Forms Authentication is made available through the public API.
Telligent Community can be configured to let users sign in with either sign-in name or email address.
We recommend using Forms Authentication if you are configuring Telligent Community in an environment where members of the community are already authenticating against an existing application that uses Microsoft ASP.NET. Your members can then access your Telligent Community without explicitly creating a registered account and logging in.
If your current system uses email addresses as usernames, using Forms SSO will make users' email addresses publicly accessible in Telligent Community. If this is the case, you should instead use Cookie Authentication, configuring the usernames to be the user IDs from your current system. Telligent strongly recommends that you consider carefully before using sensitive information (email addresses, phone numbers, social security numbers, etc.) in username fields.
To familiarize yourself with Forms Authentication, you can read about it in the Microsoft MSDN library.
Telligent Community supports only cookie-based Forms Authentication, not cookieless authentication.
To enable Forms Authentication so that users are automatically logged in when accessing your community and so that all registration, login and logout requests are redirected to your other application.
- Configure how Telligent Community should manage users who previously authenticated. While there are options, the default values should be sufficient for most uses.
By default in Forms Authentication, users will automatically be registered (through a single sign-on). To change this, open communityserver.config in the \Web directory.
- Locate the <extensionModules> section and find the FormsAuthentication entry. The configuration settings with default values are already entered, as shown below.
<!-- <add name="FormsAuthentication" extensionType="Security" type="Telligent.Evolution.SecurityModules.FormsAuthentication, Telligent.Evolution.SecurityModules" allowAutoUserRegistration="true" userProfileCookie="CSUserProfile" useEncryptedCookie="false" profileRefreshInterval="7" />
Set <extensionModules enabled="false"> to "true".
- Open the web.config file found in the \Web directory of the Telligent Community installation.
- Verify the <authentication> section reads as follows, setting mode="forms" for Forms Authentication.
<authentication mode="Forms"> <forms name=".Telligent.Evolution" protection="All" timeout="10080" loginUrl="login.aspx" slidingExpiration="false" /> </authentication>
- To enable Telligent Community to automatically register users, it is necessary for it to access the users' email addresses. To allow this, you must configure your existing application to write a user's email address to a cookie when he/she is authenticated.
The name of the cookie should be the same as the "userEmailAddressCookie" option (CSUserProfile) from step 3. The email address can also be encrypted for tighter security.
- If your authentication application exists in a different IIS application from Community Server (for example, if your login page is at www.yourdomain.com/login.aspx, and Telligent Community is at www.yourdomain.com/TC), you'll need to perform additional steps to allow Telligent Community to read the authentication ticket generated by your existing application.
- Manually generate validation and decryption keys. (See Microsoft KB article #312906, "How to create keys by using Visual C# .NET for use in Forms Authentication.")
- Ensure that the machineKey elements exist in the web.config files for both your existing application and Telligent Community, and ensure that they are identical. They should resemble this block:
<machineKey validationKey="Your_Generated_Validation_Key_Goes_Here" decryptionKey="Your_Generated_Decryption_Key_Goes_Here"
<!-- Other system.web elements -->
- Make sure that all of the attributes of the <forms> element in the authentication section of the web.config files for both applications are identical.
- You might have to restart IIS for your changes to take effect. (But this is not necessarily the case.)
All configurable options can be set in the communityserver.config file found in the \Web directory of your installation.
- allowAutoUserRegistration - Controls whether the forums will support auto-registration of users in the system. Default: true.
- userProfileCookie - Identifies the name of the cookie that should contain the user's profile settings. This cookie is a key/value pair with the key matching any property on the User object within Telligent Community or the Profile object within ASP.NET Membership system. The primary key that is required for operation is the "Email" entry, which must contain the user's email address. This email address must be unique. Default: CSUserProfile.
- useEncryptedCookie - This option controls whether or not the cookie storing the user's profile attributes is encrypted. It is necessary to know whether it is encrypted or not when reading it register a user. Default: false.