I am implementing OIDC/OAuth authentication & authorization in a classic ASP.net MVC application using OWIN. For API calls that are not supported by Microsoft's OIDC middleware, it appears that I have some choices.
There may be other choices too. Among the above, it appears that IdentityModel by Dominick and Brock is the most mature, advanced and complete.
Given that I am using classic ASP.net MVC with OWIN, should I favor one method over the other or will I need to use a combination of the above? Where would I use one over the other? What would be some pros and cons?
I know there are some older posts comparing System.IdentityModel with Microsoft.IdentityModel, but I more interested in what's best in 2020. :-)
Mark
IDENTITY MODEL
For C# the IdentityModel HttpClient extension methods provide a nice facade over OAuth messages, as in this example class of mine.
SYSTEM.IDENTITYMODEL
This has some classes you can use in a Server Side web app, eg for claims / principals.
MICROSOFT.IDENTITYMODEL
This mostly contains old / redundant WS-Federation stuff and is best ignored.
OWIN
This does cookie handling for server side web apps in addition to handling OAuth / OIDC messages. IdentityModel is more token based than cookie based.
SINGLE PAGE APPS
My personal preference these days is to develop Single Page Apps. In this setup I would use IdentityModel libraries if building C# APIs.
SUMMARY
I would definitely use the IdentityModel Client library for the extra requests you refer to.I don't think it will do cookie issuing though, so maybe continue to use OWIN Openid Connect for that.