Implementing OpenID in “Properly” – Membership or Authentication Provider

There are several ways to use OpenID on sites, but none of them seem to use the existing mechanism of Membership and Authentication Providers.

I wonder what the proper way would be to create a site that solely relies on OpenID? Continuing to use Forms Authentication but implementing a variant of the SqlMembershipProvider that does the lookup against OpenID?

Or would I go one level deeper and write my own FormsAuthenticationModule? That seems to be a bit too bare-bones, as (to my knowledge) Forms Authentication can looked up against any data source.

Or is there a third way, keeping the FormsAuthenticationModule but making it do the lookup against OpenID?

As this is for an MVC application I have no use for the built-in Login WebForms Controls if that makes a difference.

Best Answer

The Membership API that ASP.NET defines doesn't fit well at all with OpenID, which is probably why you don't see many systems using it. I haven't seen a need to use the Membership provider with OpenID yet, so it hasn't really become an issue. One project that attempted to make the Membership provider model fit with OpenID is, but it doesn't look like it's been maintained recently.

As womp said, you don't need to redo the FormsAuthenticationModule. It works perfectly well with OpenID.

Check out the project templates that come with DotNetOpenAuth to see how things can work without the membership provider.