Forms-Based Authentication in SharePoint 2013

Overview

Forms-Based Authentication is a claims-based identity management system that is based on ASP.NET membership and role provider authentication.

Forms-Based Authentication can be used against the following authentication providers:

  • AD DS
  • A membership database such as a SQL Server database
  • A Lightweight Directory Access Protocol (LDAP)

Forms-based Claims Authentication Process

Windows Claims Authentication is an interaction among a "Client Computer", "SharePoint Server" and a "Membership and Role Provider".

 Form based Authentication Process

  1. At first an anonymous user initiates a request to a secured SharePoint page as in the following:

    Request Web Page
     
  2. SharePoint responds and sends a forms-based login page for the user to enter the credentials as in the following:

    Form based login
     
  3. The user on the client computer types the credentials and the client computer sends them as in the following:

    Send Windows Credential
     
  4. SharePoint validates the credentials against the membership provider as in the following:

    Validate Windows Credential
     
  5. The SharePoint server queries the role provider for the roles associated with the user credentials as in the following:

    Role Provider
     
  6. The Security Token Service on the SharePoint server creates a claims-based security token and stores it with the distributed cache service on the SharePoint farm. the SharePoint sever then creates and sends a federated authentication cookie to the client computer, this cookie contains an encrypted key of the security toke. If the user is authorized to access the requested webpage through analysis of the claims in the security token then SharePoint sends the contents of the page.

    Create Security Token

For detailed information on how to configure FBA on ShrePoint 2013 here is a very good article by Sean Earp: Configuring SharePoint 2013 Forms-Based Authentication with SQLMemberShipProvider.

For more information about other authentication types check my other posts:

Happy coding.

Diagrams source: Microsoft Technet