Thursday, March 22, 2012

Configuring Form Based Authentication (FBA) in SharePoint 2010


Introduction

This article explains step by step procedure to enable form based authentication (FBA) in SharePoint 2010.
I also written article on enabling form based authentication (FBA) in MOSS 2007 in code project site & blogger site and is available here [Code Project : “http://www.codeproject.com/Articles/19055/Form-Authentication-for-MOSS-2007-Site”, Blogger Site : “http://nagendra-gunaga.blogspot.in/2012/03/form-based-authentication-fba-for-moss.html”]

Setting up ASP.Net 2.0 Forms Authentication User and Role Data Source

This section explains creation of database which is used to store user's information such as credentials and roles which is used for Form Authentication. This section also explains the configuration of Membership and Role providers in the web.config file and creation of users using ASP.Net configuration wizard. This article shows creating a user and which will be used for testing Form Authentication later.

Create Database

To create database, Microsoft has provided a tool/ utility called aspnet_regsql.exe that creates a database for us. This utility can be found in %windir%\Microsoft.Net\Framework64\v2.0.50727 folder. Please see the image below:


Executing aspnet_regsql.exe file will open ASP.Net SQL Setup wizard that will walk through creating the ASP.Net database. I have added the database name as FBANetDB and configured it for windows authentication. Please see the image below:
























Click on Next button. Please see the image below:


Select Configure SQL Server for application services option and click Next button. Please see the image below:
























Click Next button. Now the database FBANetDB is created successfully. Please see the image below:




Configure Membership and Role Providers

In the previous section, database is created successfully. Now we need to add a user in to database. Using ASP.Net Configuration Wizard, users can be added the database. This can be achieved by creating web site that will allow us to add the users and roles and also ensure the database connection strings, membership and role providers are correctly configured before we bring SharePoint in to equation.

Below steps explains creating web site and configuring membership and role providers and executing ASP.Net Configuration Wizard.

a) Open Visual Studio 2010 and select File à New à Web Site. In the New Web Site dialog, select the ASP.Net Web Site template and enter the location to store the web site files. Please see the image below:

You can choose any location whichever is comfortable for you. web.config file will be added to project automatically.

b) By default, you will see a <connectionStrings/> node within <configuration> node. Specify the connection string to the database which has been created in the previous section. Please see the image below:






I have mentioned server as GUNAGA1. This is the server in which SQL Server 2008 is installed. Please mention the respective server name.

Also add the membership provider and role provider within <system.web> tag. See the below image for more information.

c) Save web.config file and launch the ASP.Net Configuration Wizard by clicking on Website à ASP.Net Configuration. Please see the image below:

d) Set the authentication type in the above wizard. To do this, click Security link. In the Security tab, under Users section, click Select authentication type link. Select From the internet option and press Done button which is available in the bottom right corner. By selecting this option, which means that site will use form authentication to identify users. Please see the image below:



e) To test the membership and role providers, click on Provider tab. In the Provider tab, click on Select a different provider for each feature (advanced) link. Select right / correct membership and role provider and click Test link to ensure that providers are communicating to right database.




















At this point, we configured web.config file with connection string and providers information. Also we tested the providers with the database. Next section will explain adding users to database.

Create a User

a) To add users, click on Security tab. In Security tab, under Users section, click Create user link. Here I am adding user as testFBA and password as password which will be used for testing form authentication later. Please see the image below:






Now we have created a user successfully. Do not worry about creating roles at this time and will be explained later.

Create Web Application and Site Collection

Follow the below steps to create web application and site collection.

A) Go to Central Administration -> Application Management -> Select ‘Manage Web Application’ link present under ‘Web Applications’ section.
B) Click on ‘New’ option in the ribbon.
         a. See the below image for ‘Authentication’ and ‘IIS Web Site’ section.




































          b. See the below image for ‘Security Configuration’ and ‘Claims Authentication Type’ section.





























         c. See the below image for configuring ‘Sign In Page URL’ and ‘Public URL’ section.


         



















d. See the below image for configuring ‘Application Pool’ and ‘Database Name and Authentication’ section.




































C) Create Site Collection after creating web application. Select the template whichever you want to create site collection.


Configuring FBA Web Application web.config file

Open FBA web application web.config file and add the below entries.

a   a) Add Connection String. Connection String has to be added after </SharePoint> and before <system.web> tag. See the below image for more information.

b) Add Membership Provider and Role Provider



Configuring Central Administration Web Application web.config file

Open Central Administration web application web.config file and add the below entries.

     a) Add Connection String. Connection String has to be added after </SharePoint> and before <system.web> tag. See the below image for more information.


 b) Add Membership Provider and Role Provider



Configuring Security Token Service web.config file

Open Security Token Service web.config file from %programfiles%\common files\Microsoft Shared\web server extensions\14\WebServices\SecurityToken location and add the below entries.

a   a) Add Connection String. Add Connection String above the <system.web> tag. See the below image for more information.


 b) Add Membership Provider and Role Provider



Adding User Policy to the FBA Web Application

Follow the below steps to add user policy to the web application.
     a) Go to Central Administration -> Manage Web Applications -> Select the FBA web application and click on ‘User Policy’ option in the ribbon.



     b) Click on ‘Add Users’ link and select ‘Default’ as the zone and click on ‘Next’ button.
















     c) Type the user name created in ‘Create User’ section in the ‘Users’ textbox and click on people picker icon. You should see the user name get underlined in the ‘Users’ text box.


























     d) Follow the verification steps to test form based authentication.

Verification

1.      Go to FBA SharePoint site and select ‘Forms Authentication’ option.




2.      Enter User Name and Password and select ‘Sign In’ button.


3.      You should be redirected to home page.



Comments


Provide your feedback if this article is helpful to you and also post your queries/issues if any.

2 comments:

  1. I followed all the above steps.After changing the web config file in central admin it is prompting me to enter credentials and even after entering it is telling wrong username and password but those are correct credentials.

    ReplyDelete
    Replies
    1. Dear Sukesh, CA site will be windows authentication. Obviously it will ask for credentials when you hit it in browser.

      While configuring FBA, you have to mention the role provider as windows token. Then only it will behave. I would suggest to revert CA web.config file and then access CA. Make sure that it is working fine. Then again re-configure as explained in article and test it.

      Hope this helps and enjoy you day!!!!

      Delete