Azure App Service Introduction Series -Security with Azure AD: OWIN/Katana Overview

So let’s have a quick word about OWIN/Katana.

OWIN is a standard, which defines an “interface between .NET web servers and web applications”. In other words its purpose is to decouple web servers and applications through an interface. Required cross-cutting functionality is then implemented through components called “middlewares” instead of being coded directly in the application. These middlewares fit together into a processing pipeline which processes incoming HTTP requests before they reach the application, and similarly process HTTP responses on their way back. This pipeline is therefore independent on any specific host, web server, or application framework.

Let’s take the authentication cross-cutting concern for example; by far the most common and repeated concern over applications. Modern authentication talks standard protocols, and most of the times applications only care about a token which they receive from trusted providers (such as Azure AD of course!). Why would then we want to keep the protocol code plumbing as part of our application itself? We can outsource this into a host and application framework independent middleware that is executed in an HTTP pipeline before our application gets the request. This is exactly the idea of OWIN.

Here is the high-level conceptual illustration:


So as you can see, you key task becomes implementing middlewares and plugging them into a pipeline. A middleware is component which implements the following interface:

Func<IDictionary<string, object>, Task>;

As you can see this is a delegate which accepts a dictionary and returns a task. As you have probably guessed, the dictionary is the same one I talked about in the above diagram.

Typically what you will always see is using the AppFunc alias to simply coding:

Using AppFunc = Func<IDictionary<string, object>, Task>;

In summary, this means that each middleware provides an AppFunc delegate for other components to call, and must also receive a reference to the next AppFunc delegate of the next middleware in the pipeline (unless the current middleware short-circuits the pipeline). Here is the skeleton:


So what is Katana?

Katana is Microsoft’s implementation of OWIN. It applies OWIN to implement a set of functionalities for .NET Framework, including:

  • Base middleware classes
  • A framework to initialize the middleware pipeline
  • Various out of the box middlewares for common tasks (such as authentication which we will use in this series)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s