views:

72

answers:

2

I'm attempting to implement OpenID with ASP.NET MVC (Yeah, we haven't heard that one before I'm sure!)

That really isn't the big problem, though. My huge problem is that I am exceedingly confused about how to do this alongside an application that will need to store a lot of information about the logged in users (profiles, histories, etc)

It seems to me that OpenID takes away the site-centric logic and makes it, well, open. This is all well and good if you just make an authentication ticket to be seen as a 'validated' user - but in all seriousness I am completely lost. Is it possible to implement OpenID such that logging in with it will allow users to 'exist' on my own application as if they had gone through normal registration?

I've been reading the NerdDinner 2.0 application code that implements openId, hoping that would answer my question - but alas I find no such clues.

+1  A: 

Just grab the data from OpenID and automatically create a new registration. Or redirect a user with empty profile to a page with profile forms.

HeavyWave
Ok. So then would the best approach be to log this pseudo-user in when they login via their open id?
Stacey
How does that work with passwords and such?
Stacey
That totally depends on your application and how you handle your login process. My bet would be to store openId data somewhere and link everything else your user has to this table. Your normal users would have a different table which would link to the same data. This way you can link one profile to as many login providers as you want.
HeavyWave
You don't need a password if you are logged in with OpenID, that's the whole point. You can of course offer users to create a normal user with a password afterwards.
HeavyWave
A: 

The typical way to do this is just associate the OpenID with the existing user account. I have an association table in my cases as a user can have multiple OpenID's.

So if i have an account and i log with https://openid.org/steven then that gets mapped to an existing account.