Forms Authentication

We recommend using Forms Authentication if you are configuring Telligent Enterprise in an environment where members of the community are already authenticating against an existing application that uses Microsoft ASP.NET. Your members can then access your Telligent Enterprise community without explicitly creating a registered account and logging in.

If your current system uses email addresses as usernames, using forms SSO will make users' email addresses publicly accessible in Telligent Enterprise. If this is the case, you should instead use Cookie Authentication, configuring the usernames to be the user IDs from your current system. Telligent strongly recommends that you consider carefully before using sensitive information (email addresses, phone numbers, social security numbers, etc.) in username fields.

To familiarize yourself with forms authentication, you can read about it in the Microsoft MSDN library.

Telligent Enterprise supports only cookie-based forms authentication, not cookieless authentication.

There is a Forms Authentication test file located here.

To enable Forms Authentication so that users are automatically logged in when accessing your community and so that all registration, login and logout requests are redirected to your other application:

Install the Forms Authentication extension

1. Configure how Telligent Enterprise should manage users who previously authenticated. While there are options, the default values should be sufficient for most uses.
   
   By default in Forms Authentication, users will automatically be registered (through a single sign-on). To change this, open communityserver.config in the \Web directory.
2. Locate the <extensionModules> section and find the FormsAuthentication entry. The configuration settings with default values are already entered, as shown below.
   
   

3. Set <extensionModules enabled="false"> to "true".

4. Open the web.config file found in the \Web directory of the Telligent Enterprise installation.
5. Verify the <authentication> section reads as follows, setting mode="forms" for forms authentication.
   
   
6. To enable Telligent Enterprise to automatically register users, it is necessary for Telligent Enterprise to access the users' email addresses. To do this, you must configure your existing application to write a user's email address to a cookie when he/she is authenticated.
   
   The name of the cookie should be the same as the "userEmailAddressCookie" option from step 3. The email address can also be encrypted for tighter security. To see an example of how forms authentication works - with both encrypted and unencrypted cookies - see the formsauthtest.aspx file.
7. To direct login, logout, and registration requests to the appropriate pages in the parent application, open \Web\SiteUrls.config. In the <urls> section, add the navigateUrl attribute for each of the URLs that need to be redirected to your parent application. The most important keys include:
   
   
   • login
   • login_clean
   • logout
   • user_Register
   • user_Register-clean
   After you're done changing the attributes, they should resemble this:
   

   <url name="user_Register_clean" location="user" path="CreateUser.aspx" navigateUrl="http://yourapp/YourUserRegistrationPage.aspx" />

8. If your authentication application exists in a different IIS application from Telligent Enterprise (for example, if your login page is at www.yourdomain.com/login.aspx, and Telligent Enterprise is at www.yourdomain.com/TE), you'll need to perform additional steps to allow Telligent Enterprise to read the authentication ticket generated by your existing application. 
   1. Manually generate validation and decryption keys. (See Microsoft KB article #312906, "How to create keys by using Visual C# .NET for use in forms authentication.")
   2. Ensure that the machineKey elements exist in the web.config files for both your existing application and Telligent Enterprise, and ensure that they are identical. They should resemble this:

      <system.web>
           <machineKey validationKey="Your_Generated_Validation_Key_Goes_Here" decryptionKey="Your_Generated_Decryption_Key_Goes_Here"
      validation="SHA1" />
           <!-- Other system.web elements -->
      </system.web>
      

   3. Make sure that all of the attributes of the <forms> element in the authentication section of the web.config files for both applications are identical.
   4. You  might have to restart IIS for your changes to take effect. (But this is not necessarily the case.)

Forms Authentication extension configuration options

All configurable options can be set in the communityserver.config file found in the \Web directory of your installation.

• allowAutoUserRegistration - Controls whether the forums will support auto-registration of users in the system. Default: true.
• userProfileCookie - Identifies the name of the cookie that should contain the user's profile settings. This cookie is a key/value pair with the key matching any property on the User object within Telligent Enterprise or the Profile object within ASP.NET Membership system. The primary key that is required for operation is the "Email" entry, which must contain the user's email address. This email address must be unique. Default: CSUserProfile
• useEncryptedCookie - This option controls whether or not the cookie storing the user's profile attributes is encrypted. It is necessary to know whether it is encrypted or not when reading it register a user. For an example of how encrypted cookies work, see the formsauthtest.aspx file. Default: false.