For my current project I had to configure SharePoint 2010 for Forms Based Authentication (FBA). In this article I want to share my experiences on this topic. There is a lot of stuff on the internet and I read many blogs. They all show many details how to configure FBA succesfully, but in my opinion you have to manually edit too many files that can lead to a unstable environment. But let’s start at the beginning of it all.
ASP.NET Membership Provider
Although you can use different providers for FBA (such as LDAP) I used the ASP.NET Membership Provider. With this provider you have a SQL database for storing applications, roles, users and their memberships. Installing this provider is quite easy. And that’s a good thing.
- On your SharePoint or SQL server, open the folder C:WindowsMicrosoft.NETFramework64v2.0.50727 (I presume you have x64 environment)
- Run aspnet_regsql.exe. The ASP.NET SQL Server Setup Wizard starts…
After installation, start SQL Server Management Studio and provide sufficient rights to the Application Pool accounts of Central Administration and web application(s) for this database. I tried db_datareader and db_datawriter rights, but that didn’t work out. The right db_owner works, but there are more options. These settings also work:
Creating the Web Application and a site collection
At this point you can create a web application that will use Forms Based Authentication.
- Go to Central Administration and create a new web application
- Select the Claims Based Authentication radio button, which makes the option available to enable FBA.
- Enable Forms Based Authentication and fill in the names for the ASP.NET Membership Provider and Role Manager. I used the names FBAMembershipProvider and FBARoleManager. Remember these names, you will need them later!
- Complete and fill the other fields to create the web application.
- For testing purposes, create a site collection as well. Pick any template you like.
Configuring SharePoint 2010 for the ASP.NET Membership Provider
Now the database for the ASP.NET Membership Provider and your web application are in place, you can now configure SharePoint 2010 to use this Membership Provider. You need to edit the web.config files for the following web applications and service:
- Central Administration
- Security Token Service
- Your web application
The blog post by Mirjam van Olst (see at the end of this post), outlines very well what to edit in those web.config files. I did it all, but you need to be careful. After several times, I felt more like using a tool that’s modifying all these web.config files for me. How easy is that? On CodePlex I found the FBA Configuration Manager:
Just edit the XML and click on the button Update Configs.
In this article on MSDN you can read more about the Membership and RoleManager elements.
At this stage, you can test it. Browse to your site you have just created. You should see this screen:
You can now choose to login with Windows Authentication or Forms Based Authentication. After your selection you will be prompted for your credentials.
Now, you might think: Do I have a credential yet to login with FBA? The answer is No. With the installation of the ASP.NET Membership Provider there is no such kind of Management Tool. However, there are some options for you:
- If you are in a development environment you can start Visual Studio, Create a new ASP.NET Web Project, add your ConnectionString, MembershipProvider and RoleManager to the web.config. Then start the ASP.NET Configuration from the menu Project. This starts the ASP.NET Web Site Administration Tool.
- You could download and try the MembershipSeeder Tool from CodePlex. It’s a messy Windows application and I didn’t like it.
- Or, and I prefer this one: install the SharePoint 2010 FBA Pack available on CodePlex. After installation, browse to your web site and login with Windows Authentication. Then goto Site Actions, Site Settings, FBA User Management. Create a new user.. The Pack also offers more functionality which might come in handy.
After creating a user account for FBA, just go back to your site and login.
Conclusion
Using Forms Based Authentication with SharePoint 2010 is not that hard as you may think. Yes, you will have to configure quite a lot, but there are tools to make it easier.
Blogs that I have read are:
- Mirjam van Olst, Configuring claims and forms based authentication for use with a SQL provider in SharePoint 2010
- Another SharePoint Blog, http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx
- Donal Conlon, Configuring Forms Based Authentication for SharePoint 2010 using IIS7