3

Closed

Toggle force profile population with OpenID authentication

description

I'll refer to myself from this work item http://www.codeplex.com/MvcMembership/WorkItem/View.aspx?WorkItemId=544:

I've integrated OpenID with my current project according to similar system as Peter's: http://www.eggheadcafe.com/tutorials/aspnet/4b3c7c9b-fe80-4e6e-a34e-0e9efed5c575/integrate-openid-authenti.aspx although I'm not using the Altairis Simple providers or Peter's derivatives. As in Peter's example, I have a system that once a user logs in with his/her OpenID the user is a) redirected to fill out his profile (new user) or b) redirected to requested / current page. I register users using the default Membership & Role providers with OpenID as the user's username. I don't show the OpenID in public, instead when user fill outs profile (mandatory) he/she can choose a public nickname. The profile fill out process takes into account if the user has filled out information on his OpenID profile. For example, let's say the user has filled out his nickname, birthdate and country on his OpenID account and is willing to share them. I request them as optional info and fill the profile fields automagically on my site using the users OpenID information. Smoother user experience. :-)
 

Troy, you mentioned here http://www.codeplex.com/MvcMembership/WorkItem/View.aspx?WorkItemId=503 the default profile provider as being pretty bad and I fully agree (storing profile stuff in a blob, brrrr). I'm using the default Membership and Role providers as well as the SQL table profile provider http://weblogs.asp.net/scottgu/archive/2006/01/10/435038.aspx. The latter works well as a replacement for the default provider.

Troy's questions and my thoughts (not answers! I hope others chime in too):
1) What if the user gets to the profile population screen and navigates away? Would the user then see the profile population screen for every request until they've filled it out?
This is what I have implemented on my current project ("Please fill out your profile or logout to continue." along those lines) although the question written to words got me thinking whether this approach is too enforcing. Users usually don't like to be forced (I don't :-)) but sometimes they need to be nudged forward. A good point to ponder upon.
2) Would the user's account be registered with the system prior to successfully submitting the form?
In my implementation I don't register authenticated OpenID users with ASP.NET Membership (& Role) systems if they don't fill out the profile. Again, this is just how I initially decided to handle it. Kind of like I don't want stragglers around (just to say that I have so and so many registered users) but full commitment from users. :-)
Closed Nov 2, 2012 at 2:17 PM by TroyGoode
closing this ticket as I'm no longer using CodePlex

comments

TroyGoode wrote Apr 18, 2008 at 12:37 AM

How about... the user accounts are added to the system, but not marked as active until the profile has been filled out? You could occasionally clean out the deactivated accounts if you were worried about the stragglers and having them in the system makes it a bit easier.

Also how about having the profile prompt only show up on login?

SamuliLintunen wrote Apr 18, 2008 at 1:09 AM

Good ideas! I like it, registering users but not activating them (until profile is submitted). Not sure about the profile prompt though. I think there could be options for it. The aforementioned force (nothing shown unless filled out) and then some less intrusive, reminder after login (shown all the time but not restricting access or shown once after login like you suggested).

TroyGoode wrote Apr 19, 2008 at 12:38 AM

I am scheduling this feature for the next, next release as it looks like it needs more discussion and will not be a straightforward addition. I'll come back to it after I've wrapped up the changes for 1.2.

TroyGoode wrote Jun 8, 2008 at 12:09 AM

Moving this out to 2.5 as I won't have much time to work on this for a week or two.

TroyGoode wrote Aug 7, 2009 at 3:45 PM

Unfortunately OpenID authentication was removed from the latest release. I am planning to include it in the next release, but this particular feature likely won't make it in.