Friday, August 17, 2012

Configure Forms Based Authentication (FBA) with SharePoint 2010


Implementing FBA in SharePoint is simple, if you follow all the steps correctly. there are lot of FBA pack in market which allows you to just install the WSP and start working with it.

FBA is concept already present in .Net. we need to create Membership provider and Role provider. Lets set up FBA on our own.

Step 1: Create Web Application using Claims Authentication

  1. Open Browser by choosing “Run as Administration” option.
  2. Browse to Central Administration.
  3. Select Application Management > Managed Web Application.
  4. Click on “New” button ribbon to create new web application.
  5. Select Authentication as “Claims Authentication”
    ClaimsAuthentication
  6. Select “Claims Authentication Types” as “FBA“
    - Provide the Membership Provider Name as “MyCustom_MemberShipProvider”
    - Provide the Role Manager Name as “MyCustom_RoleManager”

    ClaimsAuthentication_Type
  7. Click “Ok” button to create Web Application
  8. Create Root Site Collection as soon as Web Application is created.

Step 2: Create ASP.NET Membership Database

  1. Find the setup file aspnet_regsql.exe located at either of the following locations depending upon your OS:
    %windir%\Microsoft.NET\Framework\v2.0.5027
    %windir%\Microsoft.NET\Framework64\v2.0.5027
  2. Select “Configure SQL Server for application services”, then click Next
  3. Write Database Name in Dropdown Box. we will named the database as ”Custom_FBA_DB”.
  4. Click on next and finish the activity.

Step 3: Providing the access to the Membership Database

  1. In SharePoint most of Service Account that runs the Application Pool. we need to identity the Service account and ensure that this service account has the DB_Owner permission on the ASP.Net Membership database created in Step 1
  2. If not then we can open database and in security tab grant permission “DB_Owner”

Step 4: Modify the Application web.config file

Modify the Application web.config to add the details of the Membership Provider and Role manager details

  1. Open web.config present under “C:\inetpub\wwwroot\wss\VirtualDirectories\” followed by your web application port number.
  2. Add following connection string in Connection string section, if section is not present then add exactly above <system.web>

    <connectionStrings>

        <add name="Custom_FBA_SQLConnectionString" connectionString="data source=.;Integrated Security=SSPI;Initial Catalog=Custom_FBA_DB" />

      </connectionStrings>

    Data Source       :     Database Server Instance Name (. or .\InstanseName)
    Intital Catalog     :     Database Name (Custom_FBA_DB)

  3. Add/Replace following lines to add/Replace Role Manager and Membership Provider details

    <roleManager cacheRolesInCookie="false" defaultProvider="c" enabled="true">

          <providers>

            <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

            <add connectionStringName="Custom_FBA_SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="MyCustom_RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

          </providers>

        </roleManager>

        <membership defaultProvider="i">

          <providers>

            <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

            <add connectionStringName="Custom_FBA_SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="MyCustom_MemberShipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

          </providers>

        </membership>

  4. Ensure the Provider names are exactly same as defined at time of creating the Web Application in Step 1
  5. Save Web.Config file

Step 5: Modify the Central Administration web.config file

Modify the Central Administration web.config to add the details of the Membership Provider and Role manager details

  1. Open web.config present under “C:\inetpub\wwwroot\wss\VirtualDirectories\” followed by your Central Administration port number.
  2. Add following connection string in Connection string section, if section is not present then add exactly above <system.web>

    <connectionStrings>

        <add name="Custom_FBA_SQLConnectionString" connectionString="data source=.;Integrated Security=SSPI;Initial Catalog=Custom_FBA_DB" />

      </connectionStrings>

    Data Source       :     Database Server Instance Name (. or .\InstanseName)
    Intital Catalog     :     Database Name (Custom_FBA_DB)

  3. Add/Replace following lines to add/Replace Role Manager and Membership Provider details

    <membership defaultProvider="ASPNetSqlMembershipProvider">

          <providers>

            <add connectionStringName="Custom_FBA_SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Encrypted" description="Stores and Retrieves membership data from SQL Server" name="MyCustom_MemberShipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

          </providers>

        </membership>

       

        <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="false">

          <providers>

            <add connectionStringName="Custom_FBA_SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="MyCustom_RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

          </providers>

        </roleManager>

  4. Ensure the Provider names are exactly same as defined at time of creating the Web Application in Step 1
  5. Save Web.Config file

Step 6: Modify the Security Token web.config file

Modify the Security Token web.config to add the details of the Membership Provider and Role manager details

  1. Open web.config present under 14-ive “C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken”.
  2. Add following connection string in Connection string section, if section is not present then add exactly above <system.web>. If <System.Web> is not present add at the end of file before closing tag of </configuration>.

    <connectionStrings>

        <add name="Custom_FBA_SQLConnectionString" connectionString="data source=.;Integrated Security=SSPI;Initial Catalog=Custom_FBA_DB" />

      </connectionStrings>

    Data Source       :     Database Server Instance Name (. or .\InstanseName)
    Intital Catalog     :     Database Name (Custom_FBA_DB)
  3. Add/Replace following lines to add/Replace Role Manager and Membership Provider details
    <roleManager cacheRolesInCookie="false" defaultProvider="c" enabled="true">

          <providers>

            <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

            <add connectionStringName="Custom_FBA_SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="MyCustom_RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

          </providers>

        </roleManager>

        <membership defaultProvider="i">

          <providers>

            <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

            <add connectionStringName="Custom_FBA_SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="MyCustom_MemberShipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

          </providers>

        </membership>

  4. Ensure the Provider names are exactly same as defined at time of creating the Web Application in Step 1
  5. Save Web.Config file

Step 7: Reset IIS using IISReset command.

Step 8: Browse to your web Application.

  1. Open Browser and browse to you SharePoint Web Application.
  2. This will represent you the form with two option “FBA” and “Windows Authentication”.
    DefaultSignin-1
  3. Select FBA.
  4. A form will appear to enter the credential.
    DefaultSignin-2
  5. Enter your credential and click on sing in button to get into the site (Provided site collection administrator has given you the permission)

Note:

  • This uses the default sign in Page provided by SharePoint 2010 (Shown in Step 8). You can customize the Sign in Page and enforce your web application to use it for Sign in.
  • If you do not wish to add FBA users and roles through the UI programmatically. You can add users through the IIS. (inetmgr.exe). Ensure that after adding user using IIS verify the Steps 4,5 and 6. and reset IIS. (Its always better to give user UI to enter users and Roles to avoid modification and verification web.config files)
    User_Roles_IIS

Next Article will explain the How to customize the Login page.

No comments: