I've integrated OpenID with my current project according to similar system as Peter's:
although I'm not using the Altairis Simple providers or Peter's derivatives. As in Peter's example, I have a system that once a user logs in
with his/her OpenID the user is a) redirected to fill out his profile (new user) or b) redirected to requested / current page. I register users using the default Membership & Role providers with OpenID as the user's username. I don't show the OpenID in
public, instead when user fill outs profile (mandatory) he/she can choose a public nickname. The profile fill out process takes into account if the user has filled out information on his OpenID profile. For example, let's say the user has filled out his nickname,
birthdate and country on his OpenID account and is willing to share them. I request them as optional info and fill the profile fields automagically on my site using the users OpenID information. Smoother user experience. :-)
Troy, you mentioned here
http://www.codeplex.com/MvcMembership/WorkItem/View.aspx?WorkItemId=503 the default profile provider as being pretty bad and I fully agree (storing profile stuff in a blob, brrrr). I'm using the default Membership and Role providers as well as the SQL table
http://weblogs.asp.net/scottgu/archive/2006/01/10/435038.aspx. The latter works well as a replacement for the default provider.
Troy's questions and my thoughts (not answers! I hope others chime in too):
1) What if the user gets to the profile population screen and navigates away? Would the user then see the profile population screen for every request until they've filled it out?
This is what I have implemented on my current project ("Please fill out your profile or logout to continue." along those lines) although the question written to words got me thinking whether this approach is too enforcing. Users usually don't like
to be forced (I don't :-)) but sometimes they need to be nudged forward. A good point to ponder upon.
2) Would the user's account be registered with the system prior to successfully submitting the form?
In my implementation I don't register authenticated OpenID users with ASP.NET Membership (& Role) systems if they don't fill out the profile. Again, this is just how I initially decided to handle it. Kind of like I don't want stragglers around (just to
say that I have so and so many registered users) but full commitment from users. :-)