Implementing OpenID in ASP.net “Properly” - Membership or Authentication Provider?

Question

There are several ways to use OpenID on ASP.net sites, but none of them seem to use the existing mechanism of Membership and Authentication Providers.

I wonder what

Answer 1

This is an old question, but I haven't seen the approach I used when searching around for it, so here goes. (It's only tested with Google, since I'm creating the appearance of integration with my company's Google Apps for Business account, rather than full OpenID integration.)

I use DotNetOpenAuth to claim the OpenID, making sure to require the e-mail address.

        request.AddExtension(new ClaimsRequest
        {
            BirthDate = DemandLevel.NoRequest,
            Email = DemandLevel.Require,
            FullName = DemandLevel.Require
        });

Then, when I get back an authenticated response, I look up the username from the e-mail:

            case AuthenticationStatus.Authenticated:
                ClaimsResponse info = response.GetExtension();
                string username = Membership.GetUserNameByEmail(info.Email);
                FormsAuthentication.SetAuthCookie(username, true);
                return Redirect(ReturnUrl ?? "/");

Assuming you also have a Membership and Role provider set up, setting the forms Auth cookie for the appropriate username gives you access to all the other Membership and Roles goodness.