This project is read-only.

Using BlogEngine's Authentication outside the Application

Topics: ASP.NET 2.0
Oct 30, 2007 at 12:05 PM
I have a website and it's happily running BlogEngine (IIS7 staging/ IIS6 live, everything latest versions).

I want to add some other stuff to the site which I need to protect behind a login. As I already have the BlogEngine's authentication system running nicely, it would be neat if I could use that as the "login provider" for the whole site, so my poor users don't have to have multiple accounts and stuff.

The catch, I think, is BlogEngine's an Application, and as far as I can tell from my initial experiments, that means I can't get into it from "outside" to use the role provider. Well I tried and it doesn't seem to be working. Specifically I put a:
<authentication mode="Forms">
<forms timeout="129600" name=".AUXBLOGENGINE" protection="All" slidingExpiration="true" loginUrl="~/BlogEngine/login.aspx" cookieless="UseCookies" />
section in the site's web.config and it doesn't do nowt. I obviously don't understand much of this, hence I'm thrashing about somewhat.

I wonder:
(1) Do I absolutely have to run Blog Engine as an application?
What happens if I just run the thing without the IIS "Appication" business? If I do that, I'm sure I can access the provider.. I could move the definition of it from the BlogEngine web.config to the site's parent web.config and then it would all work I think.

(2) Assuming I can't get into the blog engine's provider as above, maybe I could turn this around. I could set up my own provider for the website, and then tell BlogEngine to use that? I'm not sure that will work if BE is an application though: maybe it cant' "get out" to see my provider.

(3) Failing those, maybe I could use the XML file BE uses as the source of my own provider, and then run separate providers for BE and for everything else, but both dependent on the same XML file.

Has anyone done anything like this already got any advice/ thoughts?
Nov 1, 2007 at 11:22 PM
Ok, I guess it was too obvious for you guys, but if there's anyone else needs to know, here's how you do it..

(1) You need to specify the same "machine key" in the blogEngine.NET config.sys and in the config.sys of the parent web site. That's what allows the web site to read the cookie dropped by BlogEngine at user log in. Just copy the <machineKey> section from the BlogEngine.NET file into your parent site's file.

(2) You need to copy the <authentication > section in the same way - that tells the parent website to use the same cookie which BlogEngine login kindly sets for you.