.AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimType.Email; objApp.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString(“/ControllerName/ActionName”), CookieSecure = CookieSecureOption.SameAsRequest }); } } **/

5) Come to the related controller action code ,for example, name of the action is login so the code can write as :

/** Private void login(listing<Claim> objclaim) //, where the claim in the list is System.Security.Claims that add as namespace for this particular ,this is for security purpose claim { Var ObjclaimsIdentity = new DemoIdentity(objclaim, DefaultAuthenticationTypes.ApplicationCookie); // now have to write main OWIN Authentication part AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); AuthenticationManager.login(new AuthenticationProperties() {IsPersistent = true}, ObjclaimsIdentity); HttpContext.User = new DemoPrincipal (AuthenticationManager.AuthenticationResponseGrant.Principal); } **/

Note :

To authorize and authenticate your actions in MVC , you must add the attribute on top of action that is –

Just in case any thing is unclear or if you have any doubt, Hire ASP.NET Developers. They will respond to your query and explain the terms in the way you understand. For more updates related to Owin authentication, subscribe the official blog.

Software Development Team
Need Software Development Team?

Thank you!
We will contact soon.

Oops! Something went wrong.

Recent Blogs


NSS Note
Trusted by Global Clients