Is there a framework to abstract authentication in ASP.NET MVC?

Question

I want to make a web application where authentication method is completely configurable (it may be openid, it may be windows authentication, it may be anything else).

I would prefer just changing a single setting in web.config to get a different auth solution. The application needs a Principal/Identity with some kind of user name (some other user details can be good, but not required at this point).

Is there any good framework that can help me or should I build my own?

Answer 1

To expand on Ryan's answer: You can create a class which inherits from System.Web.Security.MembershipProvider (located in the System.Web.ApplicationServices library in MVC3). To configure which provider to use you need to provide entries in your Web.config like the following:

<!-- In configuration -> system.web -->
<membership defaultProvider="ServicesMembershipProvider">
  <providers>
    <clear/>
    <add name="ServicesMembershipProvider"
         type="APISite.Infrastructure.Web.Membership.ServicesMembershipProvider"
         enablePasswordRetrieval="false"
         enablePasswordReset="false"
         requiresQuestionAndAnswer="false"
         requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5"
         minRequiredPasswordLength="6"
         minRequiredNonalphanumericCharacters="0"
         passwordAttemptWindow="10"
         applicationName="/"/>
  </providers>
</membership>

You can have multiple providers defined in this section and set the defaultprovider to the one you want to use at the time.

Answer 2

Are you familiar with the built in ASP.NET Membership feature? It can be used with ASP.NET MVC or WebForms. You can plug in other providers as needed. There is an OpenID provider that's available on CodePlex - although I haven't used it.