Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Implementing OpenID in ASP.net "Properly" - Membership or Authentication Provider?

Tags:

authentication

asp.net

openid

asp.net-membership

There are several ways to use OpenID on ASP.net sites, but none of them seem to use the existing mechanism of Membership and Authentication Providers.

I wonder what the proper way would be to create a site that solely relies on OpenID? Continuing to use Forms Authentication but implementing a variant of the SqlMembershipProvider that does the lookup against OpenID?

Or would I go one level deeper and write my own FormsAuthenticationModule? That seems to be a bit too bare-bones, as (to my knowledge) Forms Authentication can looked up against any data source.

Or is there a third way, keeping the FormsAuthenticationModule but making it do the lookup against OpenID?

As this is for an ASP.net MVC application I have no use for the built-in Login WebForms Controls if that makes a difference.

like image 837
Michael Stum Avatar asked May 27 '09 21:05

Michael Stum

2 Answers

The Membership API that ASP.NET defines doesn't fit well at all with OpenID, which is probably why you don't see many systems using it. I haven't seen a need to use the Membership provider with OpenID yet, so it hasn't really become an issue. One project that attempted to make the Membership provider model fit with OpenID is http://code.google.com/p/dotnet-membership-provider/, but it doesn't look like it's been maintained recently.

As womp said, you don't need to redo the FormsAuthenticationModule. It works perfectly well with OpenID.

Check out the project templates that come with DotNetOpenAuth to see how things can work without the membership provider.

like image 200
Andrew Arnott Avatar answered Sep 29 '22 23:09

Andrew Arnott

The OpenID Membership Provider project might be what you are looking for.

And even though you're not using Login controls, it's still recommended to leverage the Membership Provider model for authentication.

It's not usually necessary to go as deep as implementing FormsAuthentication specific functionality, since writing a MembershipProvider is pretty trivial, and I've never found a case where it wasn't flexible enough to handle. Note that often you only need to implement one method (ValidateUser()) of the interface to get a working provider.

like image 38
womp Avatar answered Sep 29 '22 23:09

womp
Sign in to Comment

Related questions

ASP.NET: Check if run from migration
Can "classic" ASP.NET pages and Microsoft MVC coexist in the same web application?
Using Entity Framework as Data Access Layer
Why I need to Stop Using <%= … %> For Rendering and Start Using <%: … %> in Asp.net?
how to set asp:HyperLink href to "mailto:[email protected]" in .net c#
MSBuild/WebDeploy - How to prevent it from deleting a folder and its contents
MembershipUser.IsOnline is true even after logout
How to call a code-behind method from aspx page?
How to check if System.IO.File.Delete deleted a file successfully
How to set different Cache expire times for Client and Server caches
In-Place Compilation using ClientBuildManager.CompileFile
The right use of <identity impersonate="true"/>
Any way to generate a C# HTTPClient wrapper for a WebAPI project? [closed]
ASP.Net vs MVC vs WebAPI and UseTaskFriendlySynchronizationContext
How to customize ASP.NET MVC 5 scaffolding in VS 2015?
How to configure IIS 7 for localhost website?
Automapper, Mapper Not initialized. Call initialize with proper configuration
ASP.NET Core deployed on IIS returns 502 Error for long running requests
Programmatically Adding User Controls Inside An UpdatePanel
Global resources can't be resolved after publishing Website in VS2008

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!