Relationship between OWIN and OATH?

Relationship between OWIN and OATH?

How do they relate?

curiouswebsterSoftware EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Owin is no more than a specification. It stands for Open Web Interface for .Net. As from itself, it is using a few language constructs (delegates and a dictionary) for you to use it as a framework for handling web requests that is independent of where it is hosted (you can even run an "owin application" from a console app).

Oauth 2.0 ( I sense you are looking at it instead) is an Authorization protocol. The idea behind Oauth is that you (the resource owner) can delegate access privileges to a third-party. An example is a Web app being able to post on your Facebook wall for you.

Oauth is part of the implementation of the Owin specification per se. Like you can secure Web API endpoints using Oauth 2.0 through Owin.

In a nutshell, Owin is also standard that essentially decouples IIS and the web application. It's also worth mentioning that Microsoft.Owin.Security.OAuth is an Owin security middleware developed to implement OAuth Protocol.

In short, you can implement an OAuth 2.0 Authorization Server using OWIN OAuth middleware on ASP.NET web API.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If I understand what you're asking.

They don't really relate directly.

Oauth - provides authenticated connections between external sites.

Owin - is more intra-app token based processing.

You'd likely only use Owin if your internal security is questionable... say you're inside a large company with 1,000,000s of machines, so anyone's guess who's scrapping what data off the lines.

And, If you just make all your connections run with SSL certs, then Owin... to me... just adds another layer of complexity to code/debug/maintain. I'd rather just make all connections SSL encrypted, so code remains simple.
curiouswebsterSoftware EngineerAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.