Configure Form Based Authentication in SharePoint 2013
If we want to Share the SharePoint site among our external vendors, one way of implementing this is to implement the Form based Authentication to the extended SharePoint web application. In this way the vendors will have their LogIn IDs through which they can get access to the SharePoint sites. After the successful installation and configuration of FBA feature in SharePoint, we can create the FBA Users and Roles through a separate web application or as a SharePoint feature. SharePoint 2013 FBA Pack provides the features to Add, Manage FBA users/Roles and also provide you with the web part for Password Change, Request for Access and Custom Login Page with your corporate branding. In this whole process of FBA configuration the following things are involved:
- Create FBA user database or Creating custom provider for User Authentication
- Extend the hosted web application with external Host Header
- Select FBA Authentication in Claim Based Authentication section of Extended Web Application in the configuration page
- Check the "Enable Form Based Authentication (FBA)" and uncheck "NTLM" in Claims Authentication Types Section of Extended Web Application in the configuration page
- Enter the FBA Membership Provider and FBA Role Provider names in Claims Authentication Types Section of Extended Web Application in the configuration page
- Update web.config in three different places (SharePoint Administration, SecurityTokenServiceApplication and Content Web Application)
- Create your custom login page (If you don't want to use the default login page for FBA)
I tried to elaborate the process by taking step by step snapshot. But, if you face any issues, please feel free to contact me here.
1. Create the FBA User Database
2. Grant Appropriate permissions for the newly created database
3. Create a New Web Application and Site Collection in SharePoint (In case if you don't have the base web application created)
4. Extend the web application for Form Based Authentication (FBA): Go to SharePoint Central Administration->Application Management and select the web application that you want to extend. Then click Extend from the Ribbon Toolbar and fill in the required information.
- Extend the hosted web application with external Host Header
- Select FBA Authentication in Claim Based Authentication section of Extended Web Application in the configuration page
- Check the "Enable Form Based Authentication (FBA)" and uncheck "NTLM" in Claims Authentication Types Section of Extended Web Application in the configuration page
- Enter the FBA Membership Provider and FBA Role Provider names in Claims Authentication Types Section of Extended Web Application in the configuration page
5. Update Web.Config for SecurityTokenServiceApplication, SharePoint Administration and Content Web Application
For the SecurityTokenServiceApplication
- In the the config file, find the following sections and add the blue tagged sections. Or add if necessary. But, the connection string section will have to be added at the end of the configuration section which means just before the last line of the web.config file.
<system.web>
<membership>
<providers>
<add name="FBAMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="FBAUsers"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
<roleManager>
<providers>
<add name="FBARoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="FBAUsers"
applicationName="/" />
</providers>
</roleManager>
</system.web>
<connectionStrings>
<add name="FBAUsers"
connectionString="Data Source=MYSHAREPOINT\SSRSSQL;Initial Catalog=FBAdatabase;Integrated Security=SSPI" />
</connectionStrings>
For SharePoint Central Administration/Content Web Application:
- In the <PeoplePickerWildcards> section (configuration/SharePoint/PeoplePickerWildcards)
Add the following:
<add key="FBAMembershipProvider" value="%" />
- Find the configuration/system.web/membership/providers section
Add the following:
<add name="FBAMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="FBAUsers"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
- Find the configuration/system.web/roleManager/providers section
Add the following:
<add name="FBARoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBAUsers" applicationName="/" />
- Find the configuration/connectionStrings section (Or add it if necessary)
Add the following
<connectionStrings>
<add name="FBAUsers" connectionString="Data Source=MYSHAREPOINT\SSRSSQL;Initial Catalog=FBAdatabase;Integrated Security=SSPI" />
</connectionStrings>
6. Install SharePoint FBA Pack to manage FBA Users (http://sharepoint2013fba.codeplex.com/ )
Install (or upgrade) the SharePoint 2013 FBA Pack
· Download and unzip Sharepoint2013FBAPack.X.X.X.zip to the SharePoint server.
· Open PowerShell and navigate to the folder the files were unzipped to.
· Run the following command:
· .\deploy [Site Collection URL]
· e.g. .\deploy http://demo2010a:13824/
· The FBA Pack will be deployed to SharePoint and activated on the specified site collection. If the site collection url is omitted, you will need to manually activate the 'Forms Based Authentication Management' feature in each site collection you wish to use it.
· To uninstall run:
· .\undeploy [Site Collection URL]
Comments
Post a Comment