YAFLogo

SURFThru
  • SURFThru
  • 63.8% (Friendly)
  • YAF Forumling Topic Starter
15 years ago
I have an existing site with many users. I wanted to integrate YAF with my main site but the issue is creating accounts with the correct passwords for each user (the passwords are encrypted so I do not know what they are). Plus I did not want to have YAF as a sub folder of my main site as the integration document recommended.

It took about 3 hours to make the code changes. The core of this is sharing cookies across domains... www.mysite.com and forums.mysite.com. This requires that the YAF login page is disabled so that users always log into the main site.

Here is the flow...

-----------------

I. Main Site

-----------------

1. User logs into the main site and they are directed to the YAF forum.

2. I check a table in my database to check if the user has a YAF account. I could have checked YAF DB but I know my database so it was easier.

3. No YAF account?

- Insert the user into my table in #2.

- Create a password (the user does not need to know the YAF password)

- Call the yaf.DB create user method.

- Create a cookie that is shared across domains. Place the user id and password in the cookie (encrypted).

4. YAF Account Exists?

- Create the cookie as discussed above. I do this in a base class inherited by the master page in the site.

----------------

II. YAF

----------------

1. User clicks on the forum link on the main web site.

2. User now on the YAF forum

3. In the YAF BaseControl.cs get the cookie value.

4. Decrypt the user id and password (I have a DLL I wrote for this).

5. Log the user into YAF using the yaf.DB.user_login method.

6. That is it... integration completed.

Couple of side notes....

1. You could use the same password for all users in YAF. This is the case since they log into the main site and they never know the YAF password. If you take down the YAF login page there should be no security risk.

2. In the main site I check if(IsAuthenticated) and if the cookie is null, I go ahead and create the cookie again. This should not happen, but...

3. In YAF as a measure of comfort I check if the user (is NOT IsAuthenticated) and the cookie exists, I then log them back into YAF.

I have tested this with 4 accounts and it works like a charm.

Regards,

Patrick

SURFThru 

Sponsor
rmcbride@rama.com
15 years ago
Brilliant! Well done.

rmcbride@rama.com
15 years ago
Perhaps my only question is why you didn't just make YAF use your database as the default provider. My only assumption there is that your database may not be asp membership compliant so you needed this custom approach.
SURFThru
  • SURFThru
  • 63.8% (Friendly)
  • YAF Forumling Topic Starter
15 years ago
I did use MSFT wizard to create the membership in my database. Looking at the YAF database it does not carry the same tables as the MSFT tool that generated the membership DB. The YAF login seems to be custom forms auth. Maybe the latest version of YAF uses the MSFT standard set of tables and procs?

I just installed the version I am using now before the recent one was posted to source fordge. I did some cutomizing and do not want to switch now, maybe one day...

bbqchickenrobot
15 years ago

I did use MSFT wizard to create the membership in my database. Looking at the YAF database it does not carry the same tables as the MSFT tool that generated the membership DB. The YAF login seems to be custom forms auth. Maybe the latest version of YAF uses the MSFT standard set of tables and procs?

I just installed the version I am using now before the recent one was posted to source fordge. I did some cutomizing and do not want to switch now, maybe one day...

SURFThru wrote:

I just integrated it with the aspnet membership database. I believe the only thing that matters is the fact that the Profile provider is a bit different. However, you can have the asp.net profile provider SqlProfileProvider inherit from the YafProfileProvider and boom, everything just works 😉 Didn't take to long at all.

Your solution is still cool as it shows another method of integration, there are quite a few methods. assuming a single domain or subdomain, just changing the web.config to use the sqlmembership providers is the quickest and easist IMO.

jpbhat
  • jpbhat
  • 51.2% (Neutral)
  • YAF Forumling
15 years ago
Hi its nice i want the same

could u please tell the steps in code how u did it because i was struggling from 2 weeks inorder to integrate yaf into blogengine

pls help me out from this problem

thanks

rmcbride@rama.com
15 years ago
Hi jpbhat

Here is a document to guide you through integrated setup. Let us know how it goes.

Thanks

Richard

dchadha
  • dchadha
  • 54.2% (Neutral)
  • YAF Forumling
15 years ago
I am new to YAF. This is my first installation. I have an existing site which requires authentication. I am using my own custom user tables and authentication. I am able to succesfully install YAF 1.9.3 (latest one) under a directory called forum. Everything is running fine.

There is a forum link at the top of my site which takes to the YAF forum. I want that user should be automatically logged in to the YAF forum when he come to the forum. I got the idea from the 1st post of this topic, but don't know where to start. How can I integrate with my custom user table with YAF users and how can I manage the seamless authentication in this case ?

Thanks

dc

TommyB
  • TommyB
  • 100% (Exalted)
  • YAF Commander
15 years ago
@dchadha

If you have developed your user-, role things as Membership provider / role provider you should be able to use it in yaf with only touching the web.config, editing the yaf provider to your ones. If not ... Afaik you will have to create one. Not a problem for experienced developers. Those provides access to user accounts / user verification, ... the asp.net way, like yaf, dnn, asp.net itself and many other asp.net2 sites (=based upon framework 2.0 or higher) does.

Do you use the membership classes, or a completely own written user/role thing?


- Sry for my english ;)

BattCursor.Net  - Official homepage of that tool for vista laptops!

dchadha
  • dchadha
  • 54.2% (Neutral)
  • YAF Forumling
15 years ago
Hi TommyB,

First of thanks for your time. No, I am not using asp.net membership/roles. I am using custom authentication/user/role logic and code. The application is already up and running and I can't change the user authentication in the existing application now.

And I have already setup YAF forum as a sub-directory under my existing application. So I have got all DLLs under Bin folder and code under APP_Code folder. So, I need to refer YAF dlls in the existing application. When user log-ins, somehow I have to make him login to YAF database also. I don't need registration or login in YAF. All users who are authenticated using existing application should have access to YAF forum also and all users should have the same level of access or role in which they can post and read (no admin access).

If you can guide me which classes in YAF and what needs to be done to achieve the above, it would be great.

Thanks again

dchadha

@dchadha

If you have developed your user-, role things as Membership provider / role provider you should be able to use it in yaf with only touching the web.config, editing the yaf provider to your ones. If not ... Afaik you will have to create one. Not a problem for experienced developers. Those provides access to user accounts / user verification, ... the asp.net way, like yaf, dnn, asp.net itself and many other asp.net2 sites (=based upon framework 2.0 or higher) does.

Do you use the membership classes, or a completely own written user/role thing?

TommyB wrote:

TommyB
  • TommyB
  • 100% (Exalted)
  • YAF Commander
15 years ago
No membership is sad, you have to go the hard way.

You will need 3 classes for the membership features yaf uses. This should inherit (vb word, don't know in c#) from the membership classes from asp.net. Example:

public class MyMembershipProvider : MembershipProvider
{
    // ...
}
public class MyRoleProvider : RoleProvider
{
    // ....
}
public class MyProfileProvider : ProfileProvider
{
    // ...
}
After you have done this you need to add your classes to the web.config (you should compile it, then you can use yaf's web.config as an example). I don't know if there is more to do, but this is the start :)

Base classes are located in System.Web.Security and System.Web.Profiles.


- Sry for my english ;)

BattCursor.Net  - Official homepage of that tool for vista laptops!

dchadha
  • dchadha
  • 54.2% (Neutral)
  • YAF Forumling
15 years ago
Thanks for the guidance. I will try to start working in this direction. Will update here about the progress.

No membership is sad, you have to go the hard way.

You will need 3 classes for the membership features yaf uses. This should inherit (vb word, don't know in c#) from the membership classes from asp.net. Example:

public class MyMembershipProvider : MembershipProvider
{
    // ...
}
public class MyRoleProvider : RoleProvider
{
    // ....
}
public class MyProfileProvider : ProfileProvider
{
    // ...
}
After you have done this you need to add your classes to the web.config (you should compile it, then you can use yaf's web.config as an example). I don't know if there is more to do, but this is the start :)

Base classes are located in System.Web.Security and System.Web.Profiles.

TommyB wrote:

nysot
  • nysot
  • 50.6% (Neutral)
  • YAF Forumling
15 years ago
Nice post. however, I am planning to integrate Yaf into my site, using ASP.net membership. It is a new website.

I want to achieve the follwing:

Members should regiter on a custom registration page and not from the forum,

registered members will be automatically authenticated on accessing the forum.

I also want to remove the registration link (and maybe page) from the forum.

Kindly advise on the way forward or with a link to a document.

pbwbart
  • pbwbart
  • 56.6% (Neutral)
  • YAF Forumling
14 years ago

Create a cookie that is shared across domains. Place the user id and password in the cookie (encrypted).

Can you tell me anything about how to encrypt?

I users inserted into the db automaticly and a cookie is created.

But I think I have to encrypt this cookie the same way YAF does to make it work.

But I can't figgure out how yaf encrypt the cookies it creates.

The only thing I firuged ou is, yaf is using the asp login control and I am using my own. So I think I have to rewrite my control and write a working login cookie.

Can you help me with this?

jshepler
14 years ago
Yaf relies on asp.net to do the authentication. Look into the System.Web.Security.FormsAuthentication class, specifically the SetAuthCookie static method.


not jsheLPer