The Forms Authentication extension for Community Server is designed to facilitate the use of Community Server within a pre-existing site that already has its own authentication interface. You would use the Forms Authentication extension if you were trying to create a single sign-on system between Community Server and another ASP.NET application. With the Forms Authentication extension, users are authenticated in the pre-existing site but can access Community Server without the need to create an account, register, or login again.
This add-on and others can be purchased here.
Steps for installing the Forms Authentication extension
1. Copy the Telligent.CommunityServer.SecurityModules.dll and Telligent.CommunityServer.EncryptionModule.dll into the \bin directory of your Community Server installation.
For example, if Community Server is installed at "c:\Community Server" you would copy the dlls to "c:\CommunityServer\Web\bin\":
2. Configure how Community Server should manage users previously authenticated. There are several options for configuration, however the default options should be sufficient for most uses. The various options can be found below. With the Forms Authentication extension, users will automatically be registered by default. To change this option, open the communityserver.config file found in the \Web directory of the Community Server installation. Locate the <extensionModules> section and find the "FormsAuthentication" entry. There, you will find the configuration settings with the default values already entered.
3. Open the web.config file found in the \Web directory of the Community Server installation. Verify the <authentication> section as follows (setting mode= "Forms" for Forms Authentication):
4. To enable Community Server to automatically register users, it is necessary that Community Server is able to get the user's email address. To do this, you must configure your existing application to write the user's email address to a cookie when they are authenticated. The name of the cookie should be the same as the "userEmailAddressCookie" option from Step 2. The email address cookie can also be encrypted for tighter security. To see an example of how Forms authentication works, with both encrypted and unencrypted cookies, please see the formsauthtest.aspx file in the security modules download.
5. To direct login, logout, and registration requests to the appropriate pages in the parent application, open \Web\SiteUrls.config, and in the <urls> section, add the navigateUrl attribute for each of the urls that needs to be redirected to your parent application. The most important are the login, login_clean, logout, user_Register, and user_Register_clean keys. When you're done, they should look something like this:
<url name="user_Register_clean" location="user" path="CreateUser.aspx" navigateUrl="http://yourapp/YourUserRegistrationPage.aspx" />
If your authentication application exists in a different IIS application than Community Server (for example, if your login page is at www.yourdomain.com/login.aspx, and Community Server is at www.yourdomain.com/CS) then you'll need to perform one additional step to allow the Community Server application to read the authentication ticket generated by your existing application. First, you need to manually generate validation and decryption keys. (See Microsoft KB article #312906 entitled "How to create keys by using Visual C# .NET for use in Forms authentication" for more information.)
Next, make sure that machineKey elements exist in the web.config files for both your existing application and Community Server, and that they are identical. They should look something like this:
<system.web>
<machineKey validationKey="Your_Generated_Validation_Key_Goes_Here"
decryptionKey="Your_Generated_Decryption_Key_Goes_Here"
validation="SHA1" />
<!-- Other system.web elements -->
</system.web>
Next, make sure that all of the attributes of the <forms> element in the authentication section of the web.config files for both applications are identical.
Finally, you may have to restart IIS for your changes to take effect.
Forms Authentication extension configuration options
All configurable options can be set in the communityserver.config file found in the \Web directory of your installation.
allowAutoUserRegistration - This option controls whether the forums will support auto registration of users in the system.
Default: true.
userProfileCookie - Identifies the name of the cookie that should the users profile settings. This cookie is a key/value pair with the key matching any property on the User object within Community Server or the Profile object within ASP.NET Membership system. The primary key that is required for operation is the "Email" entry which must contain the user's email address. This email address must be unique.
Default: CSUserProfile
useEncryptedCookie - This option controls whether or not the cookie storing the user's profile attributes is encrypted or not. It is necessary to know whether it is encrypted or not when reading it to register a user. For an example of how encrypted cookies work, see the formsauthtest.aspx file.
Default: false