I am working with a self-hosted OWIN application and am trying to figure out how to require authentication/authorization for all requests (or arbitrary requests).
Some of the individual components in the pipeline have their own Authorization facilities (ex. WebAPI, SignalR, Nancy) but that seems somewhat redundant when I want to restrict everything. Additionally, some middle-ware does not have authorization support (ex. Microsoft.Owin.StaticFiles).
If my OWIN Startup looks something like this:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.RequireSsl();
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//...
app.UseGoogleAuthentication();
// ** Need to add something that restricts access **
app.UseDirectoryBrowser();
}
}
How do I require the user have authenticated (redirecting if necessary) before serving the directory browser? (The directory browser could arbitrarily be other OWIN components.)