Combine multiple authentications

Jun 30, 2014 at 5:12 PM
I have to combine multiple authentications within an OWIN web application.
For now, I have a CookieAuthenticationMiddleware with a custom OAuth2 middleware.

This manage the main identity of the user. But my users have a second identity.
We have tried to add a second CookieAuthenticationMiddleware in the pipeline but without success.
Is it possible to have two active authentication ?
How can we achieve ?

In summary, users have to pass a 1st authentication (/Account/firstAuthentication/) then a second authentication (/Account/delegatedAuthentication/) before to be considered fully authenticated.
Coordinator
Jun 30, 2014 at 5:25 PM
Start by setting up the two systems independently and get them working the way you like. Each will have a cookie middleware and maybe some other auth middleware.

Combining them may be a bit tricky, because both cookie middleware won't be able to be 'active' without stepping on each-other. However, you should be able to make everything work in 'passive' mode by using the IOwinContext.AuthenticationManager Authenticate, Challenge, etc. APIs and directly specifying the AuthenticationType for each operation. Just make sure every middleware has a unique AuthenticationType, and that any supporting auth middleware has their SignInAsAuthenticationType set to match the correct cookie middleware.

Example:
CookieMiddleware - AuthenticationType: Cookie1
FacebookMiddleware - AuthenticationType: Facebook1, SignInAsAuthenticationType: Cookie1
CookieMiddleware - AuthenticationType: Cookie2
FacebookMiddleware - AuthenticationType: Facebook2, SignInAsAuthenticationType: Cookie2
Jul 11, 2014 at 10:27 AM
Thanks for your answser.

As you said, it is very tricky.
We have finaly used a custom AuthorizeAttribute to manage our case.