We would like to secure sites hosted on IIS that may / or may not be written with ASP.NET. Additionally, these sites may not be applications we have complete control over (OSS project).
An OpenID Connect HttpModule client that can be added to any IIS hosted application via web.config and offer crude authentication. Crude authentication means setting a few basic rules in app settings: endpoints and claims. This would work with an ASP.NET application, NodeJs application, etc. Anything that can be hosted on IIS.
We have a simple site that has a single web interface with minimal routes and should only be accessible to what we deem as Administrators. The application could be made OSS, but we are forced to keep it private because we layered our authentication dependency into the application.
I'm currently also thinking about developing a OIDC HTTP module, have you made any progress yet and have you experienced any issues?