Saturday, January 1, 2011

Steps to set Form based authentication (FBA) for SharePoint 2010

1.       DOWNLOAD FBA User Management Tool

          Go to “C:\Windows\Microsoft.NET\Framework\v2.0.50727”.

2.       Open file “aspnet_regsql.exe” (with Run as Administrator).

                                I.            You will get an installation form. Hit “Next” button.


                              II.            Click on “Configure SQL Server for application services” then hit “Next” button.


                            III.            Now provide server name to connect & install new database for Membership. Now hit “Next” button.

                            IV.            Now you get a summary page on which you will get server name & its new database name called “aspnetdb”. Click on “Next” button.


                              V.            Now database has been created. Click on “Finish” button.


3.       Install FBA tool.
4.       Create a new Site collection (suppose we called it “A”).
5.       Extend this site (Suppose we called it “B”).
                                I.            Open Central Administration.
                              II.            Click on Application Management.
                            III.            Click on Manage Web application.


                            IV.            Click on “Site A” & then hit Extend button on ribbon.


1.       Click on Create a new IIS web site.
2.       Provide name & port number (optional).
3.       Provide host header (optional)
4.       Select Anonymous Access to –No
5.       Use Secured Socket layer – No

6.       Check on Enable Windows Authentication. Check On Integrated windows authentication & select “NTLM”.

7.       Check Enable Forms Based Authentication.  In “ASP.NET Membership provider name” put “SqlMember” & in ASP.NET Role manager name put “SqlRole”.

8.       Select – Default Sign in Page.
9.       Select Zone.
10.   Click OK.

11.   After creating this site, Test this site.

6.       Make changes in web.config files.
                                I.            Open inetmgr.
                              II.            Explore Site A & take back up of web.config file.
1.       Open web.config file.
2.       Put this connection string just after  configSections>
<connectionStrings>
    <clear />
    <add name="AspNetSqlMembershipProvider" connectionString="data source=test-share3\sharepoint;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  connectionStrings>
3.        Search for entry <PeoplePickerWildcards> & put this entry within this tag.
<add key="SqlMember" value="%" />
               <add key="SqlRole" value="%" />
4.       Search for entry <membership> & < roleManager> replace whole entry with :



<membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="SqlMember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </membership>
    <roleManager enabled="true" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="c" createPersistentCookie="false" maxCachedResults="25">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add applicationName="/" name="SqlRole" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </roleManager>

 
5.       Now save & close this web.config file.

                            III.            Explore Site B (Extended new site) & take back up of web.config file.
1.       Open web.config file.
2.       Put this connection string just after  configSections>
<connectionStrings>
    <clear />
    <add name="AspNetSqlMembershipProvider" connectionString="data source=test-share3\sharepoint;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  connectionStrings>
3.        Search for entry <PeoplePickerWildcards> & put this entry within this tag.
<add key="SqlMember" value="%" />
               <add key="SqlRole" value="%" />
4.       Search for entry <membership> & < roleManager> replace whole entry with :
<membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="SqlMember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </membership>
    <roleManager enabled="true" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="c" createPersistentCookie="false" maxCachedResults="25">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add applicationName="/" name="SqlRole" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </roleManager>
5.       Now save & close this web.config file.
                            IV.            Explore Central Administration Site & take back up of web.config file.
1.       Open web.config file.
2.       Put this connection string just after  configSections>
<connectionStrings>
    <clear />
    <add name="AspNetSqlMembershipProvider" connectionString="data source=test-share3\sharepoint;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  connectionStrings>
3.        Search for entry <PeoplePickerWildcards> & put this entry within this tag.
<add key="SqlMember" value="%" />
               <add key="SqlRole" value="%" />
4.       Search for entry <membership> & < roleManager> replace whole entry with :
     
   <membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="SqlMember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </membership>
    <roleManager enabled="true" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="c" createPersistentCookie="false" maxCachedResults="25">
      <providers>
        <clear />
        <add connectionStringName="AspNetSqlMemberShipProvider" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add applicationName="/" name="SqlRole" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, &#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </roleManager>  
     
   
5.       Now save & close this web.config file.

                              V.            Now click on “SharePoint web services” & then click on “SecurityTokenServiceApplication” and explore it.


1.       Search for tag system.net> & paste this just after system.net> tag
<connectionStrings>
            <clear />
            <add name="AspNetSqlMembershipProvider" connectionString="data source=test-share3\sharepoint;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
      connectionStrings>
      <system.web>
            <membership defaultProvider="SqlMember">
                  <providers>
                        <add connectionStringName="AspNetSqlMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="SqlMember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                  providers>
            membership>

            <roleManager defaultProvider="SqlRole" enabled="true">
                  <providers>
                        <add connectionStringName="AspNetSqlMembershipProvider" applicationName="/" name="SqlRole" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                  providers>
            roleManager>
      system.web>
2.       Now Save & Close this. Web.config file.

7.       Go to Center Administration, Click on Manage Web Application.
8.       Select Site “A” & Click on User Policy.
                                I.            You will get a dialog box


                              II.            Click on “Add Users”, you will see the below dialog box, which will ask you to select the zone for which you want to add the users. Select zone and click next


                            III.            In the next window, “Choose Users” then “Choose Permission” for those users and click Finish.



Important Note:  Don’t forget to grant “dbOwner” access to NT/AUTHORITY user on aspnetdb database.

-----------------------------------------------------------------------------------
DOWNLOAD FBA User Management Tool
-----------------------------------------------------------------------------------
Post a Comment