Navigation

Monday, 9 February 2015

FBA Configuration in SharePoint

This article explains how to create Forms-Based Authentication for claims-based web applications using ASP.NET SQL membership and role providers.
We need to use the following procedure to configure FBA in SharePoint.

Step 1: Setting up the ASP.NET Membership Provider database.

First create the database to store users and groups. The membership store is created using the ASP.NET SQL Server Setup Wizard.

SQL Server Setup Wizard
.  
This is launched from the .NET 2.0 Framework folder on the server at: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

Framework folder on the server

Click "Next" to continue to the Select a Setup Option step.

Select a Setup Option

Select "Configure SQL Server for application services". This is the default option.

Click "Next" to advance to the Select the Server and Database step.
Select Configure SQL Server
 
Add the SQL Server name and instance where you want to create the FBA database. Also specify the database name.

Click "Next" to advance to the Confirm Your Settings step.
 
Select the Server and Database

Click "Next" to create the database.
 
create the database
 
You’ll see the success screen displayed above. Start Microsoft SQL Server Management Studio and connect to the database server instance. You’ll find that your new database has been created. If you’re using Integrated Security then you’ll need to provide access to the database for the following service accounts in SharePoint.

To create a new Login for a user go to "Security" -> "Login"-> "New User".
 
New User
 
Add the required details as below:

Add required detail
 
Click the "OK" button to add the user to the database.
 
Step 2: Configure the Central Admin Web Site to use the SQL Membership Provider.

Select the SharePoint Central Administration v4 site and add the connection string and Provider as below:

SharePoint Central Administration

Add Connection String: To add a Connection String, under the Actions menu on the right, select "Add" to create a new connection string.  Provide the details for the membership database for the new connection string as below:

Add Connection String
 
Add Role Provider: For adding Role Provider

Go back to the Web application page and open up the Providers page.  Here we will create a provider for Roles and Users.  Set the feature to .NET Roles and click "Add" in the Actions pane to add a new role provider.  I named it SPFBARoleProvider and selected the right type and connection string.

Add Role Provider
 
Add Membership Provider: To add a Membership Provider set the feature to .NET users and click "Add" from the actions pane to add a membership provider.

Add Membership Provider

Set the "EnablePasswordReset" to true and add a Data Connection String. I named it "SPMembershipProvider".

Step 3:  Configure the Secure Store Web Service to use the SQL Membership Provider.

We need to repeat the procedure in Step 2 to configure the SecurityTokenServiceAppliaation that is in the SharePoint Web Services application.

SecurityTokenServiceAppliaation
 
Step 4: Create Extranet Web Application
 
Finally we create a web application that will use FBA authentication.
 
In Central Administration, select the "Application Management" page then seelct "Manage Web Applications".  Select "New" from the ribbon to create a new web application.
 
Select "Claims Based Mode Authentication" as the Authentication Type. 

 Mode Authentication

Add the Membership Provider name and Role Manager name used everywhere in the configuration as below.

Add Membership Provider name and Role manager name
 
Step 5: Configure Membership Providers for Web App through IIS

In IIS Manager, browse to the new site. I have created "SharePoint:9000" . For the new FBA site we need to do the following configuration:
  • Add the connection string and add Providers for members and roles as in Step 2
  • Create .NET Roles
  • Create .NET Users
 Web App through IIS
Configure .NET Roles: For Configuring .NET Roles open the .NET Roles page for our web application.  You will receive a warning that the default role provider is not trusted.  You need to set the default role provider to "SPFBARoleProvider" or whatever you have named the role provider
 
 role provider

Create the role as per the requirements of the application. I have created the role as User, Admin and so on. 

Create the role

Configure .NET Users: For configuring .NET users open the .NET Users page.  You will get a warning that the default is not trusted.  Set the default provider to "SPFBAMembershipProvider" or whatever you have named the Membership Provider. 
 
Add the members with required details as below:

Add the Members

Add the created user to the role as below:

Add the created user

Finally set the .NET users and reset the default provider to “i” and the default Role Provider for the web application to “c”.