Interesting, isn’t it???
Why would you want to authenticate by your AD account from FBA while you can still do by Windowns Authentication..
Actually i didn’t find a reason but i was giving SharePoint course, when a Trainee told me one reason, its better User Interface for the end user, seems that end user does not like the windows authentication… well okay
So we did this lab, but if you find more reasons why would you do it, please write a comment… 🙂
So here is the steps:
First let me tell you we will edit in 3 web.config files…
1- Of our web app.
2- Central administration
3- STS Secure token Service
so lets start:
Step 1:
Go to web.config of your web app, and add those lines:
<membership defaultProvider=”i”>
<providers>
<add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
<add name=”admembers”
type=”System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”
connectionStringName=”adconn”
enableSearchMethods=”true”
attributeMapUsername=”sAMAccountName” />
</providers>
</membership>
<roleManager defaultProvider=”c” enabled=”true” cacheRolesInCookie=”false”>
<providers>
<add name=”c” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
</providers>
</roleManager>
</system.web>
<connectionStrings>
<add name=”adconn”
connectionString=”LDAP://crmdemo.com/DC=crmdemo,DC=com” />
</connectionStrings>
Note: I am highlighting </system.web> as it already exists, you will add the membership above it and below it, you will add the connection string.
Step 2:
Open Central administration web.config:
<membership defaultProvider=”admembers”>
<providers>
<add name=”admembers”
type=”System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”
connectionStringName=”adconn”
enableSearchMethods=”true”
attributeMapUsername=”sAMAccountName” />
</providers>
</membership>
</system.web>
<connectionStrings>
<add name=”adconn”
connectionString=”LDAP://crmdemo.com/DC=crmdemo,DC=com” />
</connectionStrings>
Note: I am highlighting </system.web> as it already exists, you will add the membership above it and below it, you will add the connection string.
Step 3:
Now we add the same to STS Secure Token Service web.config,
To open it, open IIS 7 or if you have win 2008 R2 then your IIS is 7.5, anyway in both it is same steps:
Right Click on it and click explore, there are 3 files, we only want the web.config: now to the end of web.config
after </system.net> we will add the connection string:
</system.net>
<connectionStrings>
<add name=”adconn”
connectionString=”LDAP://crmdemo.com/DC=crmdemo,DC=com” />
</connectionStrings>
<system.web> there was not system.web but we will add it
<membership defaultProvider=”admembers”>
<providers>
<add name=”admembers”
type=”System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”
connectionStringName=”adconn”
enableSearchMethods=”true”
attributeMapUsername=”sAMAccountName” />
</providers>
</membership>
</system.web>
</configuration>
…… Last but not least 🙂
This depends: if you created your web app. and kept the default selection of Classic Authentication selected, then we need to convert it to use Claims, to do this, Open SharePoint PowerShell an write the following:
$w = Get-SPWebApplication http://servername:port
$w.UseClaimsAuthentication = “True”;
$w.Update()
before this PS, go to CA > manage web app > select your web app and from ribbon > click Authentication provider >
You will see Forms dimmed, after the PS command it will be enabled, and you can write your membership name as it was in web.config, and as below…..
Now try…. yes try it, open your site, if you tried to login using FBA and wrote Administrator, you will get access denied while this is Farm administrator account….
One last Step:
we need to the administrator of FBA as Secondary administrator:
go to CA > Manage web app > click site collection administrators > in secondary:
There is administrator from AD and from FBA….. 🙂
add it, it should be like below: add administrator and any user you want from AD.
Now try to login to your site again using Forms authentication:
Next Post, i will tell you how to see only FBA without choosing, and still by AD account.
Good Luck, don’t forget it to write comment to tell me about another reason..
Kuldip Thakkar said:
Hi,
i having client requirement to to create FBA with AD.
Scenario is just like:
1) Client login with their gmail id & Password.
2)Authenticate gmail id & Password with google api code(Code is already available for google authentication).
3)if id is valid then check in userMaster list where AD username is mapping with gmail id
(userMaster list having 2 column userName(type:users or groups) & email (type:singleline of text) ).
4)from userMaster list it will find valid AD user name(on base of gmail ID) & logged in through AD user.
i am using sharepoint 2010, please suggest me way for developing custom login page for this requirement.
Thanks,
Kuldip Thakkar
Store Assistant said:
Hi! I know this is kinda off topic nevertheless I’d figured I’d ask.
Would you be interested in trading links or maybe guest authoring a blog post or vice-versa?
My site discusses a lot of the same subjects as yours and I think we could greatly
benefit from each other. If you’re interested feel free to send me an e-mail. I look forward to hearing from you! Awesome blog by the way!
http://www.umbc.edu/vpaf/imagemapmaker/phpinfo.php?a=a+hrefhttpwww.oworking.comFree+dns+downloada said:
It’s not my first time to go to see this web page, i am browsing this web page dailly and obtain pleasant information from here all the time.
Mai Omar Desouki said:
Thank you v much
simpsons tapped out donuts hack said:
I am extremely impressed with your writing skills and also with the
layout on your blog. Is this a paid theme
or did you modify it yourself? Either way keep up the nice quality writing,
it is rare to see a great blog like this one today.
http://www.veteransadvantage.com/mw/User:TawannaSherrard said:
What’s up, yes this piece of writing is in fact pleasant and I have learned lot of
things from it about blogging. thanks.
Mai Omar Desouki said:
Thank you. Great you like it 🙂
Muneer Essa Safi said:
Hi May , Great Post,
Does the same applies to SP2013
Mai Omar Desouki said:
Thank you Muneer.
Yes, it does.
http://webtunebd.com said:
Hey there would you mind letting me know which webhost
you’re working with? I’ve loaded your blog in 3 completely different internet browsers and I must say
this blog loads a lot faster then most. Can you recommend a good web hosting provider at a fair price?
Thanks a lot, I appreciate it!
Timberland zapatos hombre said:
Greetings from Carolina! I’m bored to death at work so I decided
to browse your site on my iphone during lunch break. I enjoy the info you provide here and can’t
wait to take a look when I get home. I’m surprised at how quick your
blog loaded on my cell phone .. I’m not even using WIFI, just 3G ..
Anyhow, superb blog!
Mai Omar Desouki said:
Thanks.
Anonymous said:
Hi, i think that i saw you visited my website thus i came
to “return the favor”.I’m trying to find things to
improve my web site!I suppose its ok to use some
of your ideas!
Mai Omar Desouki said:
What????
激安 コート 信頼 said:
I am not sure where you are getting your information,
but good topic. I needs to spend some time learning more or understanding more.
Thanks for magnificent info I was looking for this info for my
mission.
Mai Omar Desouki said:
I am glad it helped you. Any questions just email me.. Good luck
Visit said:
I believe that is one of the so much vital info for me. And i
am glad studying your article. However should observation on few general things, The web
site style is wonderful, the articles is truly excellent : D.
Excellent task, cheers
haiderkhafagi said:
well done, great post, i tried the steps above, its working fine for the administrator, however users are getting access denied (Sorry, this site hasn’t be shared with you) page once they pass the login page.
haiderkhafagi said:
well done, great post, applied the above steps and its working fine for administrator, however users are getting access denied (sorry, the site hasn’t been shared with you) once they complete the login process
Mai Omar Desouki said:
What I did not thats mine