Social Authentication for .NET – A Library Comparison

What social authentication solutions are available for .NET developers? What are their features? These are questions I was looking to get answered. I've provided my findings in this article, which focuses primarily on active solutions, that have compatibility with ASP.NET MVC. I've listed four solutions: a direct DotNetOpenAuth implementation example (several exist), SimpleSocialAuth, SocialAuth.NET, and a third-party, API-based solution called Janrain Engage.

DotNetOpenAuth + OpenID-Selector

DotNetOpenAuth can be used to build custom authentication solutions from the ground up. This is a general implementation of the DotNetOpenAuth library which uses a simple JavaScript OpenID selector. Haitham Khedre provides a full tutorial on how to accomplish establishing social authentication with OpenId using the jQuery OpenID selector in MVC3 and has published the full source codeNote that other tutorials exist for using DotNetOpenAuth directly, so Google around to find one more akin to your liking.

Pros

  • Simple - Very simple implementation and the tutorial is fairly straight-forward.  Could be a good starting point for building your own.

Cons

  • Support - Only OpenId is supported, and the code itself looks to be unmaintained.  Likely will take some tweaking to actually using a in a production environment.

SimpleSocialAuth.MVC3

SimpleSocialAuth is a new solution, and it utilizes the DotNetOpenAuth library. It aims to fill the void of a simple, lightweight social authentication NuGet package for MVC. From the NuGet page: "Super simple and easy to install package that allows web sites creators to seamlessly add OAuth support to their ASP.NET MVC 3 sites. Supporting Twitter, Google and Facebook."  Integration with ASP.NET Membership is beyond the scope of the library, and is left to the developer to implement.

Pros

  • Lightweight - You can easily get Authentication up and running for Facebook, Twitter or Google within minutes by adding in this NuGet package.* Extensible - Seems like a good starting point to build a custom solution off of.

Cons

  • Authentication Only - To do anything beyond authentication you'll need to utilize other 3rd party libraries to communicate with the APIs (eg. Facebook SDK, Twitterizer, etc.), however this isn't much of a con as it is by design and keeps it lightweight.

SocialAuth.NET

SocialAuth-NET is an extensible .NET Library for authentication/authorization through Google, Yahoo, Facebook and other providers supporting OAuth. It provides social authentication, profile data, social sharing (consume REST API feeds of supported providers), and more. It is a port from the Java-based SocialAuth library.  They have only recently added support for MVC with the 2.x release of the library, and ASP.NET Membership integration is not currently supported.

Pros

  • Features - It goes beyond authentication to offer social sharing, contact import and other features by communicating directly with the APIs to offer a bundled solution.* Coverage - It supports Facebook, Twitter, Google, Yahoo!, LinkedIn, MySpace and Hotmail / MSN out of the box, plus new providers are easily creatable.

Cons

  • Support - There are a number of reported issues with no timeline in sight.  You won't get the same support level as you would with a paid solution. * Membership - They have not provided support for ASP.NET Membership, and the issue remains open, as well as a general issue with supporting both traditional logins and social logins simultaneously.

Janrain Engage

Janrain provides a third party solution for handling Social Login, Social Sharing, Social Analytics and more with their Janrain Engage product. Troy Goode has provided a NuGet package called EngageNet that adds a wrapper library for the Janrain Engage service on ASP.NET MVC sites, though it was last updated a year ago. Janrain also provides a very basic wrapper (C#), but it definitely isn't complete either. Other than that I struggled to find much in the way of .NET libraries for Janrain Engage. From what I remember (used it about 18 months ago), I had to write my own implementation for Pro/Enterprise features of the API like Account Mapping.

Pros

  • Managed - A totally hands off approach. You setup to work with one API system and they handle the rest.* Coverage - Pretty much covers any authentication provider you would need, plus more.* Features - It goes beyond authentication to offer social sharing, contact import and other features by communicating directly with the APIs.* Support - You can expect more support than you would get with an open-source solution.

Cons

  • Third-party - You and your data are dependent on an intermediary party. If their solution is down, so is your login. And the lower levels of the service aren't completely white-label so people could see you are using a third-party service, which they might not appreciate when considering their authentication details.* User Caps & Cost - It gets costly for full features, with price caps at 10K / 25K users and beyond. Up to 10K users you are paying a $1000 / mo, which equates to a minimum of .10 per user or more. If you are planning to have a large user community, it could become very costly.* .NET Support - There isn't much of a .NET community utilizing Janrain Engage, at least not those that are sharing their code publicly.  You'll have to dig and ask around for coding help using Pro/Enterprise plans.

Conclusion

I should mention that the OAuth.net website provides a list of extensions / libraries itself, but, with the exception of DotNetOpenAuth, the others for .NET are old fairly old and seem unmaintained.  This was one reason for putting this article together.

I've tried Janrain Engage myself, and after the initial implementation it does make things easier, even though I had to write my own integration code. While they offer the most robust out-of-box solution at this point in time, in the end I really disliked having to rely on a third-party solution and eventually dropped it.

I think the SocialAuth solution is positioned very well, and if BrickRed would put more focus, resources and priority on the library, I think they'd have a solution developers would embrace, and likely pay for.

In the end I still struggle to determine what is the best method of authentication and interacting with social websites using .NET, specifically within MVC. Should I use a full-blown solution like Janrain Engage or SocialAuth.NET, or use barebones Authentication provider in conjunction with the Facebook/Twitter libraries directly? 

For now I'll likely stick with a lightweight solution like SimpleSocialAuth.MVC3, and use the most stable SDKs directly.