Optionally provide private feedback to help us improve this article...

Thank you for your feedback!

Single Sign On Between InstantForum and InstantKB

IMPORTANT: Currently this article only applies to InstantForum 2016-1 & InstantKB 2015-2. In addition to enable this you must first download a small update for InstantForum 2016-1 available here. Once downloaded copy the enclosed DLL file into your InstantForum 2016-1 /bin directory overwriting the existing DLL files. Once InstantKB 2016 is released there will be no specific dependency on the version of InstantForum & visa versa.

Although InstantForum & InstantKB are separate products with separate databases both InstantForum and InstantKB contain a feature we call User Replication. User replication lets you easily replicate user accounts and keep user accounts in sync across all InstantForum & InstantKB instances.

In this example we'll show how you can achieve a single sign on experience between InstantForum & InstantKB using our User Replication feature.

1. Installation

Before we can get started with user replication you will first need to install both InstantForum & InstantKB within IIS. We would suggest ensuring that each installation is fully working before following this guide.

We would suggest installing both InstantForum & InstantKB at the same level within IIS to keep things simple. You can see the basic structure for this example within IIS below...

IMPORTANT: For SSO to work we would suggest you run both InstantForum & InstantKB under the same .NET framework version. For example use .NET 4.0 or both sites or .NET 4.5, 4.6 for both sites. Don't use .NET 4.0 for InstantForum and .NET 4.5 for InstantKB. By default both InstantForum & InstantKB currently target .NET 4.5.

Remove Target Framework From InstantForum & InstantKB Web.config Files

To ensure the .NET framework you set within IIS is actually used for your InstantForum & InstantKB application please ensure you open both the InstantForum & InstantKB web.config files and remove the targetFramework as shown below...

<httpRuntime targetFramework="4.5" requestValidationMode="2.0" requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,\,?" maxRequestLength="30720" />

Change To...

<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,\,?" maxRequestLength="30720" />

2. Enable User Replication Within InstantForum

Navigate to your InstantForum installation within your web browser and login as an administrator. Navigate to the InstantForum Admin Control Panel and locate the "Login & Registration" link on the left within the "Settings" panel. On the Login & Registration settings page enable the user replication features as shown below...

Save the login & registration settings once you've enclosed user replication.

3. Set-up your database connection strings for user replication

Next navigate to your InstantForum installation within Windows Explorer so you can view and edit the various InstantForum configuration files.

Open {InstantForum_InstallDir}/Configuration/Apps.config within NotePad or similar text editor.

Copy your InstantKB database connection string into the element highlighted below...

<app appid="1" apptype="InstantForum">InstantForum</app>
<app appid="2" apptype="InstantKB" connstring="{YourFullInstantKBConnectionStringHere}">InstantKB</app>

4. Web.config Changes.

Ensure both the InstantForum & InstantKB web.config files have identical <authentication> elements.

<authentication mode="Forms">
<forms name="InstantASP" requireSSL="false" cookieless="UseCookies" loginUrl="Logon.aspx" protection="All" slidingExpiration="true" path="/" />

Ensure both the InstantForum & InstantKB web.config have identical <machineKey> elements

<machineKey validationKey="B8D0E9258DF589A0B1FE23CA7CEEC2C1CE79749CC0D51587B0110FC7F684DA63B31C94C905375DB9B2C38449BA0D7B988550AC0BF66D095B67DEE51866C26054"
validation="SHA1" />

You can generate your own private keys to use within the <machineKey> element here. These are the keys used to generate the HMAC that is stored within the forms authentication cookie to persist user authentication within InstantForum or InstantKB. We would strongly suggest you generate your own private keys if you choose to hard code these. for SSO purposes.

Ensure both the InstantForum and InstantKB web.config have identical InstantASP_CryptographyMethod application settings as shown below. By default both InstantForum & InstantKB use SHA512.

  <add key="InstantASP_CryptographyMethod" value="SHA512" />    

Again you should include the exact same <authentication> element, <mchineKey> element and InstantASP_CryptographyMethod application setting within both the InstantForum web.config and InstantKB web.config.

5. Redirect InstantKB Login & Registration Requests to InstantForum

Next we'll need to redirect all requests to the InstantKB login & registration pages to the InstantForum login page. This ensures when a user creates an account within InstantKB an account is also created within the InstantKB databases you've defined within the App.config file in Step 3 above.

<script runat="server">

Protected Overrides Sub OnInit(e As EventArgs)

If (IsLogonOrRegister()) Then
Dim returnURL As String = Request("ReturnURL")
Dim url As String = "https://www.yourdomain.com/forum/Logon.aspx"
If Not String.IsNullOrEmpty(returnURL) Then
url += "?ReturnURL=" & Server.UrlEncode(returnURL)
End If
End If


End Sub

Private Function IsLogonOrRegister() As Boolean

If Request.RawUrl.ToString().ToLower().IndexOf("logon.aspx") >= 0 _
OrElse Request.RawUrl.ToString().ToLower().IndexOf("/register") >= 0 _
OrElse Request.RawUrl.ToString().ToLower().IndexOf("/logon") >= 0 _
OrElse Request.RawUrl.ToString().ToLower().IndexOf("register.aspx") >= 0 Then

Return True

End If

Return False

End Function


That's it!

We hope this information helps you achieve a single sign on between InstantForum & InstantKB. Our user replication feature is still in early development and will continue to improve with InstantKB 2016.

If we can assist with any questions don't hesitate to post within our forums, open a ticket or contact us.