Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


How InstantForum Authentication Works

Authentication within InstantForum is managed using standard ASP.NET role-based forms authentication. This makes it very easy for developers to integration InstantForum into existing ASP.NET forms authentication web sites to provide a seemless single sign-on experience to end users.

Key InstantForum User Database Tables

InstantForum stores core user credentials (username, email, and password) within the InstantASP_Users database table.

The InstantASP_Roles table holds the available user-roles (known as member groups within the forum). The InstantASP_UsersRoles htable olds a one-to-many relationship for one user and many roles, InstantForum_Users holds extended profile information for a user specific to InstantForum.

The InstantASP_Users table is separate from the InstantForum_Users table as the InstantASP_Users table will be used in the future to provide shared authentication across all InstantASP applications. A complete database schema diagram can be found here.

How Forum Login Works

When a user attempts to login, the InstantASP_Users table is checked using the InstantASP.Common.Authentication.Authentication.UserExists methods. If a user identity is returned from this method we create an instance of a forum user object and call the authenticate method on this user object. The authenticate method on the user object generates the encrypted ASP.NET forms authentication ticket within a client side cookie.

Further requests are then validated for the duration of the session from the AuthenticateRequest method within the InstantASP.Common.HttpModule.SecurityModule module. If the user chooses to persist the forms authentication cookie they will be automatically authenticated on each visit by the code within the InstantASP.Common.HttpModule.SecurityModule.AuthenticateRequest method.

How Forum Registration Works

When a user registers within the forum their details are added to the InstantASP_Users, InstantASP_UsersRoles & InstantForum_Users tables using the InstantASP.InstantForum.Business.User.InsertUpdateUser method. The InsertUpdateUser method accepts a InstantASP.InstantForum.Components.User object as the argument. If the UserID property of the User object is not set the InsertUpdateUser method will add a new user. If you provide a valid UserID from the InstantASP_Users table for the User objects UserID property the InsertUpdateUser method will update the user account for the supplied UserID.

Once the details are added successfully you can automatically authenticated users by creating the required ASP.NET forms authentication ticket sing the code below...

public void RegisterButtonClick()
{
// build new user object
InstantASP.InstantForum.Components.User user = new InstantASP.InstantForum.Components.User();
user.EmailAddress = txtEmailAddress.Text;
user.Password = txtPassword.Text;
user.Username = txtUsername.Text;
user.PrimaryRoleID = InstantASP.Common.Application.Settings.Instance().DefaultUserRoleID;
user.TimeZoneOffset = 0;
user.ObserveDaylightSavingTime = true;

// add the user data to InstantForum_Users & InstantASP_Common tables
int intUserID = InstantASP.InstantForum.Business.User.InsertUpdateUser(user);

// was the insert successful?
if (intUserID > 0) {
// create an instance o the forum user
user = new InstantASP.InstantForum.Components.User(intUserID);
// create the forms authentication ticket
user.Authenticate(false);

Response.Redirect("~/");

} else {
// the username or email address may already exist
// please prompt the user to provide a unique email address and username

}

}

You can review the registration code used by the forum within the InstantASP.InstantForum.UI.Controls.Register code-behind class.