Skip to content

Migrating from Katana (OWIN) 3.x to 4.x

Jump to bottom
Maria Furman edited this page Aug 28, 2018 · 3 revisions

Reason for change

Asp.Net Core uses IdentityModel 5.x for runtime support. IdentityModel 4.x uses System.IdentityModel.dll for Crypto, Token, and Key support. It was not possible or desirable to port System.IdentityModel.dll to .Net Core, so IdentityModel 5.x was developed from the ground up to provide targets for .Net Core and .Net Desktop applications.

This left developers in a bad spot. We updated Katana 4.x to take a dependency on IdentityModel 5.x and are committed to maintaining back-compat moving forward.

Dependency details

Katana 3.x uses IdentityModel 4.x for runtime suppport (some open source, some not).

  1. Microsoft.IdentityModel.Protocol.Extensions - open source
  2. System.IdentityModel - .NetDesktop
  3. System.IdentityModel.Tokens.Jwt - open source

Katana 4.x uses IdentityModel 5.x for runtime support (all open source)

  1. Microsoft.IdentityModel.Logging
  2. Microsoft.IdentityModel.Protocols
  3. Microsoft.IdentityModel.Protocols.OpenIdConnect
  4. Microsoft.IdentityModel.Protocols.WsFederation
  5. Microsoft.IdentityModel.Tokens
  6. Microsoft.IdentityModel.Tokens.Saml
  7. Microsoft.IdentityModel.Xml
  8. System.IdentityModel.Tokens.Jwt

Users coding to Katana API's should see no changes, however ...

When upgrading to Katana 4.0, it is important to remove all references to IdentityModel 4.x in your project file (listed below):

  1. System.IdentityModel.Tokens.Jwt
  2. Microsoft.IdentityModel.Protocol.Extensions

Katana 4.x doesn't support .Net 45 target.

  1. You must upgrade your project to a minimum .Net 4.5.1

Adding a dependency on any IdentityModel 5.x assembly in a Katana 3.x project

  1. Users have had breaking experiences when simply upgrading System.IdentityModel.Tokens.Jwt from 4.x to 5.x.

If you are coding to IdentityModel or derived classes

  1. Conceptually we now use SecurityKey instead of SecurityToken for crypto operations. This will break users that are adding keys for validation. Just return SecurityKey.
  2. Types have moved into different namespaces. For example TokenValidationParameters is now in Microsoft.IdentityModel.Tokens rather than System.IdentityModel.Tokens.Jwt. There are several such changes.
  3. Each assembly now has a numerical space set aside for it's id's. So some exceptions id's (IDxxxx numbers) have changed. This allows us to return unique id's for all errors.
  4. Microsoft.IdentityModel.Tokens types are used for SecurityToken , SecurityKey and CryptoOperations. There is quite a bit of conceptional difference between the old and new. Previous versions of IdentityModel viewed a SecurityKey as having intelligence and could return an algorithm. We now think of SecurityKey as just data that is used by a CryptoOperator (such as SignatureProvider) to perform operations.

Overview

Conceptual Documentation
Common Exceptions
Frequently Asked Questions
Known Issues and Workarounds
IdentityModel 7x
Clone this wiki locally