This article explains how to create Forms-Based Authentication for claims-based web applications using ASP.NET SQL membership and role providers.
We need to use the following procedure to configure FBA in SharePoint.
Step 1: Setting up the ASP.NET Membership Provider database.
First create the database to store users and groups. The membership store is created using the ASP.NET SQL Server Setup Wizard.
This is launched from the .NET 2.0 Framework folder on the server at: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
Click “Next” to continue to the Select a Setup Option step.
Select “Configure SQL Server for application services”. This is the default option.
Click “Next” to advance to the Select the Server and Database step.
Add the SQL Server name and instance where you want to create the FBA database. Also specify the database name.
Click “Next” to advance to the Confirm Your Settings step.
Click “Next” to create the database.
You’ll see the success screen displayed above. Start Microsoft SQL Server Management Studio and connect to the database server instance. You’ll find that your new database has been created. If you’re using Integrated Security then you’ll need to provide access to the database for the following service accounts in SharePoint.
To create a new Login for a user go to “Security” -> “Login”-> “New User”.
Add the required details as below:
Click the “OK” button to add the user to the database.
Step 2: Configure the Central Admin Web Site to use the SQL Membership Provider.
Select the SharePoint Central Administration v4 site and add the connection string and Provider as below:
Add Connection String: To add a Connection String, under the Actions menu on the right, select “Add” to create a new connection string. Provide the details for the membership database for the new connection string as below:
Add Role Provider: For adding Role Provider
Go back to the Web application page and open up the Providers page. Here we will create a provider for Roles and Users. Set the feature to .NET Roles and click “Add” in the Actions pane to add a new role provider. I named it SPFBARoleProvider and selected the right type and connection string.
Add Membership Provider: To add a Membership Provider set the feature to .NET users and click “Add” from the actions pane to add a membership provider.
Set the “EnablePasswordReset” to true and add a Data Connection String. I named it “SPMembershipProvider”.
Step 3: Configure the Secure Store Web Service to use the SQL Membership Provider.
We need to repeat the procedure in Step 2 to configure the SecurityTokenServiceAppliaation that is in the SharePoint Web Services application.
Step 4: Create Extranet Web Application
Finally we create a web application that will use FBA authentication.
In Central Administration, select the “Application Management” page then seelct “Manage Web Applications”. Select “New” from the ribbon to create a new web application.
Select “Claims Based Mode Authentication” as the Authentication Type.
Add the Membership Provider name and Role Manager name used everywhere in the configuration as below.
Step 5: Configure Membership Providers for Web App through IIS
In IIS Manager, browse to the new site. I have created “SharePoint:9000” . For the new FBA site we need to do the following configuration:
- Add the connection string and add Providers for members and roles as in Step 2
- Create .NET Roles
- Create .NET Users
Create the role as per the requirements of the application. I have created the role as User, Admin and so on.
Configure .NET Users: For configuring .NET users open the .NET Users page. You will get a warning that the default is not trusted. Set the default provider to “SPFBAMembershipProvider” or whatever you have named the Membership Provider.
Add the members with required details as below:
Add the created user to the role as below:
Finally set the .NET users and reset the default provider to “i” and the default Role Provider for the web application to “c”.v