Telligent Community Single Sign On (SSO) - Cookie Authentication
In addition to my previous blog post detailing a step by step approach for setting up single sign on in Telligent Community using forms authentication, I thought I'd share some details on cookie authentication as well. This is to be used in addition to the official post by Telligent found here.

1. Generate a 3des key and an initialization vector (IV)

TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.GenerateKey();
tdes.GenerateIV();
Console.WriteLine("3des Key = " + Convert.ToBase64String(tdes.Key));
Console.WriteLine("3des IV = " + Convert.ToBase64String(tdes.IV)); 
2. Add a configuration section to the web.config file of the application that will be setting the cookie. Include the key and IV that you generated in step 1.
<configuration>
<configSections>
<section name="TelligentConfiguration" type="EncryptionDemo.TelligentConfiguration" />
</configSections>
<TelligentConfiguration TelligentCookie3DESKey="YOUR_KEY_HERE" TelligentCookie3DESIV="YOUR_IV_HERE" />
</configuration> 
3. Create a ConfigurationSection class to get the keys
public class TelligentConfiguration : ConfigurationSection
{
public TelligentConfiguration()
{
}
[ConfigurationProperty("TelligentCookie3DESKey", IsRequired = true)]
public string TelligentCookie3DESKey
{
get { return this["TelligentCookie3DESKey"].ToString(); }
set { this["TelligentCookie3DESKey"] = value; }
}
[ConfigurationProperty("TelligentCookie3DESIV", IsRequired = false)]
public string TelligentCookie3DESIV
{
get { return this["TelligentCookie3DESIV"].ToString(); }
set { this["TelligentCookie3DESIV"] = value; }
}
} 
4. Take the values to be encrypted, encrypt them, and add them to the CSUser cookie.
public void CreateUserCookie(string username, string emailAddress, string commonName)
{
//Create the cookie and add the encrypted values
HttpCookie CSUserCookie = new HttpCookie("CSUser");
CSUserCookie.Values.Add("username", TDESEncryptString(username));
CSUserCookie.Values.Add("emailAddress", TDESEncryptString(emailAddress));
CSUserCookie.Values.Add("commonname", TDESEncryptString(commonName));
//Optionally set the cookie domain to the one defined in the web.config
CSUserCookie.Domain = FormsAuthentication.CookieDomain;
//Add the cookie to the response
HttpContext.Current.Response.Cookies.Add(CSUserCookie);
}
private string TDESEncryptString(string toEncrypt)
{
//Get the configuration section object that will containt the keys
TelligentConfiguration telligentConfig = (TelligentConfiguration)System.Configuration.ConfigurationManager.GetSection("TelligentConfiguration");
//Convert the key and the initialization vector to byte arrays
byte[] key = Convert.FromBase64String(telligentConfig.TelligentCookie3DESKey);
byte[] iv = Convert.FromBase64String(telligentConfig.TelligentCookie3DESIV);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
ICryptoTransform cryptoTransform = tdes.CreateEncryptor(key, iv);
//Convert the value to encrypt to a byte array
byte[] bytesToEncrypt = UTF8Encoding.UTF8.GetBytes(toEncrypt);
//Encrypt the value
byte[] encryptedBytes = cryptoTransform.TransformFinalBlock(bytesToEncrypt, 0, bytesToEncrypt.Length);
return HttpUtility.UrlEncode(Convert.ToBase64String(encryptedBytes));
} 
5. Open the communityserver_override.config file and add the following:
<Override xpath="/CommunityServer/Core/extensionModules/add[@name='FormsAuthentication']" mode="remove" />
<Override xpath="/CommunityServer/Core/extensionModules/add[@name='CustomAuthentication']" mode="remove" />
<Override xpath="/CommunityServer/Core/extensionModules/add[@name='EncryptionProvider']" mode="remove" />
<Override xpath="/CommunityServer/Core/extensionModules" mode="change" name="enabled" value="true" />
<Override xpath="/CommunityServer/Core/extensionModules" mode="add" where="end">
<add name="CustomAuthentication" extensionType="Security" type="CommunityServer.SecurityModules.CookieAuthentication, CommunityServer.SecurityModules" allowAutoUserRegistration="true" authenticatedUserCookieName="CSUser" usernameKey="username" emailAddressKey="emailAddress" useEncryptedCookie="true" cookieValueStringFormat="Base64" cookieValueEncryptionFormat="ValuesOnly" profileRefreshInterval="7" />
<add name="EncryptionProvider" extensionType="Encryption" type="CommunityServer.SecurityModules.SymmetricEncryptionProvider, CommunityServer.SecurityModules" algorithm="TDES" key="KEY_HERE" iv="IV_HERE" />
</Override> 
6. Open the SiteUrls.config file and add the following:
<Override xpath="/SiteUrls/locations/location[@name='common']/url[@name='login']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='common']/url[@name='login_clean']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='common']/url[@name='logout']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='user']/url[@name='user_Register']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='user']/url[@name='user_Register_clean']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='common']" mode="add">
<url name="login" navigateUrl="http://www.yoursite.com/login.aspx" />
<url name="login_clean" navigateUrl="http://www.yoursite.com/login.aspx" />
<url name="logout" navigateUrl="http://www.yoursite.com/logout.aspx" />
</Override> 

Once you have both applications configured above you should be ready to go. The first thing I would do is login to your existing application and verify the cookie is being written properly. If they are, go ahead and load up the community in the same browser and Telligent Community should log you in automagically.

One thing to note: Both applications need to be on the same domain.

Enjoy!

1 comment(s) so far

thank you, telligent

Leave a Comment