SharePoint 2010 : Configure Forms Based Authentication (FBA)

I> Create or Convert existing web applications to use Claims Based Authentication
II> Create User IDs in SQL Database
III> Modify web.config file
IV> Give Permissions to users present in SQL database

Create or Convert existing web applications to use Claims Based Authentication
Note: - Web Application has to be created from the Central Administration console or PowerShell, however it should be using Claims Based Authentication.
A. Creating web application using Central administration

    • Open Central Administration Console.
    • Click on Manage Web application Under Application Management.
    • Click on new on the Ribbon.
    • Chose Claims based Authentication From the top of the page.
    • Choose the port no for the web application.
    • Click on Enable Forms Based Authentication (FBA) Under Claims Authentication Types. Windows Authentication is enabled by default and if you dont need windows authentication then you need to remove the check the box.
    • Add the Membership Provider & Role Manager Name
    • As soon as web application has been created please verify the Authentication Provider settings for the web application. I have the screenshot below:
    • On SharePoint 2010 server open the command prompt.
    • Navigate to C:\Windows\Micrsooft .Net\Framework64\v2.0.50727
    • Run “aspnet_regsql.exe”. This will open ASP .Net SQL Server Setup wizard. On this click on NEXT.
    • Click on “Configure SQL Server for Application Services”.
    • Specify the Database name. If you don’t specify the database name then it will create a database call aspnetdb.
    • Use membershipseeder tool to create the users in SQL database. You can find the tool and information on that from codeplex.
    • Add connection String:
    • Add membership Provider and Role Manager:
    • Add connection String:
    • Add membership Provider and Role Manager:
    • Access Central Administration console and click on manage web applications under Application Management.
    • Select the web application and click on user Policy on ribbon.
    • Click on Add user and select Default Zone.
    • Now type the user name, add the user to the web application by defining appropriate permission.
clip_image002
Note:- If you want to use Windows Authentication and Forms Based Authentication in Single URL then you have to select Enable Windows Authentication and Enable Forms Based Authentication.
image
Note:- Just for understanding, i am using Membership Provider as “SQL-MembershipProvider” and Role Manager as “SQL-RoleManager”. You can use different names, however you need to remember the name so that you can refer them in web.config files. These names are case sensitive.
B. What if you already have a Web application created using Classic Mode Authentication or How to convert Web application from Classic Mode authentication to Claims based Authentication?
You don’t have to delete that web application. You can convert that web application from classic mode authentication to claims based authentication. However this can only be done using PowerShell and it’s an irreversible process. Follow PowerShell commands to convert the web application from Classic Mode Authentication to Claims based Authentication:
$App = get-spwebapplication “URL”
$app.useclaimsauthentication = “True”
$app.Update()
Example:-
$App = get-spwebapplication “http://sp1:8000”
$app.useclaimsauthentication = “True”
$app.Update()
Once you have the web application using Claims Based Authentication, you can create a site collection. Now if you access the web application, you can access the site choosing Windows Authentication or Forms Based Authentication as shown in below image.
clip_image004
Choose windows authentication and login to site. When you login your currently logged in credentials will be used. Make sure the account you are logged in with has access to SharePoint site; Otherwise, you will get access denied error.
II> Configure the Membership Provider and Role Manager.
clip_image006
clip_image008
Note:- I have specified the database name as “SQL-Auth”.
III> Modify the web.config file for Membership Provider and Role Manager.
We need to modify 3 different web.config files for FBA to work. Web.config of FBA Web application, web.config of Central Administration Site & Web.config of STS.
A. Modify web.config of FBA web application.
<connectionStrings>
<add name="SQLConnectionString" connectionString="data source=SQL;Integrated Security=SSPI;Initial Catalog=SQL-Auth" />
</connectionStrings>
Connection String has to be added after </SharePoint> and Before <system.web>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
</system.web>
B. Modify web.config of the Central Administration web application.
<connectionStrings>
<add name="SQLConnectionString" connectionString="data source=SQL;Integrated Security=SSPI;Initial Catalog=SQL-Auth" />
</connectionStrings>
Connection String has to be added after </SharePoint> and before <system.web>
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
<membership defaultProvider="SQL-MembershipProvider">
<providers>
<add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
C. Modify web.config of STS. You can locate the STS web.config from %programfiles%\common files\Microsoft Shared\web server extensions\14\WebServices\SecurityToken
<connectionStrings>
<add name="SQLConnectionString" connectionString="data source=SQL;Integrated Security=SSPI;Initial Catalog=SQL-Auth" />
</connectionStrings>
<system.web>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
</system.web>
Above has to be added before </configuration>
IV> Give permissions to users in SQL database.

  • Access Central Administration console and click on manage web applications under Application Management.
  • Select the web application and click on user Policy on ribbon.
  • Click on Add user and select Default Zone.
  • Now type the user name, add the user to the web application by defining appropriate permission.

Comments

Post a Comment

Popular posts from this blog

How to remove app from SharePoint 2013/2016

I have installed an SharePoint App for creating surveys but when try to uninstall / remove it from the site it shows exception message " sorry we couldn't remove the app ". Solution: I have used following Power-Shell commands to install/remove app successfully  $instances = Get-SPAppInstance -Web <URL> $instance = $instances | where {$_.Title -eq '<app_title>'}   Uninstall-SPAppInstance -Identity $instance
Read more

SQL SERVER – FIX : Error 3154: The backup set holds a backup of a database other than the existing database

ERROR: TITLE: Microsoft SQL Server Management Studio ------------------------------ Restore failed for Server 'DBSERVER'.  (Microsoft.SqlServer.Smo) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.1399.00& EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Restore+Server&LinkId=20476 An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo) The backup set holds a backup of a database other than the existing 'DB' database. RESTORE DATABASE is terminating abnormally. (Microsoft SQL Server, Error: 3154) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.1399&EvtSrc=MSSQLServer&EvtID=3154&LinkId=20476 SOLUTION Create a database and then try this command: RESTORE DATABASE  AdventureWorks FROM DISK = 'C:\ BackupAdventureworks ...
Read more

The model backing the context has changed since the database was created. Consider using Code First Migrations to update the database

One way to resolve this error is to use Code First Migrations to update the database schema to match the new model. To do this, you can use the following steps: Open the Package Manager Console in Visual Studio by going to Tools -> NuGet Package Manager -> Package Manager Console. In the Package Manager Console, run the command Enable-Migrations to enable migrations in the project. Run the command Add-Migration <migration-name> to create a new migration for the changes you made to the model. Run the command Update-Database to apply the changes to the database.
Read more