"Generic" OpenID in ASP.NET MVC 5

Question

I played around with the new authentication features in ASP.NET MVC 5 (I previously used DotNetOpenAuth).

I understand that the built-in Google provider uses OpenID [1] (and it works fine), but I want to use my own OpenID provider when authenticating.

Unfortunately, I was not able to find an easy way to accomplish this with the out-of-the-box features of ASP.NET MVC 5. I looked through the source of Microsoft.Owin.Security.Google and based on this it seems quite possible to add a new OpenID provider.

Is there an easier (maybe already built-in) way to add a new OpenID provider to an ASP.NET MVC 5 application? Or do I have to write one from scratch (a new Owin middleware)?

[1] http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
[2] http://www.symbolsource.org/MyGet/Metadata/aspnetwebstacknightly/Project/Microsoft.Owin.Security.Google/2.0.1-rtw1-20924-641-dev/Release/.NETFramework,Version=v4.5/Microsoft.Owin.Security.Google

Answer 1

I'm in the same situation and I think the answer is "no."

The key class is Microsoft.Owin.Security.Google.GoogleAuthenticationHandler that implements the OWIN backend handler. It's hard coding the call out to https://www.google.com/accounts/o8/ud in its AuthenticateCoreAsync as well as hard coding the Attribute eXchange request in ApplyResponseChallengeAsync. If there was a better way (i.e. an OpenID base class), I'm assuming they surely would have used it instead of hard coding these two spots. I'm assuming Microsoft didn't make it generic due to schedule reasons or perceived lack of demand.

I think an open source generic OpenID OWIN middleware would be a great NuGet package.