Authentication and Registration
As the traffic on your blog increases, some users emerge as trusted commenters, those who become known to you and make appropriate and relevant contributions to the conversation. Occasionally, however, a commenter abuses a blog’s comments feature either by posting inflammatory and antisocial commentary or by spamming. One of the most effective safeguards against unwanted comments is commenter authentication.
Authentication of commenters ties each comment to a verifiable private account (i.e. a pseudonymous identity) meaning that these commenters can effectively be managed. With authentication in place, you can designate certain commenters as trusted and others as banned. Giving a commenter trusted status allows the system to handle them differently, publishing their comments immediately, while other commenters are queued for moderation. Besides the goodwill this designation generates, it can save you the time and effort of moderating and publishing queued comments.
Movable Type 4 supports a variety of different authentication methodologies, including local user registration and authentication with Movable Type itself (new in Movable Type 4), the OpenID standard (new in Movable Type 4), and Six Apart’s free TypeKey service.
Configuring your blog to enable local user registration
Movable Type 4 gives you the ability to offer your commenters the ability to become a “member” of your site, through user registration. Visitors to your blog can register, create an account and then use that account to sign in and leave comments on your blog.
Visitors who register as members of your blog become true “users” in your system, and you can manage them like you manage other users in your system. For example, through Movable Type’s role-based permission system, you can promote a frequent, on-topic commenter to a contributor or even an author on your blog.
Configuring your blog to enable local user registration is managed through the Registration Settings screen on your blog. To manage your Registration Settings:
- Switch to the blog you wish to configure through Movable Type’s blog selection menu
- Choose Preferences > Blog Settings from the main menu
- Click on “Registration” in the left-hand navigation menu.
More information:
Configuring your blog to enable OpenID authentication
In addition to local user registration, Movable Type 4 supports authenticating commenters using OpenID. Movable Type 4 gives you the flexibility of presenting your commenters the ability to authenticate with any OpenID provider, and/or to display the OpenID services that you trust, based on their own user registration policies and procedures. For example, you may only want to present your commenters the ability to authenticate at OpenID-enabled sites that require users to verify their email address and pass a CAPTCHA when registering.
As examples, we’ve included the OpenID services provided by Six Apart’s hosted services Vox and LiveJournal. You can choose to display those as OpenID service providers to your commenters. You can also add your own trusted OpenID services by developing a simple plugin that uses Movable Type’s plugin API.
Like registration settings, configuring your blog’s authentication settings are also managed through through the Registration Settings screen on your blog. To manage your Registration Settings:
- Switch to the blog you wish to configure through Movable Type’s blog selection menu
- Choose Preferences > Blog Settings from the main menu
- Click on “Registration” in the left-hand navigation menu.
More information:
- Learn more about the Registration Settings screen.
- Learn more about adding your own trusted OpenID services through Movable Type’s plugin API
- Learn more about OpenID
Configuring your blog to enable TypeKey authentication
In addition to local user registration and OpenID authentication, Movable Type 4 supports authenticating commenters through Six Apart’s TypeKey authentication service. To configure your blog to use TypeKey, you’ll need to visit the Web Services settings screen to enable TypeKey and add your TypeKey token. And then you can enable TypeKey authentication through the Registration Settings screen.
To configure your TypeKey token through the Web Services Settings screen:
- Switch to the blog you wish to configure through Movable Type’s blog selection menu
- Choose Preferences > Blog Settings from the main menu
- Click on “Web Services” in the left-hand navigation menu.
To configure your blog to enable TypeKey authentication, visit the Registration Settings screen:
- Switch to the blog you wish to configure through Movable Type’s blog selection menu
- Choose Preferences > Blog Settings from the main menu
- Click on “Registration” in the left-hand navigation menu.
More information:
bonetruck.org on July 10, 2009, 10:49 a.m. Reply
Enabling alternate authentication schemes for commenting is really nice! However, that breaks down when using “Community Forums”. While users of your forums can comment using OpenID etc on existing topics, they cannot “start topic”. It may be worth mentioning that “Community Forums” require users to register with the site to “start topic”. I expect this will be a little confusing for users.
elkins.myid.net on September 26, 2010, 3:41 p.m. Reply
The “Learn More About Typekey” link above is broken. In fact, when I went Googling in order to suggest a replacement, I found it sufficiently difficult to find a working link for a Typekey FAQ that I gave up (admittedly, I wasn’t all that motivated and so gave up quickly…but still, one probably shouldn’t hit five broken links in a row when looking for something that basic). Perhaps someone should find the live link — wherever it now may be — and replace the dead one in the document above?
lasagna cupcakes on December 12, 2012, 6:28 a.m. Reply
The “Learn More About Typekey” link above is broken. In fact, when I went Googling in order to suggest a replacement, I found it sufficiently difficult to find a working link for a Typekey FAQ that I gave up (admittedly, I wasn’t all that motivated and so gave up quickly..but still, one probably shouldn’t hit five broken links in a row when looking for something that basic). Perhaps someone should find the live link - wherever it now may be - and replace the dead one in the document above?