ASP.NET MVC: Best Way to Enable Different Modes of Authentication?

Question

I'm currently working on an application that will likely be deployed amongst various organizations within my current workplace. I need to develop a testable and properly designed authentication framework so that for each implementation folks can choose to use either Windows Authentication, Forms Authentication, a home-grown Single-SignOn system OR OpenID.

So given ASP.NET MVC (and in particular I'm using the S#arp Architecture framework) how should I go about doing this?

Ideally it would be nice if folks can simply make changes to the web.config file in each case.

Thanks

Answer 1

ASP .NET MVC supports ASP .NET membership provider, making it easier for you to handle Windows/Forms Authentication without any hassle. As long as you specify the required information on the web.config. The default site comes with an example.

For other options of implementation, Kigg has an OpenID implementation which also includes the unit testing code.

I guess that after learning how those work you'll find a way to include your "home-grown Single-SignOn" authentication framework :P

Update:

In order to use the membership provider using your own users table, you must implement a custom provider. The configuration through the web.config will be available anyways, but you'll need to create a class which implements the MembershipProvider abstract class.

Here's a link to a video and some source code explaining how to achieve this.