It took about 3 hours to make the code changes. The core of this is sharing cookies across domains... www.mysite.com and forums.mysite.com. This requires that the YAF login page is disabled so that users always log into the main site.

Here is the flow...

-----------------

I. Main Site

-----------------

1. User logs into the main site and they are directed to the YAF forum.

2. I check a table in my database to check if the user has a YAF account. I could have checked YAF DB but I know my database so it was easier.

3. No YAF account?

- Insert the user into my table in #2.

- Create a password (the user does not need to know the YAF password)

- Call the yaf.DB create user method.

- Create a cookie that is shared across domains. Place the user id and password in the cookie (encrypted).

4. YAF Account Exists?

- Create the cookie as discussed above. I do this in a base class inherited by the master page in the site.

----------------

II. YAF

----------------

1. User clicks on the forum link on the main web site.

2. User now on the YAF forum

3. In the YAF BaseControl.cs get the cookie value.

4. Decrypt the user id and password (I have a DLL I wrote for this).

5. Log the user into YAF using the yaf.DB.user_login method.

6. That is it... integration completed.

Couple of side notes....

1. You could use the same password for all users in YAF. This is the case since they log into the main site and they never know the YAF password. If you take down the YAF login page there should be no security risk.

2. In the main site I check if(IsAuthenticated) and if the cookie is null, I go ahead and create the cookie again. This should not happen, but...

3. In YAF as a measure of comfort I check if the user (is NOT IsAuthenticated) and the cookie exists, I then log them back into YAF.

I have tested this with 4 accounts and it works like a charm.

Regards,

Patrick

SURFThru 

I just installed the version I am using now before the recent one was posted to source fordge. I did some cutomizing and do not want to switch now, maybe one day...

I just integrated it with the aspnet membership database. I believe the only thing that matters is the fact that the Profile provider is a bit different. However, you can have the asp.net profile provider SqlProfileProvider inherit from the YafProfileProvider and boom, everything just works 😉 Didn't take to long at all.

Your solution is still cool as it shows another method of integration, there are quite a few methods. assuming a single domain or subdomain, just changing the web.config to use the sqlmembership providers is the quickest and easist IMO.

could u please tell the steps in code how u did it because i was struggling from 2 weeks inorder to integrate yaf into blogengine

pls help me out from this problem

thanks

Here is a document to guide you through integrated setup. Let us know how it goes.

Thanks

Richard

There is a forum link at the top of my site which takes to the YAF forum. I want that user should be automatically logged in to the YAF forum when he come to the forum. I got the idea from the 1st post of this topic, but don't know where to start. How can I integrate with my custom user table with YAF users and how can I manage the seamless authentication in this case ?

Thanks

dc

If you have developed your user-, role things as Membership provider / role provider you should be able to use it in yaf with only touching the web.config, editing the yaf provider to your ones. If not ... Afaik you will have to create one. Not a problem for experienced developers. Those provides access to user accounts / user verification, ... the asp.net way, like yaf, dnn, asp.net itself and many other asp.net2 sites (=based upon framework 2.0 or higher) does.

Do you use the membership classes, or a completely own written user/role thing?

First of thanks for your time. No, I am not using asp.net membership/roles. I am using custom authentication/user/role logic and code. The application is already up and running and I can't change the user authentication in the existing application now.

And I have already setup YAF forum as a sub-directory under my existing application. So I have got all DLLs under Bin folder and code under APP_Code folder. So, I need to refer YAF dlls in the existing application. When user log-ins, somehow I have to make him login to YAF database also. I don't need registration or login in YAF. All users who are authenticated using existing application should have access to YAF forum also and all users should have the same level of access or role in which they can post and read (no admin access).

If you can guide me which classes in YAF and what needs to be done to achieve the above, it would be great.

Thanks again

dchadha

You will need 3 classes for the membership features yaf uses. This should inherit (vb word, don't know in c#) from the membership classes from asp.net. Example:

public class MyMembershipProvider : MembershipProvider
{
    // ...
}
public class MyRoleProvider : RoleProvider
{
    // ....
}
public class MyProfileProvider : ProfileProvider
{
    // ...
}

Base classes are located in System.Web.Security and System.Web.Profiles.

I want to achieve the follwing:

Members should regiter on a custom registration page and not from the forum,

registered members will be automatically authenticated on accessing the forum.

I also want to remove the registration link (and maybe page) from the forum.

Kindly advise on the way forward or with a link to a document.

Can you tell me anything about how to encrypt?

I users inserted into the db automaticly and a cookie is created.

But I think I have to encrypt this cookie the same way YAF does to make it work.

But I can't figgure out how yaf encrypt the cookies it creates.

The only thing I firuged ou is, yaf is using the asp login control and I am using my own. So I think I have to rewrite my control and write a working login cookie.

Can you help me with this?