I read some examples(1,2,3,4) about setting up authentication in the owin pipeline when using web api and the examples declare the authentication middleware as the first middleware in the Configuration method but doesn't tell why it needs to be first.
In this question the auther had the webapi middleware attached before the authentication middleware and then the authentication didn't work correctly. When the auther moved it to the top of the method then everything work as expected..
Does anyone know why the authentication middleware needs to be added as the first middleware in the Startup Configuration method?
OWIN works as a Chain Of Responsibility. The first middleware will be triggered first, the second right after and so forth.
Having the authentication middleware at the beginning allows you to have the User information for the rest of the pipeline.
If you would add it in the middle or at the end of the pipeline, you could not access the user information before this middleware is called.
来源:https://stackoverflow.com/questions/42790706/why-does-the-order-of-auth-middleware-declaration-matter-in-owin-startup-class