This blog is regarding configuring Form Based Authentication for Sharepoint Server 2010/Sharepoint foundation 2010. There was requirement to have FBA on another server(remote server) on different server location than Sharepoint Server 2010. We can enable FBA for Sharepoint application having Asp.net Membership database and it is not necessary to have Sql FBA database to be on same server as Sharepoint Server 2010 or Sharepoint Foundation 2010.
We need to have Application Pool for that application having Identity of Network Service. Let walk through complete process of activating FBA for an application. There are many excellent resources available for the same. This is just an improvement and attempt to minimize the steps for configuring FBA with ease, secure way and easily achievable and more importantly if there is need to have FBA DB that is on cross domain and not on the same server as your Sharepoint Server or Sharepoint foundation 2010.
Highly recommend: Please take one notepad file and note all things which we will define as DB Server, DB User, Connection string name, Membership name, Membership provider
STEP 1: Configure FBA DB in Sql Server for Membership
Copy and paste below highlighted path on your My Computer:
This will open wizard which allows you to configure your DB settings
After finishing setup wizard. Open Sql Server Management Studio 2008 & verify that DB FBASppc DB has been created or not. Once the database is created, we’re going to create and add a SQL user, rather than use integrated authentication. If your SQL instance is not already running in mixed-mode, you can change it through Server properties in SQL Server Management Studio.
Select Security, Right click Add New >> Login
Now, map the new Sql User with our DB
Select Database, Expand FBAsppc database >> Right Click Security >> Add >>
User Enter same username ("Fbasp") which we entered at Security new login and for Login name enter name which we entered at security new login.
Assign db_owner roles and rights to the user for Sql Login.
We created a SQL user called Fbasp. We added Fbasp to ASPNetFormsAuth database naming FBASppc and gave them the db_owner role. We’re done with SQL part.
STEP 2: Configuring Sharepoint Central Admin web site to use Sql Membership for FBA
Open IIS>> Start >> Run>> inetmgr >>
We need to add new connection string and role provider
Connection String configuration
- Open the Connection Strings Page. Under Actions menu on the right, select Add… to create a new connection string. Provide the details for the membership database for the new connection string.
- Go back to the Web Application page and open up Providers page. Here we will create a provider for Roles and Users. Set feature to .NET Roles and click Add… in the Actions pane to add a new role provider. Please provide Application name which enables provider to authenticate user of that application.
- Add Membership Provider
Add .Net Users using Sql Membership Provider. We are naming
Membership Provider: FbaMembershipprovider
Please note the names of Conneciton string, RoleProvider, Membership Provider
The above configuration will modify the Central Admin web.config. We can confirm by explore Central Admin in IIS.
<add connectionString="Server=Sp-pc;Database=FBASppc;User ID=fbasp;Password=fbasp" name="fbaspconnection" />
STEP 3: Configuring Sharepoint Web Services for Secure Store to use Sql Membership for FBA
- Open Central Admin
- Select Application Management and select Manage web applicaitons
- Select New from Ribbon to create a new web application
- Select Claim Based Authentication as Authentication type
- Make sure to Select FBA Authentication and provide Role Provider name, Membership Provider name which we had in notepad files entered during provider settings in Central Admin and SecurityTokenServiceApplication.
Add the values we created earlier in the section “Enable Forms Based
Authentication” for role and membership provider.
Once, web application is created successfully. Don’t create Site-collection until configuring some more steps.
- Add Connection String
Same as in Step 2 & 3
- Add Role & User providers in Providers section as done previously
- Configure .Net Roles
The below steps are not required for Central Admin and Security Token Service
do not have any roles in our database at this point, so let’s create two (admin,
SuperUser) by clicking Add… in the actions pane.
Configure .NET Users
Now we need to do the same for .NET Users. Open the .NET Users page. You will get a similar warning saying the default is not trusted.
Set the default provider to FbaMembershipprovider(our case may be like FbaMembershipprovider). If you had members in the database, you would now see them listed. Assuming you doesn’t let’s add some.
After done it Please make sure set default provider in .net User. Otherwise during login in site collection its throwing Access Denied.
You should also check the default Role Provider for the web application and ensure that is set to “c”. If this is set to the SQL provider that you created, you will get an unexpected error after you logon.
Also set Default Provider “c” in Configure .NET Roles and set Default Provider "i" in .Net Users.
Below two steps most Important.
SharePoint should have done this when you created the web application, but let’s confirm. From the web application home page in IIS Manager, select Authentication under the IIS section. Confirm that the web application has both Integrated and Forms enabled.
Create new site collection under FBA2012
Open Central Admin>>Application Management>>Create site collections
Set secondary site collection administrator which you have create in .Net User. For exa:paras assigned superadmin role. Login with Form Authentication paras using credentials in new site.
Enjoy FBA on Sharepoint.
Please let me know in case of any queries on same.