Friday, May 29, 2009

Form Based Authentication (FBA) in Sharepoint

The default authentication in sharepoint is Active Directory. In cases when you have a internet portal where your user is mainly from internet, you might consider to use Form based authentication. This is not an uncommon scenario.



The good news is, it is possible to leverage on the existing ASP.NET Membership provider in .net framework 2.0 onwards. The next question will be HOW TO do it ...



1. Create membership provider database by executing [aspnet_regsql.exe] from [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727]



2. Give a name for the database, it is always better not to use the default name to avoid conflict of database, and continue the wizards to create the tables, stored procedures needed for membership providers



3. After you created the database, you need to add your first user. There are two ways:

a. Execute



declare @now datetimeset

@now= GETDATE()

exec aspnet_Membership_CreateUser '/', 'userlogin','password','','email@somewhere.com','','',1,@now,@now,0,0,null



b. Use VS to modify the ASP.NET Web configuration


4. Append three sections in web application web.config

<>

< name=" FBAConnectionString " connectionstring=" Data Source=.;Initial Catalog= MOSS_FBA;Integrated Security=True ">

< / connectionStrings >

< defaultprovider= " FBAMember ">

<>

< connectionstringname= " FBAConnectionString " enablepasswordretrieval=" false " enablepasswordreset=" true ">

requiresQuestionAndAnswer=" false "

applicationName="/"

requiresUniqueEmail="false"

passwordFormat=" Hashed "

maxInvalidPasswordAttempts="5"

minRequiredPasswordLength="1"

minRequiredNonalphanumericCharacters="0"

passwordAttemptWindow="10"

passwordStrengthRegularExpression=""

name="FBAMember" type="System.Web.Security.SqlMembershipProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" /> < / providers >< / membership >


< mode=" Forms ">

< / authentication >

<> <> < key="FBAMember" value="%"> < / PeoplePickerWildcards >


5. Make the same changes in web.config for central admin

6. Central Admin --> Application Management --> Site Collection Owner, Add the user that you created in step 3

7. Central Admin --> Application Management --> Authentication Providers , you should see two entry. Click on the default zone.

8. Change the authentication to 'FORM' and update the Membership provider name:
9. You should be able to login now.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)