Sign In

Configuring Forms Based Authentication in SharePoint 2010

Saru Ponnusamy Senior SharePoint Consultant
May 17, 2010

What’s involved?

  • Setting up your ASP.NET Membership database
  • Providing ASP.NET Membership database access
  • Configuring the Central Admin site
  • Configuring the SharePoint Web Services site
  • Setting up your SharePoint 2010 site
  • Setting up the FBA Zone in Central Admin
  • Configuring SharePoint 2010 FBA on the IIS Web Site
  • Assigning the Site Collection administrator
  • Testing the FBA configuration


Setting up your ASP.NET Membership database:

Assuming you are on Windows Server 2008 R2, execute aspnet_regsql.exe from the following location:

%windir%\Microsoft.NET\Framework64\v2.0.50727

When the ASP.NET SQL Server Setup Wizard opens, click Next to continue

ASP.NET SQL Server Setup Wizard


Select Configure SQL Server for application services and click Next.

ASP.NET SQL Server Setup Wizard 2

Enter the name of your SQL Database server and a name for the ASP.NET Membership database to be created and click Next.

Select Server and Database

Confirm your settings and click Next.

Confirm settings

The ASP.NET Membership has now been successfully created. Click Finish to complete the process.

Database created

Providing ASP.NET Membership database access:

From the Database server, open SQL Server Management Studio and navigate to Security

Right-click on Logins and select New Login…

From the General page, enter a Login name, select SQL Server authentication and choose a Password, do not enforce password policy, select the FBA database that you created earlier.

New Login


Now, open the User Mapping page, select the ASP.NET Membership database you created earlier and assign db_owner role in addition to public role and click OK to save the new user account.

User Mapping


Important: Make sure, you have also added the account that is set as the application pool identity with the db_owner role on the SQL Membership database as well.

Configuring the Central Admin site:

Open the IIS Manager and select the SharePoint Central Administration application

Double-click the Connection Strings and add a Connection string by clicking the Add… from the Actions pane. Enter a name for the Connection string, name of the database server, name of the FBA database that we created earlier. Also, set the credentials by clicking on the Set... button with the user account we created in step #2.

Add Connection String


Now, double-click the Providers and add a Roles provider. Select .NET Roles from the Feature drop-down and click on Add… from the Actions pane to add a new Roles provider.

In the Add Provider dialog, select SqlRoleProvider for Type, enter name for the Role provider, select the Connection string name we just created and click OK.

Add Role Provider


Similarly, double-click the Providers and add a Membership provider. Select .NET Users from the Feature drop-down and click on Add… from the Actions pane to add a new Membership provider.

In the Add Provider dialog, select SqlMembershipProvider for Type, enter name for the Membership provider, set the Profile properties as per your choice, select the Connection string name we just created and click OK.

Add Membership Provider


Configuring the SharePoint Web Services site:

Open the IIS Manager and select the SharePoint Web Services application

Double-click the Connection Strings and add a Connection string by clicking the Add… from the Actions pane. Enter a name for the Connection string, name of the database server, name of the FBA database that we created earlier. Also, set the credentials by clicking on the Set... button with the user account we created in step #2.

Now, double-click the Providers and add a Roles provider. Select .NET Roles from the Feature drop-down and click on Add… from the Actions pane to add a new Roles provider.

In the Add Provider dialog, select SqlRoleProvider for Type, enter name for the Role provider, select the Connection string name we just created and click OK.

Similarly, double-click the Providers and add a Membership provider. Select .NET Users from the Feature drop-down and click on Add… from the Actions pane to add a new Membership provider.

In the Add Provider dialog, select SqlMembershipProvider for Type, enter name for the Membership provider, set the Profile properties as per your choice, select the Connection string name we just created and click OK.

Setting up your SharePoint 2010 site:

In Central Administration application, create a new Web Application by clicking on the Manage web applications from the Application Management and then selecting New from the ribbon. Select Claims based authentication, specify a name and port number for the new web application, and leave the rest of the settings at their defaults and click OK to create the web application.

Important: Make sure, you choose Claims Based Authentication for Authentication.

Now, create a top-level Site Collection on the newly created Web Application. You can choose any of the templates to create the site collection.

Configuring SharePoint 2010 FBA on the IIS Site:

Open the IIS Manager and select the SharePoint site we created.

Double-click the Connection Strings and add a Connection string by clicking the Add… from the Actions pane. Enter a name for the Connection string, name of the database server, name of the FBA database that we created earlier. Also, set the credentials by clicking on the Set... button with the user account we created in step #2.

Double-click the Providers and add a Roles provider. Select .NET Roles from the Feature drop-down and click on Add… from the Actions pane to add a new Roles provider.

In the Add Provider dialog, select SqlRoleProvider for Type, enter name for the Role provider, select the Connection string name we created earlier and click OK.

While you are in Providers dialog, add a Membership provider. Select .NET Users from the Feature drop-down and click on Add… from the Actions pane to add a new Membership provider.

In the Add Provider dialog, select SqlMembershipProvider for Type, enter name for the Membership provider, select the Connection string name we created earlier and click OK.

Back in the IIS Manager console, click on the site we are trying to set FBA on. Double-click the .NET Roles and set the default provider from the Actions pane and select the ASP.NET Role provider we created earlier (ignore the error message that pops-up).

Default Role Provider


Once the role provider has been added, add a few roles by clicking on the Add... on the Actions pane.

Add .NET Role


Similarly, from the IIS Manager console, click on the site we are setting up the FBA on. Double-click the .NET Users and set the default provider from the Actions pane and select the ASP.NET Membership provider we created earlier (ignore the error message that pops-up).

Default Membership Provider


You can now add a new user to the ASP.NET Membership database by clicking on Add… on the Actions pane.

Select a User, Email, and Password.

If you have not configured the password rules, you will see an unpleasant error page.

Password validation


Go back to the .NET Users Providers module from the IIS Manager console, and click on the Collections... button on Misc->Provider Specific Settings.

Edit Membership Provider


This will open up the ProviderSetting Collection Editor where you can add/modify different parameters. Add / Modify parameters here accordingly. Add / Set the minRequiredNonalphanumericCharacters, and minRequiredPasswordLength parameters with values you desire.

ProviderSetting Collection Editor


Assigning the Site Collection administrator:

In Central Administration application, select Application Management and Change Site Collection Administrators from the Site Collection section and enter the ASP.NET user you want from the list of ASP.NET users.

Important: Make sure you are doing this on the right site collection on the right web application.

Testing the FBA Configuration:

Now, you can test your web application if you can sign in using Forms authentication. From a new browser screen, enter the URL of the web application. It should bring up the Sign In form as shown below. Select Forms Authentication from the drop-down.

Login screen


Sign in using your ASP.NET user you added to the .NET Users for the Web application. Instead of signing you in, you will see an access denied error page:-(.

Access denied page


Well, in order for the sign in to be successful, we need to go back to the IIS Manager console, open the web site, and set the default provider for Membership to the ‘i’ which is the new Claims based authentication provider.

This time, sign in using your ASP.NET user credentials and you should be able to sign in successfully!

Successful login page

 

Call

WebKMS Consultants Diary

On this Consultants Diary column, we share some of the problems we faced and how we solved for the benefit of our readers. We hope you find this real-world solutions useful and appreciate your interest and valuable feedback.

We update this column frequently, and encourage you to come back as often as you can.

We would also be glad to welcome if you have any specific request and we will try our best to post a solution on this column.

Doc collaboration Enterprise Intranet