We recommend using Cookie Authentication if you are configuring Telligent Enterprise within an environment in which members of the community are already authenticating against an existing application that does not use Microsoft ASP.NET (e.g., PHP, ColdFusion). Your members can then access your Telligent Enterprise site without explicitly creating a registered account and logging in.

If you set a user's username to be his/her public email address, this will make the email address publicly accessible in Telligent Enterprise. As an alternative, you could configure usernames to be a numeric user ID from your current system, or use a hashing function to generate a username from the user's email address and/or user ID. Telligent strongly recommends that you consider carefully before using sensitive information (email addresses, phone numbers, social security numbers, etc.) in username fields.

A test file for Cookie Authentication 3.x/6.x is located in the Telligent Evolution Developer gallery.

To enable Cookie Authentication so that users are automatically logged in when accessing your Telligent Enterprise community so that all registration, login and logout requests are redirected to your other application:

  1. Configure your other application to write the user's username (key is usernameKey) and email address (key is emailAddressKey) into a cookie. Note the name of the cookie (set it to CSUser if you don't want to have to change the settings for Telligent Enterprise).

    Optionally, you can create a key named roles whose value is a comma-delimited list of roles to which the user is added within Telligent Enterprise. If the role does not already exist, it will be created and the list of roles must be absolute, including all the roles to which the user is to belong within Telligent Enterprise. If the user is in a role that you configured through Control Panel but that role is not included in the roles value, then the user is removed from that role.

    If you use an encrypted cookie, you need to add in the key/value for role and assign it to everyone. If you do not, you might receive an error when new users try to register (but meanwhile existing users decrypt successfully). After you incorporate the role key/value and register the user group, the auto-registration should complete successfully.

    Here is an example of associating site roles to new users who are created:

    Basic .net code sample:

         Response.Cookies["CSUser"]["username"] =      "someCookieAuthUser";
         Response.Cookies["CSUser"]["emailAddress"] =  "someuser@blah.com";
         Response.Cookies ["CSUser"]["roles"] =        "Everyone, Registered Users, MyCustomRole"; //Make sure to include Everyone & Registered users roles
  2. Open the Web\communityserver.config file. (If you are in a Web farm environment, you must copy this change to every Web server.)

  3. Change <extensionModules enabled="false"> to <extensionModules enabled="true"> to enable custom authentication.

  4. Decide whether you want Telligent Enterprise to automatically create a registered user account when someone attempts to access the community who has the authentication cookie. If not, set allowAutoUserRegistration to "false". (True is the default.)

  5. Change authenticatedUserCookieName to the name of the cookie that holds the user's username and email address as described in step 1. The default cookie name is CSUser.

  6. If necessary, change the keys for the cookie that indicate the username and email address. Defaults are userName and emailAddress.

  7. We refresh the user accounts in Telligent Enterprise every seven (7) days to refresh profile data. You can reduce this rate as low as once every day using the profileRefreshInterval attribute or increase it to fit the needs of your community (specify the value in days).

  8. If the cookie data has to be decrypted before authentication (note - The encryption module, which is available with the Telligent Enterprise 3.0 package, is required in order for encryption to work.):

    1. Specify useEncryptedCookie="true". (False is the default.)

    2. Specify "Hex" (double-byte hex encoding) or "Base64" as the cookieValueStringFormat. (Base64 is default.)

    3. Specify the encryption format:

      1. ValuesOnly

        /li> (default): values are encrypted, but the keys are not
      2. SingleValue: the entire value of the cookie is a single ciphertext string that must be decrypted before key-value pairs can be read)

      3. KeysAndValues: keys and values are both encrypted, but encrypted separately

    4. In the EncryptionProvider section:

      1. Specify the encryption algorithm used to encrypt the data in the cookie, one of four possible types: Triple-DES/TDES (default), DES, RC2, or Rijndeal (AES).

      2. If you're using Base64 string format:

        1. Specify the secret key in the key field.
        2. Specify the secret initialization vector in the iv field.
  9. Open the Web\SiteUrls.config file. (If you are in a Web farm environment, you must copy this change to every Web server.)

  10. Change the following URL keys to point to the other application's corresponding pages:

    1. login
    2. login_clean
    3. logout
    4. user_register
    5. user_register_clean

Cookie Authentication can set basically any profile field or property on the CS User object for a new user. (Existing users will be refreshed every seven days by default.) For example, to set the timezone, add a key "timezone" with the value (such as "-6" for Central) when you create the cookie.