The OWIN (Open Web Interface for . NET) is a solution to generalize application access to the host. Before it existed to run ASP.NET it required IIS or it would have to modify ASP.NET’s own components to use another one host. OSI was a dependency, and worse, the components that communicate with OSI were heavy.
In the new . NET philosophy of having more open solutions it was necessary to create a standard way of communication between the application and the host, thus allowing the use of other hosts, including the application itself take care of it, and the communication can be made in a more flexible, lightweight, customized to each situation.
OWIN is precisely the specification of how this communication works. Some implementations of this specification are: Katana that allows the self-host of the application, the Helios which allows use with IIS.
Has a answer on its use here on the website.
The Oauth is a standard too, a specification of how applications should authorize. It doesn’t matter if the application is for the web, mobile or desktop, as long as it communicates in the standard way specified and through HTTP protocol.
You may use various authorization providers, provided by you in isolation, or, most commonly, through third parties. So you don’t have to worry about the whole process, just need to know if the user is authorized or not.
In this way, data that needs to be safe stays outside the application and probably in the hands of those who know how to keep it safe and have the trust of the owner of the information. The app only receives what is relevant to it.
An implementation of the standard for . Net is the Dotnetopenauth. With it you just need to learn the API and don’t have to worry about the default itself. There are other implementations. OWIN uses the OWIN Oauth 2.0 Authorization Server for this.
Wikipedia article about it.
I’ll comment because I wouldn’t know how to give a complete answer: In short, these are HTTP authentication methods. These are simply different schemes that HTTP provides for authentication.
– Sid
In some examples, I saw that the two are used simultaneously. Can summarize the answer, need not be a detailed answer.
– rubStackOverflow
Given the comment I decided to answer, I do not know if it will be enough but I think you already know that the question borders to be too broad. Besides being asking about two things, asking how to use without context, without a specific problem, gets complicated.
– Maniero