This project has moved and is read-only. For the latest updates, please go here.

Forcing OWIN pipeline to run for specific virtual paths without RAMFAR.

Mar 6, 2014 at 3:45 PM
Edited Mar 6, 2014 at 3:52 PM

I am using OWIN with Cookie Authentication in an MVC application.

I would like to do authentication on image files that e.g have a virtual path of "/images".

People write that RAMFAR needs to be enabled for this to work, but I found out that if I add this handler to system.webServer:
<add name="OwinImageHandler" verb="" path="/Images" type="Microsoft.Owin.Host.SystemWeb.OwinHttpHandler"/>

The pipeline executes, and I can e.g access the user in this Global.asax event:
protected void Application_AuthorizeRequest(object sender, EventArgs e){ }
The "only" problem is that I cannot register this path dynamically which I would like to do from code.
Furthermore does it have any negative effects to add this OwinHttpHandler manually, in addition to the dynamically registered one by Owin?

I researched a little more and found the MapOwinPath extension to the Route table.
I added this to the RouteTable from Application_Start() in Global.asax:
But this have no effect.

Should the MapOwinPath not work, or am I misunderstanding its use ?

(OWIN 2.10, .NET 4.5.1, MVC 5.1.1)
Mar 6, 2014 at 5:21 PM
If you want to run code before another handler (e.g. the static file handler) then do not use OwinHttpHandler or MapOwinPath. You should instead use RAMFAR and put IAppBuilder.UseStageMarker(Authenticate) after your cookie middleware. If you want to limit auth to only the /images path, then use app.Map("/images", subApp => subApp.UseCookieAuth(...));
Mar 6, 2014 at 5:56 PM
Hi Tratcher,

Thank you for the quick reply.

You suggestion does indeed work (also without the UseStageMarker setting), but I really would like to avoid RAMFAR.

Even though the handler trick actually works, would you still recommend using RAMFAR over it ?
Mar 6, 2014 at 6:00 PM
Go with what works for you, so long as you understand why it works.