Configuring Form Based Authentication in WSS

Last week i was just configuring the Form Based Authentication in WSS for one of our client. Although its been a very basic thing in sharepoint but i thought to blog it for any one who is new to it.

Below are the steps to configure FBA (Form Based Authentication) in Sharepoint/WSS 3.0.

Scenario: We will create a webapplication and site collection and then we will change the authentication to Form based rather windows which is default.

Form based authentication provider supports authentication against credentials stored in one of the following.

1. The Active Directory

2. a Database

3. An LDAP store

In this example i will show you the way one can authenticate the users from the database store.

1. First of all execute aspnet_sqlreg.exe to configure the Asp.Net membership provider database in SQL Server.

Note: aspnet_regsql is placed inside %WindowsDir%\Microsoft.Net\Framework\v2.0.50727

Above screen shows the way to execute aspnet_regsql.exe

2. Press Next, and complete the wizard.

3. You will notice that the tables will be created in the database selected.

4. Now create a dummy website in Asp.Net

5. Add web cofiguration file

6. Specify the connection string to the database just created above.

7. Now we have to add users, click on the Asp.Net Configuration under website section from Visual Studio

8. Now click on the Security link from the Asp.Net configuration website

9. In the Security page click on the Authentication Type and select “From Internet”

10. Press done to save the settings.

11. Now click on the Create users link to add users from the Security Page.

11. Now create a new Web Application in SharePoint from Central Administration.

12. Go to the Application Management in Central Administration website and click on “Create or Extend Web Application”.

13. In the Create or Extend Web Application page click on Create New Web Application

14. Specify appropriate values in the Create new web application screen and press Ok to create.

15. Now create a site collection for the newly created webapplication.

16. Now open the sharepoint webapplication web.config file and place connection string, people picker, membership provider and role providers.

Add People Picker Wild Cards for your Membership Provider

    <PeoplePickerWildcards>
      <clear />
      <add key="SqlProvider" value="%" />
    </PeoplePickerWildcards>

Add Connection string tag after </sharepoint>

  <connectionStrings>
    <add name="MySqlConnection" connectionString="server=ovais-2504dc252; database=SPFormBased; User Id=FBAService; Password=123;"/>
  </connectionStrings>

Add Membership provider and Role Manager under <system.web>

    <membership defaultProvider="SqlProvider">
      <providers>
        <clear />
        <add connectionStringName="MySqlConnection" enablePasswordRetrieval="false"
          enablePasswordReset="true" requiresQuestionAndAnswer="false"
          applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
          maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1"
          minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
          passwordStrengthRegularExpression="" name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="SqlRoleProvider">
      <providers>
        <add connectionStringName="MySqlConnection" applicationName="/"
          name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
      </providers>
    </roleManager>

17. Do the same for Central Administration web application but instead of setting Default provider to SqlProvider (in our case) set AspNetWindowsTokenRoleProvider in Role Manager tag.

   <membership defaultProvider="SqlProvider">
      <providers>
        <clear/>
        <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider"
             connectionStringName="MySqlConnection"
             enablePasswordRetrieval="false"
             enablePasswordReset="true"
             requiresQuestionAndAnswer="false"
              applicationName="/"
              requiresUniqueEmail="false"
              passwordFormat="Hashed"
              maxInvalidPasswordAttempts="5"
              minRequiredPasswordLength="1"
              minRequiredNonalphanumericCharacters="0"
              passwordAttemptWindow="10"
              passwordStrengthRegularExpression=""
             />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <add name ="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider"
        connectionStringName="MySqlConnection"
        applicationName="/" />
      </providers>
    </roleManager>

18. Now, open the properties windows from IIS for newly created website and go to the Directory Security tab.

19. Click on edit and set the Administrator account in Authentication methods screen. Note the administrator should have access rights to the ASPNet database.  Make sure that the user should have db_owner, membership_fullaccess rights.

20. Now go to the Central Administration > Application Management > Policy for Web Application. Make sure the correct web application is selected.

21. Type the user name that exist in the Aspnet database. Sharpoint will resolve the name give appropriate rights.

22. Now navigate to the Web Application

23. Enter user name and password that exist in AspNet database.

24. System will login and display the home page.

Advertisements

3 thoughts on “Configuring Form Based Authentication in WSS

  1. I’ve been absent for some time, but now I remember why I used to love this site. Thank you, I’ll try and check back more often. How frequently you update your web site?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s