Configure Form Based Authentication in SharePoint 2013

-

If we want to Share the SharePoint site among our external vendors, one way of implementing this is to implement the Form based Authentication to the extended SharePoint web application. In this way the vendors will have their LogIn IDs through which they can get access to the SharePoint sites. After the successful installation and configuration of FBA feature in SharePoint, we can create the FBA Users and Roles through a separate web application or as a SharePoint feature. SharePoint 2013 FBA Pack provides the features to Add, Manage FBA users/Roles and also provide you with the web part for Password Change, Request for Access and Custom Login Page with your corporate branding. In this whole process of FBA configuration the following things are involved:

 

-          Create FBA user database or Creating custom provider for User Authentication

-          Extend the hosted web application with external Host Header

-          Select FBA Authentication in Claim Based Authentication section of Extended Web Application in the configuration page

-          Check the "Enable Form Based Authentication (FBA)" and uncheck "NTLM" in Claims Authentication Types Section of Extended Web Application in the configuration page

-          Enter the FBA Membership Provider and FBA Role Provider names in Claims Authentication Types Section of Extended Web Application in the configuration page

-          Update web.config in three different places (SharePoint Administration, SecurityTokenServiceApplication and Content Web Application)

-          Create your custom login page (If you don't want to use the default login page for FBA)

 

I tried to elaborate the process by taking step by step snapshot. But, if you face any issues, please feel free to contact me here.

 

1.       Create the FBA User Database

 

 

 

2.       Grant Appropriate permissions for the newly created database

 

3.       Create a New Web Application and Site Collection in SharePoint (In case if you don't have the base web application created)

 

 

 


4.       Extend the web application for Form Based Authentication (FBA): Go to SharePoint Central Administration->Application Management and select the web application that you want to extend. Then click Extend from the Ribbon Toolbar and fill in the required information.

 

-          Extend the hosted web application with external Host Header

-          Select FBA Authentication in Claim Based Authentication section of Extended Web Application in the configuration page

-          Check the "Enable Form Based Authentication (FBA)" and uncheck "NTLM" in Claims Authentication Types Section of Extended Web Application in the configuration page

-          Enter the FBA Membership Provider and FBA Role Provider names in Claims Authentication Types Section of Extended Web Application in the configuration page

 

 

 

5. Update Web.Config for SecurityTokenServiceApplication, SharePoint Administration and Content Web Application

For the SecurityTokenServiceApplication

 -          In the the config file, find the following sections and add the blue tagged sections. Or add if necessary. But, the connection string section will have to be added at the end of the configuration section which means just before the last line of the web.config file.

  <system.web>

    <membership>

      <providers>

    <add name="FBAMembershipProvider"

                type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

                connectionStringName="FBAUsers"

                enablePasswordRetrieval="false"

                enablePasswordReset="true"

                requiresQuestionAndAnswer="false"

                applicationName="/"

                requiresUniqueEmail="true"

                passwordFormat="Hashed"

                maxInvalidPasswordAttempts="5"

                minRequiredPasswordLength="7"

                minRequiredNonalphanumericCharacters="0"

                passwordAttemptWindow="10"

                passwordStrengthRegularExpression="" />

    </providers>

    </membership>

    <roleManager>

      <providers>

         <add name="FBARoleProvider"

                                type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

                                connectionStringName="FBAUsers"

                                applicationName="/" />

      </providers>

    </roleManager>

  </system.web>

  <connectionStrings>

    <add name="FBAUsers"

  connectionString="Data Source=MYSHAREPOINT\SSRSSQL;Initial Catalog=FBAdatabase;Integrated Security=SSPI" />

  </connectionStrings>

 

For SharePoint Central Administration/Content Web Application:

 

-          In the <PeoplePickerWildcards> section (configuration/SharePoint/PeoplePickerWildcards)

Add the following:

<add key="FBAMembershipProvider" value="%" />

 -          Find the configuration/system.web/membership/providers section

Add the following:

                <add name="FBAMembershipProvider"

                type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

                connectionStringName="FBAUsers"

                enablePasswordRetrieval="false"

                enablePasswordReset="true"

                requiresQuestionAndAnswer="false"

                applicationName="/"

                requiresUniqueEmail="true"

                passwordFormat="Hashed"

                maxInvalidPasswordAttempts="5"

                minRequiredPasswordLength="7"

                minRequiredNonalphanumericCharacters="0"

                passwordAttemptWindow="10"

                passwordStrengthRegularExpression="" />

 

-          Find the configuration/system.web/roleManager/providers section

Add the following:

<add name="FBARoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"     connectionStringName="FBAUsers"  applicationName="/" />

 -          Find the configuration/connectionStrings section (Or add it if necessary)

Add the following

<connectionStrings>

    <add name="FBAUsers"  connectionString="Data Source=MYSHAREPOINT\SSRSSQL;Initial Catalog=FBAdatabase;Integrated Security=SSPI" />

</connectionStrings>

 

 

6.    Install SharePoint FBA Pack to manage FBA Users (http://sharepoint2013fba.codeplex.com/ )

    Install (or upgrade) the SharePoint 2013 FBA Pack

·         Download and unzip Sharepoint2013FBAPack.X.X.X.zip to the SharePoint server.

·         Open PowerShell and navigate to the folder the files were unzipped to.

·         Run the following command:

·         .\deploy [Site Collection URL]

·         e.g. .\deploy http://demo2010a:13824/

·         The FBA Pack will be deployed to SharePoint and activated on the specified site collection. If the site collection url is omitted, you will need to manually activate the 'Forms Based Authentication Management' feature in each site collection you wish to use it.

·         To uninstall run:

·         .\undeploy [Site Collection URL]

 

 



Comments

Post a Comment

Popular posts from this blog

Cloud Computing Technology Assessment

-
Image
Table Of Contents   Introduction Definition of Cloud Computing Cloud Computing Service Models Cloud Computing Deployment Models Why Cloud Computing? Benefits and Drawbacks of Cloud Computing Survey Results on Cloud Computing Microsoft Office 365 and Windows Azure Cloud Model   Preface By the word "Cloud" in technology term, we mean an online service through which we can get access to the contents as well as functionality any time and from anywhere. It is a real shift in computing mindset. The main shift is to move from "Software as a Product" concept to "Software as a Service" concept. Cloud computing is gaining popularity for its ease of access and worry free maintenance. But, there are lots of concerns about the Legal aspects of putting sensitive and confidential information into the grip of third party cloud service providers or online hackers. Industries are also thinking of TCO (Total Cost of Ownership), the Speed and Avai
Read more

Database Testing With DBUnit

-
Image
DBUnit is an Open Source Database Testing Framework which was created by Manuel Laflamme. DBUnit is a Database Unit Testing Framework to Test Database Driven Classes, Procedures or Functions. NUnit, MVC .NET/Visual Studio testing platforms can be used to build a standard unit test suite. Developer should create a dataset, defined within an XML file, and then extends one of a number of parent classes to inherit pre-defined functionality in order to use the framework. An IDbConnection implementation to connect to the database, then DbUnit.NET can be used to test the data access code. Following Operations can be performed using DBUnit: UPDATE TRUNCATE INSERT REFRESH DELETE CLEAN_INSERT DELETE_ALL NONE Other Operations: Composite Operation Transaction Operation Identity Insert Operation DBUnit Support Databases: OracleDatabase MsSQL MySQL IbmDB2 IbmInformix H2 HypersonicSQL PostgreSQL SybaseSQL InterBase OpenBase8 SapDB/MaxDB Derby FrontBase HOW TO WRITE A DBUnit TEST CASE ? To create a
Read more

Data Science, Big Data & Microsoft Machine Learning

-
Image
Preface Data is seemingly controlling us and everything around us in many ways. Big data is more prevalent in our daily life more than what we think. Business Intelligence has become integral part for effective decision making. Data Science, Artificial Intelligence (AI) and Big Data Analysis has been playing pivotal role in the digital transformation processes. Current industry trend is to assess data behaviour and build knowledge libraries. Industires are dealing with billions of micro devices that are connected to the control hub and emitting time series data continuously. These devices need to be connected to the central data pipeline and thus predict or prescribe device's health, availability and possible failure points. To connect billions of devices into corporate data pipeline, we need to have Big Data repositories. This is where IoT concept kicks in. Dr. Williams, Director of MIT described a world, where "things" (devices or sensors) are con
Read more