Middleware, OWIN, etc

[bcalco]

One thing notably non-present (or perhaps hidden) in WatsonWebserver is any notion of middleware.

I am facing authentication requirements (principally, Oauth2) for which solutions like IdenityServer3 seem best, but that is tied to OWIN middleware.

What is WatsonWebserver's hidden knobs and switches for dealing with problems like injecting middleware to some (but perhaps not all) endpoints for functionality such as authentication/authorization?

[jchristn]

Hi @bcalco I typically put my authentication and authorization logic in the PreRoutingHandler. That route gets invoked before any other.

[bcalco]

Do you have any examples that use Oath2 or otherwise show how PreRoutingHandler can be used as a middleware hook?

[jchristn]

OAuth2? Nope.

Here's an example with PreRoutingHandler, and in this case, using the value in x-api-key to determine if a user is authenticated.

Returning false allows the connection to continue. Returning true terminates the connection.

private static async Task<bool> PreRoutingHandler(HttpContext ctx)
{
    if (ctx.Request.Headers.ContainsKey("x-api-key"))
    {
        string apiKey = ctx.Request.Headers["x-api-key"];
        User user = database.GetUserByApiKey(apiKey);
        if (user != null)
        {
            // user found, allow the connection
            return false;
        }
    }

    ctx.Response.StatusCode = 401;
    await ctx.Response.Send();
    return true;
}