I just purchased the software last night.  I got it up and running no problem.  excellent job with the manual instructions guys!

Anyway, I have candypress shopping cart as an ecommerce platform and I am wanting to have the following in order of priority.  Was wondering time involved and if their was specific information that tells what I need to touch.

I searched the web and looked at the stored procedures and am hoping that their must be a place that talks about this.

1. Use my table (customer) for data for both forum and shopping cart login information, ect... (most important one right now).  I know I can access the stored procedure was wondering if their was a laundry list somewhere that tells me which ones will need to be touched in order to make the Forum software point to my customer table INSTEAD of the User table you provide.
   
   This means I would like the login, updating, creating of users to use MY table.  I am hoping this is a matter of dealing with the SP in SQL Server and that is it.
   
   However, I wasn't sure how much the user table is used in other stored procedures that did not pertain to those particular functions.
   
   Encryption issues are you using them and what is the method? SHA256?
   
   Does all code reference SQL Server Stored Procedures?  Ie no Dynamic SQL existing in the code behind that are referencing the users table?
   
   Any articles on this?
2. Reading through articles, and I am a little weak in this Area with .NET, but it looks like you are taking advantage of the security features .NET comes with.  Is it possible to integrate the two together?  My Classic ASP uses Session variables as well as javascript cookies to maintain state.  It would be nice if they didn't have to relogin inorder to use the forum. Is their an article that talks about this.  I notice the one that pertained to the Security settings but it looked like it was written if I had another ASP.NET app.  which is not the case. (would be nice to be able to do but could live with)

Many thanks for any help you can provide,

Angela Law

www.naturallyspiritual.com

So I figured out how to adjust the stored procedures... I have them all looking to my customer Database right now.

Logging in and out is working to the site and it is referencing MY table not yours.

for those who are searching this is what you do:

1. Install their database
2. Scrypt out only the stored Procedures
3. Change all references to instantASP_users to your table name.  there are 3 different Search and replaces you need to do when doing this
   
   Replace: InstantASP_users. (notice the dot this must be done first) with [database].[user].[tablename].(notice ending dott need it)
   
   Replace: InstantASP_users[press space bar] (notice the ending space this must be done!) with [database].[user].[tablename][press space bar](notice ending space need it)
   
   Replace: [press space bar]InstantASP_users[press space bar] (notice the beginning and ending space this must be done!) with [press space bar][database].[user].[tablename][press space bar](notice the beginning and ending space need it)
4. Go Through BY HAND and change in 3different SP the setting of the EmailAddress to what you call if not the same.  Like there is a procedure for inserting a new user... Just search on EmailAddress and ONLY change it where it is either inserting it or updating it.
5. Copy the fields from the InstantASP_users to your table.
6. DECLARE in your table EmailAddress as a computed field EQUAL to your Email Address field in my case I set it to Email.
7. DECLARE in your table UserId as a computed field EQUAL to your ID field in my case I set it to idCust.
8. Then copy your user records over into your table..
9. And right now this is where i am at....

PROBLEM LEFT is my encryption scheme is NOT the same as the forums.  So when a user from the ecommerce site logs into forums it will be invalid.

So the biggest issue before me is the Encryption and Descryption of the password.  If I could turn it off I could just modify the ecommerce site to not use encryption.

As really their is no need for encryption with my site.  I don't have any valuable information being stored.  or currently have many people in the database user files.

I thought about changing the login page to point to my own.. But the code that is given for the code behind and the Shell of a Login page for the ascx adn the apx appears that everything is generated via dll's they created... It doesn't look like I can change the basic working of Links on these pages...Am I missing something?

Also if I did that I would need to know how to so the whole session thing and cookies for your software.

It would just be better to NTO encrypt and go with straight text.

Any help is greatly appreciated.. I am 75% there and I like to keep this software... but if I can't figure it out I will return it.

www.naturallyspiritual.com