In this article we will see how to enable Form Based Authentication (FBA) in a SharePoint 2010 environment.
Form Based Authentication (FBA) requires understanding the Membership provider. Please check the following link for more details. We have a dependency with SQL Server to handle the SQL Membership provider.
We need to enable Claim Based Authentication at the Web Application level. By default SharePoint 2010 sets the Classic (windows) Authentication. It's better to create a new Web Application with this option.
Once we have enabled it, we can see the Claims Authentication Types options as in the following:
Just specify the Membership provider name (AspNetSqlMembershipProvider) and we'll use the same name in the Config key also. For the signin page, we'll use the default option, if required we will change it to a custom page. We didn't any other option to create the site collection.
Our assumption is that we already configured the SQL membership DB using the command "aspnet_regsql". Check the following links for reference.
We need to add our SQL membership DB connection string in the Central Admin web.config file.
C:\inetpub\wwwroot\wss\VirtualDirectories Ãƒ CA site Ãƒ web.config
We need to repeat Step4 of the config changes for the site collection which we just created with Claim Based Authentication.
Repeat the Step4 config changes for the SecurityTokenService web.config file also.
IIS path - SharePoint Web Services Ãƒ SecurityTokenService
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\Root Ãƒ web.config
In addition to this change, add the following key in membership. Note that the key name "AspNetSqlMembershipProvider" will be the same name as used in the site collection creation.
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
After the config key changes, we try to create a new site in the same site collection, we will see the following message and it ensures us that our configurations are correct.
Assuming we already created profiles with the name "venkat1" and while creating the new site collection, in the secondary site collection administrator, we didn't use a people picker control, just type your profile name and press Ctl+k, it will resolve automatically and in the tooltip we saw the profile come from "AspNetSqlMembershipProvider".
Just browse to the newly created site collection URL, we will see the following login page:
If we choose "Forms Authentication", it will prompt for a user name and password as shown below:
If the User Name and password are authenticated, we will login our site.
Form Based Authentication is one of the alternate methods of Windows Authentication. Still we have limitations like the profile created using the "sqlmembershipprovider" needs to have some level of access in the site, in the above sample we added the user as secondary site collection administrator, so that user can login using FBA and view the site.