· Chris Hammond
Last Updated

DNN w/ CS::Forums

Learn how to integrate DNN and CommunityServer::Forums for user authentication in this instructional guide. Please note the known issues and risks involved.

Learn how to integrate DNN and CommunityServer::Forums for user authentication in this instructional guide. Please note the known issues and risks involved.

All of the information below is provided at your own risk. Chris Hammond cannot be held responsible for any thing you break or ruin while trying to follow these steps. The information below is provided strictly for instructional purposes and should probably not be used in a production environment due to the Known Issues listed in the article below.

You can see the following changes in production at https://www.oakleyforums.com/

This is the process to get DNN and CommunityServer :: Forums running off of the same cookie, for user authentication purposes. It does not integrate the forums as a DNN Module. It is just a temporary solution, and should hopefully be replaced by a better solution once CommunityServer 1.0 and DotNetNuke V2.2 are released using the .Net 2.0 user provider model, sometime later this fall.

This process is pretty specific, it will require a rebuild of the CS::Forums with the code changes below. The changes will only affect the components.dll file, so if you rebuild on a development server and deploy to a production server you should only need to deploy the components.dll file into the BIN directory of the Forums application Web folder. I could be talked into providing this new components.dll file for download if there is interest.

Requirements to get this to function.

  1. DNN 2.1.2https://www.dotnetnuke.com
  2. CS::Forums 2.0
  3. Don’t allow users to sign in through DNN’s login page, make them signin to the forums login page.
  4. Have public registration turned on on your DNN site, meaning that users don’t have to get a verification email to sign in to the site. This is required because of requirement #3.
  5. Don’t allow users to edit their DNN profile.
  6. Turn off the forum setting that allows users to change their username (off by default).

Here is the flow of how things should work. When a user visits your site for the first time, they should click on a link to visit the forums, To register with the site click on the register link which will point to the DNN registration. Once they are registered with the site they will be sent back to the forums page (logged in as a DNN user), the forums will then check to see if they are authenticated, if so the forums app will check to see if their DNN user information is already in the forums user table, and add them if they are not. They will then be required to login to the forums using their DNN/Forums username and password. If they were to browse back to the home page of the site, the DNN app, they should still be authenticated.

Known Issues

  1. If the user were to clear their cookie for the site and come back to the site again, they would have to login through the forums login page. This would authenticate them with the forums, and even with DotNetNuke, but it would not add their DNN roles to their cookie, so even though they would be authenticated with DNN they would not have the proper roles associated to them, so any pages of your site that required a user to be in a specific DNN role would not function properly.

  2. Another problem occurs if the user were to follow this flow.

Register with DNN Login to the forums with the new user. Logout of the forums, and log in to the forums again with a different DNN user. Their DNN cookie would still have the DNN role associated with it from the first user that was logged in, which could either be more, or less, access than they are supposed to have to the DNN site.
3. If a user changes their password with the forums it will not be changed with DNN, this has not been tested yet but is very likely to cause problems down the road.

Here are the steps to geting DNN CS::Forums functioning.

Setup CS::Forums Run the installation application, point the installation to the same DB that you either will be using for DNN, or already are using for DNN.

Setup DNN Setup DotNetNuke as prescribed by the DNN documentation.

Setup IIS Setup DNN as the root of your web site, https://www.oakleyforums.com/ for example. Setup /forums as a virtual directory pointing to your /web/ folder in the forums installation directory.

Setup Web.config files for each application. To get the cookie to work between the two applications you need to have the following information in your web.config file. The NAME attribute in the authentication mode must be the same in both applications.

name=”.DNNForums”

You also need to add the following line to each web.configThat line overrides a setting in the machine.config file that prevents applications from sharing cookies.

CS::FORUMS changes

SiteUrls.config in the root of the web folder line 90: name=“user_Register“ (note the ^ instead of an &, the ^ will get replace when the URL is built) Make the user_Register attribute’s path
/Default.aspx?tabid=1^ctl=Register

File: Resources.XML in web/languest/en-us/ (This makes the “Home“ link in the forum navigation say “Forum Home“ so that users know where they will be sent when clicking on that link.)

Find: resources name = “Utility_ForumAnchorType_MenuHome”>Home Replace with
resources name = “Utility_ForumAnchorType_MenuHome”>Forum Home

File: forumsHttpModule.cs in Components/HttpModule/ find around Line 235:

  // Find the user and get the Windows roles this user belongs to and asssign the proper permissions 
  // in the forum database if appropriate 
  // 
  User foundUser = Users.FindUserByUsername( userName ); 
  if( foundUser.UserID == 0 ) { 
   if( AspNetForums.Configuration.ForumConfiguration.GetConfig().AllowAutoUserRegistration) { 
    foundUser.Username = userName; 
    foundUser.Password = String.Empty; 
    foundUser.Salt  = String.Empty; 
   
    Users.Create( foundUser, false ); 

    if( usingWindowsAuth ) { 
     if( principle.IsInRole( AspNetForums.Configuration.ForumConfiguration.GetConfig().AdminWindowsGroup )  
     || ( 
       ((WindowsPrincipal)principle).IsInRole( System.Security.Principal.WindowsBuiltInRole.Administrator ) 
      && AspNetForums.Configuration.ForumConfiguration.GetConfig().AssignLocalAdminsAdminRole 
      )) { 
      Roles.AddUserToRole( foundUser.UserID, 1 ); 
     } 
    } 

    // TDD would also need some way here to allow the same functionality as AllowLocalAdminsAdminRole for Passport 
    // authenticated users. I'm not sure what Passport returns with the authentication but we need some way to allow 
    // a user to get promoted to admin if they are using a special passport account. It may be that we only allow the 
    // first user to a site that is setup as passport authentication to be granted admin role automatically. 
   } 
   else { 
    throw new ForumException(ForumExceptionType.UserInvalidCredentials, userName); 
   } 
  }

Replace with

  // Find the user and get the Windows roles this user belongs to and asssign the proper permissions 
  // in the forum database if appropriate 
  // 
  User foundUser = Users.FindUserByUsername( userName ); 
  if( foundUser.UserID == 0 )  
  { 
    
   //the following looks for a DNN user, get's the user's information and populates foundUser with that information so a forum user can be created. 
   int dnnUserExists = -1; 
   //get DNN user 
   if (Convert.ToInt32(userName) >= 0) 
   { 
    try 
    { 
     //change this if you are installing the forums for another portalId besides 0 
     int portalId = 0; 

     //get forums configuration info to get the connection string 
     ForumConfiguration forumsConfig = ForumConfiguration.GetConfig(); 
     Provider sqlForumsProvider = (Provider) forumsConfig.Providers[forumsConfig.DefaultProvider]; 
     // Read the connection string for this provider 
     // 
     string connectionString; 
     connectionString = sqlForumsProvider.Attributes["connectionString"]; 
       
     using( System.Data.SqlClient.SqlConnection myConnection = new System.Data.SqlClient.SqlConnection(connectionString) )  
     { 
      //build SQL command 
      System.Data.SqlClient.SqlCommand myCommand = new System.Data.SqlClient.SqlCommand("dbo.GetUser", myConnection); 
      System.Data.SqlClient.SqlDataReader reader; 
      // Mark the Command as a SPROC 
        
      myCommand.CommandType = System.Data.CommandType.StoredProcedure; 
      // Add Parameters to SPROC 
      //PortalId 
      //UserId can be found in the userName variable that was set earlier by the forums code. DNN uses  
       //context.User.Identity.Name as the UserID while the forums uses is as the actual username, thus causing the main problem 
      myCommand.Parameters.Add("@PortalID", System.Data.SqlDbType.Int).Value = portalId; 
      myCommand.Parameters.Add("@UserId", System.Data.SqlDbType.Int).Value =  Convert.ToInt32(userName); 
      // Execute the command 
      myConnection.Open(); 
      reader = myCommand.ExecuteReader(); 
      while (reader.Read()) 
      { 
       //go through the datareader and get the user's DNN information. 
       foundUser.Username = (string)reader["UserName"]; 
       foundUser.Password = (string)reader["Password"]; 
       foundUser.Salt  = String.Empty; 
       foundUser.Email = (string)reader["Email"]; 
       //check if user already exists... 
       User foundUser2 = Users.FindUserByUsername( foundUser.Username ); 
       if (foundUser2.UserID != 0) 
       { 
        dnnUserExists = 1; 
       } 
      } 
      reader.Close(); 
      myConnection.Close(); 
     } 
    } 
    catch (Exception ex) 
    { 
     //user not found or some other error 
    } 
   } 

   //check if autoregister is on and dnnUserExists or not 
   if( AspNetForums.Configuration.ForumConfiguration.GetConfig().AllowAutoUserRegistration && dnnUserExists == -1)  
   { 
    Users.Create( foundUser, false ); 
    if( usingWindowsAuth )  
    { 
     if( principle.IsInRole( AspNetForums.Configuration.ForumConfiguration.GetConfig().AdminWindowsGroup )  
      || ( 
      ((WindowsPrincipal)principle).IsInRole( System.Security.Principal.WindowsBuiltInRole.Administrator ) 
      && AspNetForums.Configuration.ForumConfiguration.GetConfig().AssignLocalAdminsAdminRole 
      ))  
     { 
      Roles.AddUserToRole( foundUser.UserID, 1 ); 
     } 
    } 

    // TDD would also need some way here to allow the same functionality as AllowLocalAdminsAdminRole for Passport 
    // authenticated users. I'm not sure what Passport returns with the authentication but we need some way to allow 
    // a user to get promoted to admin if they are using a special passport account. It may be that we only allow the 
    // first user to a site that is setup as passport authentication to be granted admin role automatically. 
   } 
   else  
   { 
    throw new ForumException(ForumExceptionType.UserInvalidCredentials, userName); 
   } 
  }

After making the above change you will need to recompile the components project of the CS::Forums solution.

DNN Changes You should create a skin for DNN that does NOT include the [USER] and [LOGIN] skinObjects. Create a new tab on DNN called Login, install the magicRedirect module available from https://www.magicmodules.com/ and have it redirect to your forums login page. Create a new tab on DNN called Forums, and have the magidRedirect module redirect to https://www.yoursite.com/forums/

Please let me know what you think of this. I will be honest, it is not a pretty solution, and hopefully not a permanent solution. If you upgrade to a new release of the Forums codebase you will lose the changes you made in this process. Knowing this, when DNN 2.2 and CS 1.0 are released, assuming the integration for the Forums and DNN users work out of the box, installing the upgraded versions of both DNN and CS 1.0 should wipe the above changes away, hopefully without any extra work, but not knowing how the final integration will work on the two projects you make all of the above changes with your own risk!

Share:
Back to Blog

Related Posts

View All Posts »