Why does the auth middleware declaration order matter in the Owin startup class?

Question

Why does the auth middleware declaration order matter in the Owin startup class?

I read a few examples ( 1 , 2 , 3 , 4 ) about setting authentication in the owin pipeline when using the web api, and the examples declare authentication middleware as the first middleware in the configuration method, but don't say why it should be the first .

In this matter, the author had webapi middleware attached in front of the authentication middleware, and then authentication did not work correctly. When the author moved it to the beginning of the method, everything works as expected.

Does anyone know why authentication middleware should be added as the first middleware in the Startup Configuration method?

+5

c # asp.net-web-api owin owin-middleware

Marcus höglund Mar 14 '17 at 15:54

source share

1 answer

Stfbln · Accepted Answer · 2017-03-14T15:57:00+0000

OWIN works as a chain of responsibility. The first middleware will be initiated first, the second immediately after, etc.

Having middleware for authentication at the beginning allows you to have user information for the rest of the pipeline.

If you add it in the middle or at the end of the pipeline, you will not be able to access user information before this middleware is called.

Why does the auth middleware declaration order matter in the Owin startup class?

More articles: