Here is a link to important forum posts that explains how to integrate a YAF forum with an existing site that has asp.net membership.
First begin by reading zee's post here:
http://forum.yetanotherforum.net/default.aspx?g=posts&t=3500In summary zee explains how you can create your own login page instead of relying on YAF's login page. but this is just one part of the solution
Next read the post from dsmaage which is Post #% on
Application IntegrationIn summary you need to make changes at 3 places.
1 - The login control of your existing site
Look in the pages/login.ascx ForumLogin_Click() method as an example on how to log in for your version
Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn
Dim Password As String = FormsAuthentication.HashPasswordForStoringInConfigFile(Login1.Password, "md5")
Dim YafUserID As Object = yaf.DB.user_login(1, Login1.UserName, Password)
If YafUserID Is DBNull.Value Then
Dim AdminPage As New yaf.AdminPage
YafUserID = yaf.DB.user_register(AdminPage, 1, Login1.UserName, Login1.Password, _
Membership.GetUser(Login1.UserName).Email, "", "", "-300", False)
End If
Dim idName As String = String.Format("{0};{1};{2}", YafUserID, 1, Login1.UserName)
Session.Add("YAFUserId", idName)
End Sub
End Class
C# version: 1.9.8
protected void OnLoggedIn(object sender, EventArgs e)
{
System.Web.UI.WebControls.Login loginControl = (System.Web.UI.WebControls.Login)sender;
String password = FormsAuthentication.HashPasswordForStoringInConfigFile(loginControl.Password, "md5");
Object userID = yaf.DB.user_login(1, loginControl.UserName, password);
if (userID == DBNull.Value)
{
yaf.AdminPage adminPage = new yaf.AdminPage();
userID = yaf.DB.user_register(adminPage, 1, loginControl.UserName,
loginControl.Password, Membership.GetUser(loginControl.UserName).Email, "", "", "-300", false);
}
string idName = string.Format("{0};{1};{2}", userID, 1, loginControl.UserName);
FormsAuthentication.SetAuthCookie(idName, loginControl.RememberMeSet );
}
2 - The login control in YAF
I suggest hiding the login button so that you only have to deal with one login page, i even changed yaf's source code to remove this link
3 - The FormsUser method of IForumUser.cs file in YAF
<nowiki>
public FormsUser()
{
string userName = HttpContext.Current.User.Identity.Name;
string userData = (string)HttpContext.Current.Session["YAFUserId"];
try
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (userData != "")
{
string[] parts = userData.Split(';');
if (parts.Length == 3)
{
m_userID = int.Parse(parts[0]);
m_boardID = int.Parse(parts[1]);
m_userName = userName;
m_isAuthenticated = true;
return;
}
}
else
{
string[] parts = userName.Split(';');
if (parts.Length == 3)
{
m_userID = int.Parse(parts[0]);
m_boardID = int.Parse(parts[1]);
m_userName = parts[2];
m_isAuthenticated = true;
return;
}
}
}
}
catch(Exception)
{
}
m_userName = "";
m_userID = 0;
m_boardID = 0;
m_isAuthenticated = false;
}
</nowiki>
4 - ChangePassword control.
If you have a change password control you need to make sure that when your user changes the password you update the corresponding user name record in YAF. here is how i do it
Protected Sub ChangePassword1_ChangingPassword(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.LoginCancelEventArgs) Handles ChangePassword1.ChangingPassword
Try
Dim List As Data.DataTable = yaf.DB.user_find([boardid], 1, Nothing, Membership.GetUser().Email)
If List.Rows.Count > 0 Then
Dim YafUser As Data.DataRow = List.Rows(0)
yaf.DB.user_changepassword(YafUser("UserID"), YafUser("Password"), FormsAuthentication.HashPasswordForStoringInConfigFile(ChangePassword1.NewPassword, "md5"))
e.Cancel = False
Return
End If
Catch ex As Exception
End Try
e.Cancel = True
End Sub
Since yaf's change password requires you to pass the users old password you need to retrieve it first, i do it via yaf.db.user_find, the second argument is set to 1 because this is the only way you will get all columns of the user records including the password column.
I then call yaf's db.user_changepassword where i pass in the new password after hashing it just like when we create a new account in the login page
Open Issues
There is still one issue i see, since we save the YAfuserId in a session, what if the user has logged into the site, the session has been recycled on the server, and the user then tries to go into the forum, he/she will still see that they are logged in, but they will probably be recognized as a guest in the forum design.