Click here to Skip to main content
Click here to Skip to main content

Form Authentication for MOSS 2007 Site

, 5 Jun 2007
Rate this:
Please Sign up or sign in to vote.
The purpose of this document is to provide the step by step information about enabling the Form Based Authentication (FBA) for MOSS 2007 site.

Introduction

The purpose of this document is to provide the step by step information about enabling the Form Based Authentication (FBA) for MOSS 2007 site. MOSS 2007 sites uses windows authentication by default. But some business needs form based authentication to fulfill the requirements.

Below section explains to enable Form Authentication for MOSS 2007 site.

Setting up ASP.Net 2.0 Forms Authentication User and Role Data Source

This section explains creation of database which is used to store user's information such as credentials and roles which is used for Form Authentication. This section also explains the configuration of Membership and Role providers in the web.config file and creation of users using ASP.Net configuration wizard. This article shows creating a user and which will be used for testing Form Authentication later.

Create Database

To create database, Microsoft has provided a tool/ utility called aspnet_regsql.exe that creates a database for us. This utility can be found in %windir%\Microsoft.Net\Framework\vx.x.xxxxx folder. Please see the image below:

Screenshot - 1.jpg

Executing aspnet_regsql.exe file will open ASP.Net SQL Setup wizard that will walk through creating the ASP.Net 2.0 database. I have added the database name as FBAASPNetDb and configured it for windows authentication. Please see the image below:

Click on Next button. Please see the image below:

Select Configure SQL Server for application services option and click Next button. Please see the image below:

Click Next button. Now the database FBAASPNetDb is created successfully. Please see the image below:

Configure Membership and Role Providers

In the previous section, database is created successfully. Now we need to add a user in to database. Using ASP.Net Configuration Wizard, users can be added the database. This can be achieved by creating web site that will allow us to add the users and roles and also ensure the database connection strings, membership and role providers are correctly configured before we bring Sharepoint in to equation.

Below steps explains creating web site and configuring membership and role providers and executing ASP.Net Configuration Wizard.

a) Open Visual Studio 2005 and select File à New à Web Site. In the New Web Site dialog, select the ASP.Net Web Site template and enter the location to store the web site files. Please see the image below:

In the above image, location shows Z:\Inetpub\FBA. This is because Sharepoint server root directory is mapped to my system as Visual Studio 2005 is not installed in server machine. You can choose any location whichever is comfortable for you.

b) Add a new web.config file to web site project. Please see the image below:

c) By default, you will see a <connectionStrings/> node within <configuration> node. Specify the connection string to the database which has been created in the previous section. Please see the image below:

I have mentioned server as EC4-NETP-148429. This is the server in which SQL Server 2005 is installed. Please mention the respective server name.

d) After setting up the connection string, we need to specify the membership and role providers in the web.config file. In this article, I am using ASP.Net SQL Membership and Role providers. So specify the provider's information within the <system.web> tag. Please see the image below:

One thing we need to make sure that is, the provider name and connection string attribute specified in the web.config file should not be same as specified in the machine.config file. When we install .Net Framework 2.0, default connection string and providers are specified in the machine.config file.

e) Save web.config file and launch the ASP.Net Configuration Wizard by clicking on Website à ASP.Net Configuration. Please see the image below:

f) Set the authentication type in the above wizard. To do this, click Security link. In the Security tab, under Users section, click Select authentication type link. Select From the internet option and press Done button which is available in the bottom right corner. By selecting this option, which means that site will use form authentication to identify users. Please see the image below:

g) To test the membership and role providers, click on Provider tab. In the Provider tab, click on Select a different provider for each feature (advanced) link. Select right / correct membership and role provider and click Test link to ensure that providers are communicating to right database. Please see the image below:

At this point, we configured web.config file with connection string and providers information. Also we tested the providers with the database. Next section will explain adding users to database.

Create a User

a) To add users, click on Security tab. In Security tab, under Users section, click Create user link. Here I am adding user as testFBA and password as password which will be used for testing form authentication later. Please see the image below:

Now we have created a user successfully. Do not worry about creating roles at this time and will be explained later.

Creating Web Applications

This section explains creating web application using Sharepoint Central Administration. In this article I am creating two IIS web sites; one is extranet site which will be used by the content owners and configured to windows authentication. Another site is internet site specifically for internet users and configured to form authentication. Below section explains creating of two sites.

Creating extranet IIS Web site

Before creating new site, we need to create new web application. Below is the step by step information for creating new web application.

a) Click Start à All Programs à Microsoft Office Server à Central Administration.

b) In the Application Management tab, under Sharepoint Web Application Management section, click Crate or extend Web application link.

c) In Create or Extend Web Application page, click Create a new Web Application link. Provide the information to create new web application and click OK button. Please see the image below.

d) Create site under the above web application. To do this, in Application Management tab, under Sharepoint Site Management section, click Create site collection link.

e) In Create Site Collection page, select the web application which have been created in the previous step and provide other information to crate the site and click OK button. Please see the image below.

Now we created the web application and site successfully. Next section explains creating internet site.

Creating internet IIS Web site

This section explains extend our web application to another internet site which has been created in the previous sections. This site is for anonymous or internet users.

a) Click Start à All Programs à Microsoft Office Server à Central Administration.

b) In the Application Management tab, under Sharepoint Web Application Management section, click Crate or extend Web application link.

c) In Create or Extend Web Application page, click Extend an existing Web application link. Provide the information to extend the web application and click OK button. Please see the image below.

Now we have successfully created extranet and internet site. Below is the URL for these sites.

For extranet site: http://ec4-netp-148429:4040

For internet site: http://ec4-netp-148429:4041

Open the browser and test both the site by typing the URL. But these two sites are asking about windows authentication because these sites are not yet configured to form authentication.

Below section explains configuration of web.config file of each site with connection string and providers information.

Configure Web Application to communicate with Form Authentication Data Store

In this section, we are modifying the web.config file of two sites. Web.config file resides in the root directory of the site i.e. c:\Inetpub\wwwroot\wss\Virtual Directories. Under this, two folders i.e. 4040 and 4041 are available. Web.config file of specific site is available inside these folders.

Configure web.config file of extranet site

The web.config file of extranet site is available in c:\Inetpub\wwwroot\wss\VirtualDirectories\4040 folder.

a) Open web.config file, specify the <connectionStrings> node defined in the section 2.2.c just after the closing </SharePoint> tag and opening <system.web> tag. Please see the image below:

b) Add the membership and role provider node which is defined in the section 2.2.d, just after opening the <system.web> tag. Please see the image below:

c) Save the web.config file.

Configure web.config file of internet site

The web.config file of internet site is available in c:\Inetpub\wwwroot\wss\VirtualDirectories\4041 folder.

a) Open the web.config file and follow the same step specified in the Section 4.1

Configure SharePoint Central Administration

The web.config file of Central Administration site is available in c:\Inetpub\wwwroot\wss\VirtualDirectories\13035 folder. To find the virtual directory open IIS. Under Web Site folder, find Sharepoint Central Administration v3. Right click to open properties. In the Properties pop up, click Home Directory tab and find the Local Path.

a) Open the web.config file and follow the same step specified in the Section 4.1

b) Here we need to very careful while specifying defaultProvider information for Role Provider. In the Role Manager attribute, add AspNetWindowsTokenRoleProvider as defaultProvider. This is necessary because Central Administration still uses Windows Authentication for the role provider. Please see the image below:

c) Save the web.config file.

Enable Form Authentication for Internet site

Enabling Form Authentication to internet site using Central Administration is very simple. Below steps explains the enabling form authentication.

a) Browse to Central Administration web site. Select Application Management Tab.

b) In the Application Management Tab, under Application Security section, click on Authentication Providers link. Please see the image below:

c) Select the Extranet Web Application. You could see Default and Internet zone for the extranet web application. In this we are configuring form authentication for Internet application. Please see the image below:

d) Click on Internet zone option. Edit Authentication page will open. Select Authentication Type as Forms. Check the enable anonymous access check box and provide membership and role manager name. After providing the information, click on Save button. Please see the image below:

Now we successfully enabled the form authentication for the internet site. To prove form authentication is actually working with our data store, we need to add the user to the site. Below step explains to adding user to site.

e) Browse to extranet web site. In our case it is http://ec4-netp-148429:4040

f) Click Site Actions à Site Settings à People And Groups. Please see the image below:

g) Click on New à Add User.

h) In the Add User page, enter user name as testFBA which we created in the previous steps and provide the permission for the user. Please see the image below:

Now we created a user and granted the permission successfully. Below steps explains testing form authentication.

i) To test Form Authentication, Browse the internet site. In our case it is http://ec4-netp-148429:4041

j) Now system will redirect to Sign In page. Please see the image below:

k) Enter testFBA as user name and password as password and click on Sign In button. Please see the image below:

Now we successfully log in into internet site with form authentication.

Author

Nagendra Gunaga is having 5.8 years of experience in IT industry. His experience is in .Net Framework, C#.Net, ADO.Net, ASP.Net, SQL Server and Microsoft Office SharePoint Server.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

I have about 10 plus years of experience in professional software development with extensive involvement in Web based Object-Oriented, Multi-Tiered application design and development. I have experience in working with Content Management System and Portal Management System tools like SharePoint and also had experience in Integration of SharePoint with Commerce Server, Exchange Server.
 
Currently I am working in a Software firm Hewlett Packard Global Soft Private Limited as SharePoint Solution Architect located in Bangalore, India. My main responsibilities include designing SharePoint solution for a large enterprise product, automating SharePoint Deployment, Developing WebParts, Managing SharePoint Authentications. You can contact by emailing me at nagendragunaga@gmail.com

Comments and Discussions

 
GeneralMy vote of 2 PinmvpMark Nischalke9-Mar-12 1:57 
GeneralAdd bulk users from some source into the database(FBAASPNetDb, here). Pinmemberrscrbv18-Apr-11 2:46 
Generalhaving problem in step "g" under "Enable Form Authentication for Internet site" heading. Pinmemberrscrbv18-Apr-11 1:36 
GeneralRe: having problem in step "g" under "Enable Form Authentication for Internet site" heading. Pinmemberrscrbv19-Apr-11 23:04 
GeneralThanks PinmemberDhaval_Mevada2-Mar-11 19:04 
GeneralMy vote of 5 PinmemberDhaval_Mevada2-Mar-11 19:03 
GeneralMy vote of 4 PinmemberK.kanagaraj23-Sep-10 21:34 
GeneralHTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.Internet Information Services (IIS) Pinmembervarun588523-Sep-10 19:08 
QuestionCannot sign in a user Pinmemberahmadnawaz5-Jun-10 1:19 
GeneralExcelent! Thanks! Pinmemberota.lunak22-Apr-10 1:05 
GeneralExcellent Article With Perfect Result Pinmemberdiptichhatrapati5-Apr-10 19:01 
GeneralMy vote of 2 [modified] PinmemberNeeraj Kr14-Dec-09 9:19 
GeneralMarvellous Post Pinmemberarvindravish18-Jul-09 16:52 
GeneralGreat post Pinmembersaanj9-Jun-09 2:20 
QuestionHow to use Custom database for Authentication PinmemberPankaj_Rathore12-Feb-09 5:08 
GeneralAwesome Post Pinmembervijayalaya22-Dec-08 20:47 
QuestionHow to make the sharepoint site accessible over internet? PinmemberMember 276875415-Nov-08 1:50 
AnswerRe: How to make the sharepoint site accessible over internet? PinmemberOslec2-May-11 14:42 
GeneralRe: How to make the sharepoint site accessible over internet? PinmvpMark Nischalke4-May-11 4:56 
GeneralRe: How to make the sharepoint site accessible over internet? PinmemberOslec5-May-11 19:16 
QuestionIs it possible to add a "Forgotten password" functionnality on login page ? Pinmembermausse1-Oct-08 4:42 
GeneralYou are my hero!!!!!!!!!!!!!!!!!!!!!!!!!! Pinmemberalf196525-Sep-08 10:15 
QuestionCan we use the FBA model for our Intranet site PinmemberMember 138812630-Jul-08 21:03 
AnswerRe: Can we use the FBA model for our Intranet site [modified] PinmemberAM211-Aug-08 6:22 
QuestionContinuous Pop up for login page PinmemberAM2118-Jun-08 6:24 
AnswerRe: Continuous Pop up for login page PinmemberAM2120-Jun-08 0:14 
GeneralRe: Continuous Pop up for login page PinmemberMember 424989916-Dec-08 3:51 
GeneralSQL Error message PinmemberShandain30-May-08 2:29 
GeneralRe: SQL Error message Pinmembersowens10-Jun-08 4:12 
Questioncan not connect to sql server database Pinmembersowens14-May-08 10:16 
AnswerRe: can not connect to sql server database PinmemberNagendraGunaga14-May-08 16:40 
GeneralRe: can not connect to sql server database [modified] Pinmembersowens15-May-08 3:22 
GeneralRe: can not connect to sql server database Pinmembersowens16-May-08 10:17 
AnswerRe: can not connect to sql server database PinmemberNagendraGunaga18-May-08 17:37 
GeneralRe: can not connect to sql server database [modified] Pinmembersowens19-May-08 6:23 
GeneralRe: can not connect to sql server database PinmemberAM218-Jun-09 1:59 
GeneralForm based authentication PinmemberMember 457766329-Apr-08 8:23 
GeneralFBA, User Registration Form PinmemberDaastan16-Mar-08 18:47 
GeneralUser logon fails PinmemberHalDiggs19-Dec-07 13:23 
GeneralRe: User logon fails PinmemberHalDiggs19-Dec-07 13:28 
GeneralCreate Multiple users in .net application Pinmembersema z8-Nov-07 7:44 
AnswerRe: Create Multiple users in .net application PinmemberAM218-Jun-09 2:07 
Generalsql membership and role providers Pinmembersema z5-Oct-07 6:32 
Generalinfopath forms Pinmembersema z21-Sep-07 13:04 
Questioninfopath forms Pinmembersema z21-Sep-07 11:09 
Generalerror after step :e Pinmembersweetraskels14-Sep-07 7:32 
QuestionRoleProvider PinmemberTony Fabian10-Sep-07 2:01 
GeneralProblems with (windows) authentication Pinmemberpory7-Aug-07 3:17 
AnswerRe: Problems with (windows) authentication Pinmemberpory7-Aug-07 23:46 
GeneralRe: Problems with (windows) authentication PinmemberNagendraGunaga8-Aug-07 0:24 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140721.1 | Last Updated 5 Jun 2007
Article Copyright 2007 by NagendraGunaga
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid