Friday, October 21, 2011

Configuring Forms Based Authentication (FBA) in SharePoint 2010

One of my favorite configuration tasks from SharePoint 2007 is to configure multiple authentication providers. So I wanted to do the same thing in SharePoint 2010 too. Here I will be using the MSSQL database as the membership store for the users.
Steps
  1. Create MSSQL membership store
  2. Create the new web application
  3. Configure support for FBA
    1. In Central Administration
    2. In new web application
    3. In STS web service (new in SharePoint 2010)
  4. Adding user policies to the web application
  5. Login to the site
Step 1: Create MSSQL membership store
This is where all the user details going to be store.
  • Create the database
    • Run the ASP.NET SQL Server Setup Wizard located at C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe and follows the instructions.
clip_image002 clip_image004 clip_image006
clip_image008clip_image010 clip_image012
    • Once completed create a separate database user and assign that user and add the “db_owner” role.
  • Add users into the membership store
    • Launch the Visual Studio and create a web site project
    • Add a connection string pointing to the above created database
    • Launch the “ASP.NET Configuration” wizard in “Website” menu item.
    • Click on the “Security” link and select the “internet” option and add users in to the store.
clip_image014
Step 2: Create the new web application
  • Go to Central Administration > Manage web applications and click on the “New” in the ribbon
  • Set the settings in the dialog box as in the below images (Check the red boxes)
clip_image002[4]
clip_image004[4]
  • Once the web application created, create the site collection as well.
Step 3: Configure FBA support
  • Edit the web.config for the central administration in the virtual directories folder
    • Add the following entry just above the </system.web> node
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add connectionStringName="AspNetSqlProvider" passwordAttemptWindow="10" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" description="Stores and retrieves membership data from the Microsoft SQL Server database" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<remove name="AspNetSqlRoleProvider" />
<add connectionStringName="AspNetSqlProvider" applicationName="/" description="Stores and retrieves roles data from the local Microsoft SQL Server database" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
    • Add the below connectionString details just above the </configuration> node and put the corresponding values for the database,user id and password
<connectionStrings>
<add connectionString="Data Source=eccolw7ira;Initial Catalog=<database>;User ID=<user id>;Password=<password>" name="AspNetSqlProvider" />
</connectionStrings>
  • Edit the web.config for the corresponding site in the virtual directories folder
    • Add the following entry just above the </system.web> node.
      • Note : If the membership entry is already available , add only the missing entries (Highlighted in Yellow) from the bellow entry.
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<remove name="AspNetSqlMembershipProvider" />
<add connectionStringName="AspNetSqlProvider" passwordAttemptWindow="10" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" description="Stores and retrieves membership data from the Microsoft SQL Server database" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager defaultProvider="c">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<remove name="AspNetSqlRoleProvider" />
<add connectionStringName="AspNetSqlProvider" applicationName="/" description="Stores and retrieves roles data from the local Microsoft SQL Server database" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
    • Add the below connectionString details just above the </configuration> node and put the corresponding values for the database,user id and password
<connectionStrings>
<add connectionString="Data Source=eccolw7ira;Initial Catalog=<database>;User ID=<user id>;Password=<password>" name="AspNetSqlProvider" />
</connectionStrings>
  • Edit the web.config located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken
    • Add the following entry just above the </configuration> node

<system.web>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<remove name="AspNetSqlMembershipProvider" />
<add connectionStringName="AspNetSqlProvider" passwordAttemptWindow="10" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" description="Stores and retrieves membership data from the Microsoft SQL Server database" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<remove name="AspNetSqlRoleProvider" />
<add connectionStringName="AspNetSqlProvider" applicationName="/" description="Stores and retrieves roles data from the local Microsoft SQL Server database" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
</system.web>
<connectionStrings>
<add connectionString="Data Source=eccolw7ira;Initial Catalog=<database>;User ID=<user id>;Password=<password>" name="AspNetSqlProvider" />
</connectionStrings>
Step 4: Adding user policies into the web application
  • Go to Central administration > Manage web applications and select the web application and click on the “User Ploicy” button in ribbon.
  • Click on the “Add users” link and select the “Default” as the zone and click on “Next”.
  • Type the user name in the “Users” text box and click on the People Picker icon.
  • If everything configured correctly you should see the user name get underlined in the “users” box. OR
  • Click on the “Browse” button under the users text box and type the user name in the search text box and click on the search button.
  • And you should see the user name in the search result.
clip_image002[6]
Step 5: Login to the site
  • Open the site in browser and select the “Forms Authentication” from the drop down
clip_image004[6]
  • Provide the user credentials and you should be redirected to the home page
image