Authentication within InstantForum.NET is managed using standard ASP.NET role-based forms authentication. This makes it very easy for developers to integration InstantForum.NET into existing ASP.NET forms authentication web sites to provide a seemless single sign-on experience to end users.
InstantForum.NET stores core user credentials (username, email, and password) within the InstantASP_Users database table.
The InstantASP_Roles table holds the available user-roles (known as member groups within the forum). The InstantASP_UsersRoles htable olds a one-to-many relationship for one user and many roles, InstantForum_Users holds extended profile information for a user specific to InstantForum.NET.
The InstantASP_Users table is separate from the InstantForum_Users table as the InstantASP_Users table will be used in the future to provide shared authentication across all InstantASP applications. A complete database schema diagram can be found here.
When a user attempts to login, the InstantASP_Users table is checked using the InstantASP.Common.Authentication.Authentication.UserExists methods. If a user identity is returned from this method we create an instance of a forum user object and call the authenticate method on this user object. The authenticate method on the user object generates the encrypted ASP.NET forms authentication ticket within a client side cookie.
Further requests are then validated for the duration of the session from the AuthenticateRequest method within the InstantASP.Common.HttpModule.SecurityModule module. If the user chooses to persist the forms authentication cookie they will be automatically authenticated on each visit by the code within the InstantASP.Common.HttpModule.SecurityModule.AuthenticateRequest method.
Public Sub LoginButtonClick()
' check username / email & password exists, if found return UserID
Dim intUserID As Int32 = InstantASP.Common.Authentication.Authentication.UserExists( _
txtEmailAddress.Text, txtPassword.Text, InstantASP.Common.Enumerations.EnumLoginUsing.EmailAddress)
' did we find a user?
If intUserID > 0 Then
' create user & call Authenticate to create forms authentication ticket
Dim User As New InstantASP.InstantForum.Components.User(intUserID)
User.Authenticate(ckbRememberMe.Checked)
Response.Redirect("~/")
Else
' the username or email address may already exist
' please prompt the user to provide a unique email address and username
End If
End Sub
When a user registers within the forum their details are added to the InstantASP_Users, InstantASP_UsersRoles & InstantForum_Users tables using the InstantASP.InstantForum.Business.User.InsertUpdateUser method. The InsertUpdateUser method accepts a InstantASP.InstantForum.Components.User or InstantASP.Common.Components.User object as the argument. If the UserID property of the User object is not set the InsertUpdateUser method will add a new user. If you provide a valid UserID from the InstantASP_Users table for the User objects UserID property the InsertUpdateUser method will update the user account for the supplied UserID.
Once the details are added successfully you can automatically authenticated users by creating the required ASP.NET forms authentication ticket using the code below...
Public Sub RegisterButtonClick()
' build new user object
Dim User As New InstantASP.InstantForum.Components.User
User.EmailAddress = txtEmailAddress.Text
User.Password = txtPassword.Text
User.Username = txtUsername.Text
User.PrimaryRoleID = InstantASP.Common.Application.Settings.Instance().DefaultUserRoleID
User.Culture = ""
User.TimeZoneOffset = 0
User.ObserveDaylightSavingTime = True
' add the user data to InstantForum_Users & InstantASP_Common tables
Dim intUserID As Int32 = InstantASP.InstantForum.Business.User.InsertUpdateUser(User)
' was the insert successful?
If intUserID > 0 Then
' create an instance o the forum user
User = New InstantASP.InstantForum.Components.User(intUserID)
' create the forms authentication ticket
USer.Authenticate(False)
Response.Redirect("~/")
Else
' the username or email address may already exist
' please prompt the user to provide a unique email address and username
End If
End Sub
You can review the registration code used by the forum within the InstantASP.InstantForum.UI.Controls.Register code-behind class.