ASP.NET, OpenID and registration confusion

Question

I have managed to get all the authentication parts working, however i am confused about setting up registration.

By registration i mean that if the OpenID is not attached to an existing account, then a new account must be created.

Should i simply have it return to a registration page (with from fields for registration) and redirect to a different page if the user is registered?

Is there a way to set up a clean and simple registration flow without signing the user in first (formsauthentication.redirectfromloginpage) then checking if they are new on every page?

Sorry if this is worded badly, like most other things i ask it is difficult to explain!

Thanks

Answer 1

Ideally, no registration is required at all beyond simply an OpenID. Does your site require to know more than a user identifier to provide any functionality at all?

If your site can offer any services to users (even just informational) without asking for more than their identifier, which OpenID supplies, then don't have a registration page at all. This is by far the best for the users and will lower the barrier of entry to new users to your site. Then, when the user accesses a page that offers something that requires the user to give up more information about themselves, stick them with a registration page at that time.

If you must stick up a registration page for all new users, I suggest you do a check every time someone logs in with their OpenID. If you recognize the OpenID Claimed Identifier upon successful login, you just let them through... otherwise you create a database entry for them and redirect them to the registration form.

You can optimize the experience by using OpenID extensions such as Simple Registration or Attribute Exchange so that the user might get a pre-filled out registration form courtesy of the OpenID Provider, further streamlining the registration process.