Implementing OpenID in ASP.net "Properly" - Membership or Authentication Provider?

Question

There are several ways to use OpenID on ASP.net sites, but none of them seem to use the existing mechanism of Membership and Authentication Providers.

I wonder what the proper way would be to create a site that solely relies on OpenID? Continuing to use Forms Authentication but implementing a variant of the SqlMembershipProvider that does the lookup against OpenID?

Or would I go one level deeper and write my own FormsAuthenticationModule? That seems to be a bit too bare-bones, as (to my knowledge) Forms Authentication can looked up against any data source.

Or is there a third way, keeping the FormsAuthenticationModule but making it do the lookup against OpenID?

As this is for an ASP.net MVC application I have no use for the built-in Login WebForms Controls if that makes a difference.

Answer 1

The ASP.NET MVC sample included with DotNetOpenId uses FormsAuthentication to log the user in after they have been authenticated by OpenID. It does not, as far as I can tell, do any integration with the Membership system.

Answer 2

The OpenID Membership Provider project might be what you are looking for.

And even though you're not using Login controls, it's still recommended to leverage the Membership Provider model for authentication.

It's not usually necessary to go as deep as implementing FormsAuthentication specific functionality, since writing a MembershipProvider is pretty trivial, and I've never found a case where it wasn't flexible enough to handle. Note that often you only need to implement one method (ValidateUser()) of the interface to get a working provider.

Answer 3

The Membership API that ASP.NET defines doesn't fit well at all with OpenID, which is probably why you don't see many systems using it. I haven't seen a need to use the Membership provider with OpenID yet, so it hasn't really become an issue. One project that attempted to make the Membership provider model fit with OpenID is http://code.google.com/p/dotnet-membership-provider/, but it doesn't look like it's been maintained recently.

As womp said, you don't need to redo the FormsAuthenticationModule. It works perfectly well with OpenID.

Check out the project templates that come with DotNetOpenAuth to see how things can work without the membership provider.

Answer 4

if anyone comes across a good c# janrain example - please let me know.

i've got dsn pointing to tumblr, then for the login widget it comes back to a subdomain where i have it's path to a folder under the root.

so then i have an app_code folder in there that i am using this c# helper class - i can get the token back just fine and it's taking me to my members.domain.com so the widget is working - just need to get the user details on the provider they used to get to the members area.

http://groups.google.com/group/rpx-developers/web/c-helper-class?_done=/group/rpx-developers%3F

is the helper class

error

Server Error in '/' Application. Unexpected API error Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Exception: Unexpected API error

Source Error:

Line 22: Line 23: Rpx feedit = new Rpx("apikey", "https://learnbartending.rpxnow.com/"); Line 24: feedit.AuthInfo(justoken); Line 25: XmlElement xmlstuff = feedit.AuthInfo(justoken); Line 26:

Source File: c:\Inetpub\vhosts\learnbartending.com\httpdocs\members\Default.aspx.cs Line: 24

Stack Trace:

Answer 5

this web tool kit just came out too - check it out

http://www.jamessenior.com/post/New-Social-API-Web-Application-Toolkit-for-NET-web-developers.aspx