• Know more about me

Mai Omar Desouki

~ Senior Cloud Solution Architect @ Microsoft

Mai Omar Desouki

Category Archives: FBA

Forms Based Authentication FBA by AD in SharePoint 2010

22 Friday Jul 2011

Posted by Mai Omar Desouki in FBA, Form Based Authentication, SharePoint 2010

≈ 20 Comments

Tags

FBA, Form Based Authentication, SharePoint 2010


Interesting, isn’t it???

Why would you want to authenticate by your AD account from FBA while you can still do by Windowns Authentication..

Actually i didn’t find a reason but i was giving SharePoint course, when a Trainee told me one reason, its better User Interface for the end user, seems that end user does not like the windows authentication… well okay

So we did this lab, but if you find more reasons why would you do it, please write a comment… 🙂

So here is the steps:

First let me tell you we will edit in 3 web.config files…

1- Of our web app.

2- Central administration

3- STS Secure token Service

so lets start:

Step 1:

Go to web.config of your web app, and add those lines:

<membership defaultProvider=”i”>
      <providers>
        <add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
<add name=”admembers”
           type=”System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”
           connectionStringName=”adconn”
           enableSearchMethods=”true”
           attributeMapUsername=”sAMAccountName” />

</providers>
    </membership>

    <roleManager defaultProvider=”c” enabled=”true” cacheRolesInCookie=”false”>
      <providers>
        <add name=”c” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
      </providers>
    </roleManager>

</system.web>

<connectionStrings>
   <add name=”adconn”
        connectionString=”LDAP://crmdemo.com/DC=crmdemo,DC=com” />
</connectionStrings>

Note: I am highlighting </system.web> as it already exists, you will add the membership above it and below it, you will add the connection string.

Step 2:

Open Central administration web.config:

<membership defaultProvider=”admembers”>
   <providers>
      <add name=”admembers”
           type=”System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”
           connectionStringName=”adconn”
           enableSearchMethods=”true”
           attributeMapUsername=”sAMAccountName” />
   </providers>
</membership>

  </system.web>

<connectionStrings>
   <add name=”adconn”
        connectionString=”LDAP://crmdemo.com/DC=crmdemo,DC=com” />
</connectionStrings>

Note: I am highlighting </system.web> as it already exists, you will add the membership above it and below it, you will add the connection string.

Step 3:

Now we add the same to STS Secure Token Service web.config,

To open it, open IIS 7 or if you have win 2008 R2 then your IIS is 7.5, anyway in both it is same steps:

sts1

Right Click on it and click explore, there are 3 files, we only want the web.config: now to the end of web.config

after </system.net> we will add the connection string:

</system.net>

<connectionStrings>
   <add name=”adconn”
        connectionString=”LDAP://crmdemo.com/DC=crmdemo,DC=com” />
</connectionStrings>

<system.web>  there was not system.web but we will add it

<membership defaultProvider=”admembers”>  
<providers>
<add name=”admembers”
           type=”System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”
           connectionStringName=”adconn”
           enableSearchMethods=”true”
           attributeMapUsername=”sAMAccountName” />
</providers>
</membership>

</system.web>

</configuration>

…… Last but not least 🙂

This depends: if you created your web app. and kept the default selection of Classic Authentication selected, then we need to convert it to use Claims, to do this, Open SharePoint PowerShell an write the following:

$w = Get-SPWebApplication http://servername:port

$w.UseClaimsAuthentication = “True”;

$w.Update()

before this PS, go to CA > manage web app > select your web app and from ribbon > click Authentication provider >

dimmedforms

You will see Forms dimmed, after the PS command it will be enabled, and you can write your membership name as it was in web.config, and as below…..

membershipinca

Now try…. yes try it, open your site, if you tried to login using FBA and wrote Administrator, you will get access denied while this is Farm administrator account….

One last Step:

we need to the administrator of FBA as Secondary administrator:

go to CA > Manage web app > click site collection administrators > in secondary:

scadmin

There is administrator from AD and from FBA….. 🙂

add it, it should be like below: add administrator and any user you want from AD.

secondary

Now try to login to your site again using Forms authentication:

FBA2

Next Post, i will tell you how to see only FBA without choosing, and still by AD account.

Good Luck, don’t forget it to write comment to tell me about another reason..

Share this:

  • Facebook
  • LinkedIn
  • Twitter
  • Email
  • Print
  • Reddit

Like this:

Like Loading...

Blog Visitors

  • 82,159 Visitors

Categories

  • About me (1)
  • Microsoft Teams (3)
    • SharePoint Online (1)
  • Microsoft Viva (1)
  • Migration (2)
  • OneDrive for Business (1)
  • Parents (1)
  • Power Platform (1)
  • SharePoint 15 (5)
  • SharePoint 2010 (56)
    • Content Types (1)
    • Developer Dashboard (1)
    • Document Set (1)
    • Events I am Speaking In (2)
    • External Lists (1)
    • FAQ (2)
    • FBA (1)
    • Form Based Authentication (1)
    • Integration of CRM 2011 with SharePoint 2010 (1)
    • JQuery (1)
    • Master Page (1)
    • My Site (1)
    • PowerShell (3)
    • SharePoint Administration (5)
    • SharePoint Branding (1)
    • SharePoint Customization (5)
    • SharePoint Designer (4)
    • SharePoint Designer Workflow (1)
    • SharePoint Events (2)
    • SharePoint Online (1)
    • SharePoint Permissions (1)
    • SharePoint Workflow (1)
    • User Profile (2)
    • User Profile Sync (1)
    • Videos (1)
    • WebParts (1)
    • Workflow (1)
  • SharePoint 2013 (91)
    • Cloud App (1)
    • Event Handler (1)
    • iPad (1)
    • IPhone (1)
    • Napa (1)
  • SharePoint Updates (1)
  • Visual Studio 2012 (3)
  • Viva Engage (1)
  • Yammer (1)

Tag Cloud

About me Document Set Events I am Speaking In FAQ FBA Form Based Authentication JQuery Master Page Microsoft Teams Migration My Site PowerShell SharePoint 15 SharePoint 2010 SharePoint 2013 SharePoint Administration SharePoint Branding SharePoint Customization SharePoint Designer SharePoint Designer Workflow SharePoint Events SharePoint Online SharePoint Permissions SharePoint Workflow User Profile User Profile Sync Videos Visual Studio 2012 WebParts Workflow

Calendar

February 2023
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728  
« Sep    

Archive

  • September 2022 (2)
  • August 2022 (2)
  • July 2022 (2)
  • March 2022 (1)
  • August 2021 (2)
  • September 2020 (2)
  • May 2020 (2)
  • April 2020 (6)
  • March 2020 (1)
  • September 2019 (2)
  • July 2015 (1)
  • May 2015 (3)
  • April 2015 (1)
  • March 2015 (1)
  • February 2015 (2)
  • January 2015 (1)
  • October 2014 (1)
  • September 2014 (3)
  • June 2014 (7)
  • May 2014 (5)
  • April 2014 (4)
  • March 2014 (3)
  • February 2014 (1)
  • January 2014 (2)
  • December 2013 (6)
  • November 2013 (5)
  • October 2013 (6)
  • September 2013 (5)
  • August 2013 (5)
  • July 2013 (5)
  • June 2013 (2)
  • May 2013 (2)
  • February 2013 (2)
  • January 2013 (1)
  • October 2012 (2)
  • September 2012 (7)
  • August 2012 (15)
  • July 2012 (5)
  • June 2012 (2)
  • May 2012 (4)
  • April 2012 (2)
  • March 2012 (1)
  • August 2011 (3)
  • July 2011 (15)

Blog at WordPress.com.

  • Follow Following
    • Mai Omar Desouki
    • Join 63 other followers
    • Already have a WordPress.com account? Log in now.
    • Mai Omar Desouki
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: