Authentication OWIN/WebAPI windows service

[kcjailbirds]

Dan,

I ran across your post on OWIN/WebAPI windows service example and learned a lot from it. I want to thank you for a well written post. I was able to follow and create my own windows service hosted in OWIN. However, I am now trying to add some basic authentication to the API. Have you done this? DO you have any sample code you can share with me or you can add to your article? I have seen some stuff out there on authentication with OWIN but nothing with on WebAPI windows service that is hosted by OWIN.
Thank you

[danesparza]

Unfortunately, the short answer is no, I haven't done anything with Authorization / Authentication with webAPI or with the sample.

It's a great question, though.

I wonder: Do the attributes that work normally with webapi work with the OWIN hosted sample? For example: Have you tried following the steps outlined in this article about WebAPI authorization and seeing if they also work in the OWIN self-hosted example: http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api

Also: What kind of authorization do you need? Are you authorizing using Active Directory, or OAuth, or something else?

[kcjailbirds]

I am looking for basic authentication. Passing in a password by the calling application. I have tried to follow the article above. Sounds like the best way is to use HTTP Message Handlers since this is not being hosted in IIS. Unfortunately I can not figure out how to do that with OWIN hosting. Does the password get imbedded into the URL of the API calls as a parameter and what stage do we check that? I assume it has to be checked before the controller action is called.