Working With Form Based Authentication in SharePoint 2010

Introduction

In this article we will see how to enable Form Based Authentication (FBA) in a SharePoint 2010 environment.

Step 1

Form Based Authentication (FBA) requires understanding the Membership provider. Please check the following link for more details. We have a dependency with SQL Server to handle the SQL Membership provider.

http://msdn.microsoft.com/en-us/library/ff648345.aspx

Step 2

We need to enable Claim Based Authentication at the Web Application level. By default SharePoint 2010 sets the Classic (windows) Authentication. It's better to create a new Web Application with this option.

authenticationinsharePoint.jpg

AuthenticationinSharePoint

Once we have enabled it, we can see the Claims Authentication Types options as in the following:

authenticationtypeinsharepoint.jpg

Just specify the Membership provider name (AspNetSqlMembershipProvider) and we'll use the same name in the Config key also. For the signin page, we'll use the default option, if required we will change it to a custom page. We didn't any other option to create the site collection.

signinPageinsharepoint.jpg

Step 3

Our assumption is that we already configured the SQL membership DB using the command "aspnet_regsql". Check the following links for reference.

http://weblogs.asp.net/sukumarraju/archive/2009/10/02/installing-asp-net-membership-services-database-in-sql-server-expreess.aspx

http://helios.ca/2009/04/22/aspnet-mvc-sqlmembershipprovider/

Step 4

We need to add our SQL membership DB connection string in the Central Admin web.config file.

C:\inetpub\wwwroot\wss\VirtualDirectories à CA site à web.config

Step 5

We need to repeat Step4 of the config changes for the site collection which we just created with Claim Based Authentication.

Step 6

Repeat the Step4 config changes for the SecurityTokenService web.config file also.

IIS path - SharePoint Web Services à SecurityTokenService

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\Root à web.config

In addition to this change, add the following key in membership. Note that the key name "AspNetSqlMembershipProvider" will be the same name as used in the site collection creation.

<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>

Step 7

After the config key changes, we try to create a new site in the same site collection, we will see the following message and it ensures us that our configurations are correct.

webconfiginsharepoint.jpg

Assuming we already created profiles with the name "venkat1" and while creating the new site collection, in the secondary site collection administrator, we didn't use a people picker control, just type your profile name and press Ctl+k, it will resolve automatically and in the tooltip we saw the profile come from "AspNetSqlMembershipProvider".

tooltipinsharepoint.jpg

Just browse to the newly created site collection URL, we will see the following login page:


selectauthenticationinsharepoint.jpg


If we choose "Forms Authentication", it will prompt for a user name and password as shown below:


Signinwarninginsharepoint.jpg

If the User Name and password are authenticated, we will login our site.

authentication1insharepoint.jpg

Summary

Form Based Authentication is one of the alternate methods of Windows Authentication. Still we have limitations like the profile created using the "sqlmembershipprovider" needs to have some level of access in the site, in the above sample we added the user as secondary site collection administrator, so that user can login using FBA and view the site.