“Generic” OpenID in ASP.NET MVC 5

Question

I played around with the new authentication features in ASP.NET MVC 5 (I previously used DotNetOpenAuth).

I understand that the built-in Google provider use

Answer 1

I'm in the same situation and I think the answer is "no."

The key class is Microsoft.Owin.Security.Google.GoogleAuthenticationHandler that implements the OWIN backend handler. It's hard coding the call out to https://www.google.com/accounts/o8/ud in its AuthenticateCoreAsync as well as hard coding the Attribute eXchange request in ApplyResponseChallengeAsync. If there was a better way (i.e. an OpenID base class), I'm assuming they surely would have used it instead of hard coding these two spots. I'm assuming Microsoft didn't make it generic due to schedule reasons or perceived lack of demand.

I think an open source generic OpenID OWIN middleware would be a great NuGet package.