Do you know how to migrate OWIN to ASP.NET Core?

OWIN is the Open Web Interface for .NET, which was intended to provide a standard interface between .NET web servers and web applications for ASP.NET. It provided the ability to chain middleware together to form pipelines and to register modules.

The Katana libraries provided a flexible set of popular components for OWIN-based web applications. These components were supplied through packages prefixed with Microsoft.Owin.

Middleware and module registering functionality are now core features of ASP.NET Core. Microsoft provides adapters to and from the OWIN interface for ASP.NET that can be used to gradually migrate custom OWIN components. By contrast, ASP.NET Core has native ports for Katana components.

Using adapters for incremental migration

If you need to move gradually, ASP.NET Core can interoperate with OWIN using the Microsoft.AspNetCore.Owin adapters. This lets you run OWIN middleware inside the ASP.NET Core pipeline while you migrate pieces over.

Important tradeoffs:

• Adapters have a performance cost and should be treated as a temporary measure.
• Group OWIN components together (multiple UseOwin calls are discouraged).

See: Running OWIN middleware in the ASP.NET Core pipeline

CORS functionality

CORS functionality was enabled in OWIN with the UseCors(...) extension method. In ASP.NET Core, CORS is built-in (via Microsoft.AspNetCore.Cors) and is typically configured with AddCors(...) and applied with UseCors(...).

public void Configuration(Owin.IAppBuilder app) {
    // ... other logic ...
    app.UseCors(getCorsOption());
    // ... other logic ...
}

private static CorsOptions BuildCorsOptions() {
    var corsPolicy = new CorsPolicy
    {
        AllowAnyMethod = true,
        AllowAnyHeader = true,
        SupportsCredentials = true
    };
    corsPolicy.Origins.Add("https://staging.northwind.com");
    return new CorsOptions
    {
        PolicyProvider = new CorsPolicyProvider
        {
            PolicyResolver = context => Task.FromResult(corsPolicy)
        }
    };
}

❌ Figure: Basic OWIN CORS example.

const string stagingCorsPolicyName = "StagingOnly";
var builder = WebApplication.CreateBuilder(args);

builder.Services.AddCors(options =>
{
  options.AddPolicy(stagingCorsPolicyName, corsPolicyBuilder =>
    corsPolicyBuilder.WithOrigins("https://staging.northwind.com")
             .AllowAnyMethod()
             .AllowAnyHeader()
             .AllowCredentials());
});

var app = builder.Build();

app.UseCors(stagingCorsPolicyName);

app.Run();

✅ Figure: Basic OWIN CORS example ported to ASP.NET Core.

Third-Party Authentication

A common use for OWIN was to provide access to third-party authentication sources. AspNet.Security.OAuth.Providers is a collection of security middleware that works natively in ASP.NET Core to support authentication sources such as GitHub and Azure DevOps. See the full list of providers, and the details of the migration differ from one provider to another.