How to configure forms based authentication
in 2013
·
This is a step by step approach
on how to configure claim/form based authentication in SharePoint 2013. If you
have configured Forms based authentication in earlier versions of SharePoint
like 2010, the process to configure OOB forms based authentication in
SharePoint 2013 is not much different. One major difference between SharePoint 2010 and the 2013 beta is that Claims
Authentication is the only authentication method available in the User
Interface (UI) within Central Administration. If necessary, we can still use
PowerShell to create a Web App in “classic” mode. We
are using the SharePoint 2013 beta version to show the configuration process
here. Similar to earlier versions of SharePoint we need to perform the
following steps :
1.
Create the Asp.net DB user/role repository
2.
Create a web application that uses Forms based authentication
3. Update web.config file of Central Admin.
4. Update web.config file of the web application
5. Update web.config file of the STS (Secure Token Service) Application
3. Update web.config file of Central Admin.
4. Update web.config file of the web application
5. Update web.config file of the STS (Secure Token Service) Application
6. Add some users in the database (can use
ASP.net configuration wizard).
7. Create a site collection
7. Create a site collection
8.
Test the connection to the site collection with SQL users using FBA.
Step 1: Create the Asp.net DB user/role repository
using SQL database
·
Go to the
location: C:\Windows\Microsoft.NET\Framework\v4.0.30319 and find
aspnet_regsql.exe and double click on it.
·
The
Asp.Net SQL server setup wizard will open up. Click next and then select
“Configure SQL server for application services” as shown below.
·
Provide the server name, select
Widows authentication and keep database as default.
·
Click next in the following
screens to finish configuration.
·
Make sure that aspnetdb is
created in SQL Management Studio on the SQL server and the login user has dbo
rights in the aspnetdb database. On server explorer expand security ->
logins -> double click on the user -> Select user mapping -> ckeck
db_owner rights for the user.
· Also perform the same steps for the SharePoint service account that you will use to create your web application.
·
Now we are done with our SQL
database for Forms users. We will add users to this database in step 6.
Step
2: Create a web application that uses Forms based authentication
·
Go to central administration
website -> click on application management -> Click new on the top ribbon
-> fill all the details as expected.
For Forms based authentication under Claims Authentication Types select
“Enable Forms Based Authentication (FBA)”. In our case as we have chosen
default configuration, in the “ASP.NET membership provider name” enter
“AspNetSqlMembers” and in the “ASP.NET Role manager name” enter “AspSqlRoles”.
Step3: Update web.config file of Central
Admin.
·
Easy way to locate the
web.config file is to use IIS Manager and choose Explore after selecting the
web site.
·
Before modifying the file please keep a
backup of the original file.
·
We will
need to update the central admin web.config to add our key to PeoplePicker
entry
o
Find the
</SafeControls> tag and add the following entry below it :
<PeoplePickerWildcards>
<clear />
<add key="AspNetSqlMembers" value="%" />
</PeoplePickerWildcards>
Refer to
the below image
Step 4: Update
web.config file of the web application
·
Locate the web.config in a
similar way as mentioned in step 3 and please keep a backup of the file before
modifying
·
Find the <PeoplePickerWildcards>
entry and add our key. It should look like
<PeoplePickerWildcards>
<clear />
<add key="AspNetSqlMembers" value="%" />
<add key="AspNetSqlMembershipProvider" value="%" />
</PeoplePickerWildcards>
·
Refer to the image below:
·
Next find the “<machineKey
validationKey” entry and add the below entry after “<machineKey>” tag
ends
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider,
Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" />
<add connectionStringName="sqlconn" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="AspNetSqlMembers" type="System.Web.Security.SqlMembershipProvider,
System.Web, Version=2.0.3600.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider,
Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" />
<add connectionStringName="sqlconn" applicationName="/" name="AspNetSqlRoles" type="System.Web.Security.SqlRoleProvider,
System.Web, Version=2.0.3600.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
Please
refer to the image below:
·
Next find the tag “</microsoft.identityModel>” and
add the below connection string entry :
<connectionStrings>
<add name="sqlconn" connectionString="data source=INSPS02;User
Id=sa;Password=pass@word1;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
</connectionStrings>
Please refer to the image below:
Step 5: Update web.config file of the STS (Secure Token Service)
Application
·
Here we will add the membership
and role provider entries and the connection string entry
·
Find the web.config file same
way as done in previous steps and keep a backup of the same.
·
Find <system.web> entry
and add the below entry within it. If the system.web entry is not there, please
create one.
<membership defaultProvider="AspNetSqlMembers">
<providers>
<add connectionStringName="sqlconn" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" requiresUniqueEmail="false" passwordFormat="Hashed" applicationName="/" name="AspNetSqlMembers" type="System.Web.Security.SqlMembershipProvider,
System.Web, Version=2.0.3600.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager defaultProvider="AspNetSqlRoles" enabled="true">
<providers>
<add connectionStringName="sqlconn" applicationName="/" name="AspNetSqlRoles" type="System.Web.Security.SqlRoleProvider,
System.Web, Version=2.0.3600.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
·
Please refer to the image below
·
Below the <stsyem.web>
entry add the connection string entry as mentioned below:
<connectionStrings>
<add name="sqlconn"
connectionString="data source=INSPS02;User
Id=sa;Password=pass@word1;Initial Catalog=aspnetdb"
providerName="System.Data.SqlClient" />
</connectionStrings>
·
Please refer to the image
below:
Step 6: Add some users to the database:
We will use aspnet configuration
wizard to add users the SQL database
·
Create an empty asp.net website
in visual studio
·
Modify the web.config by adding
the following connection string entry (modify the datasource with your
datasource name):
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=INSPS02;Initial
Catalog=aspnetdb;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
·
Please refer to the image
below:
·
Build the application
·
Navigate to website->
asp.net configuration
·
Navigate to security ->
create user and create the desired users.
Step 7: Create a site
collection to test the FBA configuration
·
Go to central admin and create
a site collection using the web application configured above.
Step 8: Test the connection to the site collection with
SQL users using FBA
·
Navigate to the website url
-> choose windows authentication
·
Navigate to users and groups
and add the user created in step 6 to the read only user group, then logout
from the website.
·
Login the application using
forms authentication -> provide the user details of the user created in step
6.
·
Navigate the website as a forms
user.