There are not a lot of differences with configuring FBA for SharePoint 2010 compared to 2007, but there are a few.  For instance, SharePoint 2010 no longer supports “classic FBA”, rather forms based authentication is provided through Claims Authentication.  There is also the introduction of the Secure Store Service which is the next-gen of the Single Sign On service of old.

Both of these come into play when configuring Forms Based Authentication.

1 . Configure SQL for membership store

The membership store is still created using the ASP.NET SQL Server Setup Wizard.  This is launched from the .NET 2.0 Framework folder on the server at:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

This wizard will take you thorough the steps and will build out the SQL database for you.




2. Configure Central Admin Web Site to use SQL Membership Provider

SharePoint web sites out of the box are configured to use Active Directory.  So you may be wondering why we’re configuring Central Admin to use FBA when we don’t really want to login in as an FBA user.  Well, we actually don’t want to configure it to to login as a forms user, but we do need to be able to add users from out membership database when configuring site collection admins, and the like.

So all we want to do is tell the Central Admin web application to use our SQL membership provider as well as AD, so when you use the people picker to select users, it will provide results from our membership database.

Open IIS Manager and locate central administration site


Open the Connection Strings Page.  Under Actions menu on the right, select Add… to create a new connection string.  Provide the details for the membership database for the new connection string.



Add Role Provider

Go back to the Web Application page and open up Providers page.  Here we will create a provider for Roles and Users.  Set feature to .NET Roles and click Add… in the Actions pane to add a new role provider.  I called it FBARoleProvider and selected the right type and connection string.



Add Membership Provider

Now set feature to .NET Users and click Add… from the actions pane to add a membership provider.


Select the correct type and connection string, and whatever behaviors you choose.

That’s it for the providers for Central Admin.

To verify that all looks ok, we can check the web.config of the web application.  To get to the right web.config, right-click on the web application under sites, and select Explore.




3 . Configure Secure Store Web Service to use SQL Membership Provider

Everything we did for Central Admin site, we are going to do for theSecurityTokenServiceAppliaation which is in the SharePoint Web Services application.


4. Create Extranet Web Application

Ok, finally we are ready to create our web application (called SharePoint – FBA) that will use FBA authentication.

In Central Admin, Select the Application Management page, and select Manage web applications.  Select New from the ribbon to create a new web application.

Select Claims Based Mode Authentication as Authentication Type. Allow anonymous access and select values for all the other options until you get to the “Enable Forms Based Authentication“.

Add the values we created earlier in the section “Enable Forms Based Authentication” for role and membership provider.



You can specify your custom login page, I will do in later posts.



Click ok and application will be created.

So now our application has been created but we need to configure the same roles and membership providers for this application too, previously we did for only central administration.


So our new web application is here in IIS manager, I will configure it with roles and members


Add a new connection string


Open the .NET Roles page for our web application.  You will receive a warning that the default role provider is not trusted.  There is a pre-configured SharePoint related role and membership is available, so we don’t need to create our own.



Now create some new roles and user for our web application


When u try to open new roles you will see following error message, simple ignore it


We do not have any roles in our database at this point, so let’s create two (StandardUser, SuperUser) by clicking Add… in the actions pane.


Now we need to do the same for .NET Users.  Open the .NET Users page.  You will get a similar warning saying the default is not trusted.  Assuming you don’t let’s add some.  Click Add… from the Actions pane to add users, and assign them roles.



Now create and open the site collection



After creating a new site collection when u open it you will see the following screen


As we have created a user in sql server database and that user is site collection administrator, so use for based authentication.



So you have been logged in with sql server user. That’s it.


Advertisements