Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Microsoft’s new Web Server, Katana, Hits Version 3

Microsoft’s new Web Server, Katana, Hits Version 3

Katana is Microsoft’s stand-alone implementation of OWIN, the Open Interface for .NET standard. It provides a lightweight alternative to IIS and System.Web when those features are not needed or desirable. With the release of version 3, Kanata is wholly to the asynchronous model offered by .NET 4.5.

Microsoft’s deprecation of .NET 4.0 support in Katana is not surprising. Whilst .NET has had asynchronous support since NET 2.0’s IAsyncResult model, Node.js appears to have gained all the mindshare.  Microsoft may well be hoping to reverse the trend with .NET 4.5's async/await model.

Furthermore, Microsoft is trying to dramatically reduce its maintenance burden by moving developers off older versions .NET by early 2016. Making it clear that new APIs won’t be offered for .NET 4.0 goes a long way to accomplishing that goal.

In terms of new functionality, mostly they concentrated on “enterprise grade authentication and claims based identity”. Vittorio Bertocci of the Katana 3 project mentioned these three protocols specifically:

  • WS-Federation
  • OpenId Connect (id_token and id_token+code, via form_post)
  • OAuth2 bearer token authentication for Web API

Vittorio also wrote,

This release includes fixes for issues related to Twitter and Google API changes. If you have an app using Google authentication and you are updating to Katana 3, please make sure you read this post!

Katana is available via NuGet. According to the Katana website, there are over 20 packages to choose from depending on which features you need. (Contrast this to classic ASP.NET where almost everything was crammed into one massive assembly.)

  • Microsoft.Owin - Provides a set of helper types and abstractions for simplifying the creation of OWIN components.
  • Microsoft.Owin.Diagnostics - Provides middleware components to assist in developing OWIN-based applications.
  • Microsoft.Owin.FileSystems - This package contains file system abstractions and implementations.
  • Microsoft.Owin.Testing - Provides helper classes for unit testing OWIN components.
  • Microsoft.Owin.SelfHost - Includes components needed to host an OWIN-based application in a custom process.
  • Microsoft.Owin.Hosting - Provides default infrastructure types for hosting and running OWIN-based applications.
  • OwinHost - Provides a stand-alone executable (OwinHost.exe) which can be used to host an OWIN-based application.
  • Microsoft.Owin.Cors - This package contains the components to enable Cross-Origin Resource Sharing (CORS) in OWIN middleware.
  • Microsoft.Owin.StaticFiles - This package contains OWIN middleware that handle requests for file system resources including files and directories.
  • Microsoft.Owin.Security - Common types which are shared by the various authentication middleware components.
  • Microsoft.Owin.Security.ActiveDirectory - Middleware that enables an application to use Microsoft's technology for authentication.
  • Microsoft.Owin.Security.Cookies - Middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.
  • Microsoft.Owin.Security.Facebook - Middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.
  • Microsoft.Owin.Security.Google - Contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.
  • Microsoft.Owin.Security.Jwt - Middleware that enables an application to protect and validate JSON Web Tokens.
  • Microsoft.Owin.Security.MicrosoftAccount - Middleware that enables an application to support the Microsoft Account authentication workflow.
  • Microsoft.Owin.Security.OAuth - Middleware that enables an application to support any standard OAuth 2.0 authentication workflow.
  • Microsoft.Owin.Security.OpenIdConnect - Middleware that enables an application to use OpenIdConnect for authentication.
  • Microsoft.Owin.Security.Twitter - Middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.
  • Microsoft.Owin.Security.WsFederation - Middleware that enables an application to use WsFederation for authentication.
  • Microsoft.Owin.Host.HttpListener - OWIN server built on the .NET Framework's HttpListener class. Currently the default server used for self-hosting.
  • Microsoft.Owin.Host.SystemWeb - OWIN server that enables OWIN-based applications to run on IIS using the ASP.NET request pipeline.

Rate this Article