Thursday, June 28, 2012

SharePoint 2010 FBA : Forms Based Authentication for Extranet


 Forms based Authentication (FBA) for SharePoint 2010 Extranet Site
  1. 1.  Create new webapplication using central administration with cliams based authentication
  2. 2.  Extend the webapplication and select extranet zone
  3. 3.  Create Membership tables to store users using Aspnet_regsql.exe.
  4. 4.  Path C:\%windir%\Microsoft.NET\Framework\<versionNumber>\aspnet_regsql.exe
  5. 5.  More information on tool :  http://msdn.microsoft.com/en-us/library/ms229862(v=vs.80).aspx
  6. 6.  Update central administration, FBA site, SecurityTokenService config files.
  7. 7.  Updated provider names as shown in below image. Central administration > Secuirty> Specify authentication providers > Select Web Application from right side dropdown > Extranet



According to below configuration my membership and roleproviders are

SQLMembershipProvider
SQLRoleProvider
SQLConnectionString (Connection string name)



FBA Site web.config changes

add below connectionstring after </SharePoint> and before   <system.web> tag

  <connectionStrings>
    <add name="SQLConnectionString" connectionString="data source=APPSDBS04;Integrated Security=SSPI;Initial Catalog=aspnetdb" />
  </connectionStrings>

add below code before </system.web
<membership defaultprovider="i">
      <providers>
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
        <add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQLMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
<rolemanager defaultprovider="c" enabled="true" cacherolesincookie="false">
      <providers>
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
        <add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQLRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </rolemanager>

Central Admin Config changes


<sessionState mode="InProc" timeout="20" cookieless="UseCookies" />   below this tag    <roleManager>
      <providers>
        <add connectionStringName="SQLConnectionString"
            applicationName="/"
            description="Stores and retrieves roles from SQL Server"
            name="SQLRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />


      </providers>
    </roleManager>
    <membership>
      <providers>
        <add connectionStringName="SQLConnectionString"
            passwordAttemptWindow="5"
            enablePasswordRetrieval="false"
            enablePasswordReset="true"
            requiresQuestionAndAnswer="true"
            applicationName="/"
            requiresUniqueEmail="true"
            passwordFormat="Hashed"
            description="Stores and Retrieves membership data from SQL Server"
            name="SQLMembershipProvider"
            type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
  </system.webend tag   




</SharePoint> after this tag   

  <connectionStrings>
    <add name="SQLConnectionString" connectionString="data source=APPSDBS04;Integrated Security=SSPI;Initial Catalog=aspnetdb" />
  </connectionStrings>

  <system.web> before this tag   



SecurityTokenserviceapplication Config changes

Go to IIS Manager>SharePoint Web Services\SecurityTokenserviceapplication

Or

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken\web.config

  <system.web>
    <roleManager>
      <providers>
        <add connectionStringName="SQLConnectionString"
            applicationName="/"
            description="Stores and retrieves roles from SQL Server"
            name="SQLRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>
    <membership>
      <providers>
        <add connectionStringName="SQLConnectionString"
            passwordAttemptWindow="5"
            enablePasswordRetrieval="false"
            enablePasswordReset="true"
            requiresQuestionAndAnswer="true"
            applicationName="/"
            requiresUniqueEmail="true"
            passwordFormat="Hashed"
            description="Stores and Retrieves membership data from SQL Server"
            name="SQLMembershipProvider"
            type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
  </system.web>
<connectionStrings>
    <add name="SQLConnectionString" connectionString="data source=APPSDBS04;Integrated Security=SSPI;Initial Catalog=aspnetdb" />
  </connectionStrings>


</configuration> before this tag   

Update provider names in central administration, you can see this page under

Central administration>Secuirty> Specify authentication providers>Extranet
(if you already extended your site for extranet)



Last step:  just restart the IIS and access your url and you can see login page with forms and windows based authentication options.


You can create users using Asp.net configuration tool or by creating a custom create users page.

Login with your windows Authentication > go to People and groups >here you can add forms users as shown in below post
http://suryapulipati.blogspot.com/2012/05/add-fba-users-to-sharepoint-2010-site.html
Forms login page
http://suryapulipati.blogspot.com/2012/06/sharepoint-2010-fba-forms-login-page.html
Setup Custom Sign in Page
http://suryapulipati.blogspot.com/2012/06/sharepoint-2010-fba-setup-custom-sign.html
Renaming dropdown values of login page
http://suryapulipati.blogspot.com/2012/06/sharepoint-2010-fba-renaming-dropdown.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Followers