Saturday, January 1, 2011

Steps to set Form based authentication (FBA) for SharePoint 2010

1.       DOWNLOAD FBA User Management Tool

          Go to “C:\Windows\Microsoft.NET\Framework\v2.0.50727”.

2.       Open file “aspnet_regsql.exe” (with Run as Administrator).

                                I.            You will get an installation form. Hit “Next” button.


                              II.            Click on “Configure SQL Server for application services” then hit “Next” button.


                            III.            Now provide server name to connect & install new database for Membership. Now hit “Next” button.

                            IV.            Now you get a summary page on which you will get server name & its new database name called “aspnetdb”. Click on “Next” button.


                              V.            Now database has been created. Click on “Finish” button.


3.       Install FBA tool.
4.       Create a new Site collection (suppose we called it “A”).
5.       Extend this site (Suppose we called it “B”).
                                I.            Open Central Administration.
                              II.            Click on Application Management.
                            III.            Click on Manage Web application.


                            IV.            Click on “Site A” & then hit Extend button on ribbon.


1.       Click on Create a new IIS web site.
2.       Provide name & port number (optional).
3.       Provide host header (optional)
4.       Select Anonymous Access to –No
5.       Use Secured Socket layer – No

6.       Check on Enable Windows Authentication. Check On Integrated windows authentication & select “NTLM”.

7.       Check Enable Forms Based Authentication.  In “ASP.NET Membership provider name” put “SqlMember” & in ASP.NET Role manager name put “SqlRole”.

8.       Select – Default Sign in Page.
9.       Select Zone.
10.   Click OK.

11.   After creating this site, Test this site.

6.       Make changes in web.config files.
                                I.            Open inetmgr.
                              II.            Explore Site A & take back up of web.config file.
1.       Open web.config file.
2.       Put this connection string just after  configSections>
<connectionStrings>
    <clear />
    <add name="AspNetSqlMembershipProvider" connectionString="data source=test-share3\sharepoint;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  connectionStrings>
3.        Search for entry <PeoplePickerWildcards> & put this entry within this tag.
<add key="SqlMember" value="%" />
               <add key="SqlRole" value="%" />
4.       Search for entry <membership> & < roleManager> replace whole entry with :



<membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="SqlMember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </membership>
    <roleManager enabled="true" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="c" createPersistentCookie="false" maxCachedResults="25">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add applicationName="/" name="SqlRole" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </roleManager>

 
5.       Now save & close this web.config file.

                            III.            Explore Site B (Extended new site) & take back up of web.config file.
1.       Open web.config file.
2.       Put this connection string just after  configSections>
<connectionStrings>
    <clear />
    <add name="AspNetSqlMembershipProvider" connectionString="data source=test-share3\sharepoint;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  connectionStrings>
3.        Search for entry <PeoplePickerWildcards> & put this entry within this tag.
<add key="SqlMember" value="%" />
               <add key="SqlRole" value="%" />
4.       Search for entry <membership> & < roleManager> replace whole entry with :
<membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="SqlMember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </membership>
    <roleManager enabled="true" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="c" createPersistentCookie="false" maxCachedResults="25">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add applicationName="/" name="SqlRole" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </roleManager>
5.       Now save & close this web.config file.
                            IV.            Explore Central Administration Site & take back up of web.config file.
1.       Open web.config file.
2.       Put this connection string just after  configSections>
<connectionStrings>
    <clear />
    <add name="AspNetSqlMembershipProvider" connectionString="data source=test-share3\sharepoint;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  connectionStrings>
3.        Search for entry <PeoplePickerWildcards> & put this entry within this tag.
<add key="SqlMember" value="%" />
               <add key="SqlRole" value="%" />
4.       Search for entry <membership> & < roleManager> replace whole entry with :
     
   <membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="SqlMember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </membership>
    <roleManager enabled="true" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="c" createPersistentCookie="false" maxCachedResults="25">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add applicationName="/" name="SqlRole" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </roleManager>  
     
   
5.       Now save & close this web.config file.

                              V.            Now click on “SharePoint web services” & then click on “SecurityTokenServiceApplication” and explore it.


1.       Search for tag system.net> & paste this just after system.net> tag
<connectionStrings>
            <clear />
            <add name="AspNetSqlMembershipProvider" connectionString="data source=test-share3\sharepoint;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
      connectionStrings>
      <system.web>
            <membership defaultProvider="SqlMember">
                  <providers>
                        <add connectionStringName="AspNetSqlMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="SqlMember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                  providers>
            membership>

            <roleManager defaultProvider="SqlRole" enabled="true">
                  <providers>
                        <add connectionStringName="AspNetSqlMembershipProvider" applicationName="/" name="SqlRole" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                  providers>
            roleManager>
      system.web>
2.       Now Save & Close this. Web.config file.

7.       Go to Center Administration, Click on Manage Web Application.
8.       Select Site “A” & Click on User Policy.
                                I.            You will get a dialog box


                              II.            Click on “Add Users”, you will see the below dialog box, which will ask you to select the zone for which you want to add the users. Select zone and click next


                            III.            In the next window, “Choose Users” then “Choose Permission” for those users and click Finish.



Important Note:  Don’t forget to grant “dbOwner” access to NT/AUTHORITY user on aspnetdb database.

-----------------------------------------------------------------------------------
DOWNLOAD FBA User Management Tool
-----------------------------------------------------------------------------------

9 comments:

Aryan Nava said...

Great Post and excellent steps

Aryan Nava said...

Great Post and excellent steps

Anonymous said...

Get following error when trying to open CA after making web.config changes :-

HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid

HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid

Config Source
779:
780:


Thanks for your help

dineshkumar s said...

Im also getting an error. Please advise me to overcome it. The error is as follows...

"The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs."

dineshkumar s said...

Hi,

Im also getting the an error. Please find the following error and advise me to overcome this...

"The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs."

dineshkumar s said...

Hi,
Im also getting an error as follows. Please advise me to overcome this..

"The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs."

Thanks in advance

dineshkumar s said...

Hi,

Im also getting the an error while implementing this..Please find the following error and advise me to overcome this..

"The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs."

Thanks in advance.

Anshuman Jasrotia said...

I installed the FBA Tool but I am not able to find "Manage FBA Users" link. Please help

Behrouz said...

Please Replace Code At Stage V.1 Here, Place Code just After and Before :









providers>
membership>








------------------------------
Code for V.1 is a bit Wrong.Tag should be close , example :

in your Code , you didn't Close Tag :
providers>
roleManager>
system.web>

Administrator is not able to change user’s picture in User Profile in SharePoint Admin Center

For some users Admin is able to change picture by going to User Profile -> Manage user profile option. But for some users , Admin ...