Search This Blog

Thursday, November 18, 2010

Enabling Forms Authentication-MOSS 2007


One of the new features in MOSS 2007 is Custom Forms Authentication. SharePoint 2007 (Microsoft Office SharePoint Server 2007 or MOSS 2007) is already being deployed in hosted environments in extranet and internet roles. In either role, when dealing with authenticating users combined with hosting multiple companies on a single platform, you must consider MOSS's architecture for authentication. The Solution here highlights how Forms Authentication is enabled in Microsoft Office SharePoint Server 2007.


Forms Authentication in General uses an authentication ticket that is created when a user logs on to a site, and then it tracks the user throughout the site. The Forms Authentication ticket is usually contained inside a cookie. However, ASP.NET 2.0 supports Forms Authentication without cookies, which results in the ticket being passed in a query string. Forms Authentication processing is handled by the FormsAuthenticationModule class, which is an HTTP module that participates in the regular ASP.NET page-processing cycle.
Authentication occurs through ASP.NET 2.0 Providers, of which there are two that come of the box for Active Directory and SQL Server. As with ASP.NET 2.0, MOSS can take advantage of custom Providers to provide authentication services from any user data store. MOSS's architecture ties a Provider to a web application within IIS. MOSS 2007 supports the following authentication types:


  • NTLM
  • Kerberos


  • SQL Membership Provider
  • Active Directory Forms Provider
  • Lightweight Directory Access Protocol (LDAP) Forms Provider
  • Custom Provider

Web Single Sign-on

  • Active Directory Federation Services (ADFS)

System Requirements

To execute the functionality for this article you should have
  • Microsoft Office SharePoint Server
Office SharePoint Server 2007 runs on Windows Server 2003 with SP1 or later. We recommend that you apply all critical updates. You can use the following Windows Server 2003 editions:
  • Windows Server 2003, Standard Edition
  • Windows Server 2003, Enterprise Edition
  • Windows Server 2003, Datacenter Edition
  • Windows Server 2003, Web Edition
You have more options when you set up your SharePoint in your server.


The Solution here highlights how Forms Authentication is enabled in Microsoft Office SharePoint Server 2007.

Enabling Custom Authentication in MOSS 2007

Enabling custom authentication in MOSS 2007 requires that careful steps are followed in the MOSS server configuration files. Here in the following steps:

Change to Forms Authentication

Open your SharePoint central administrator 3.0; select the Application Management tab, under the Application Security section click on the Authentication providers.

Screenshot - image001.jpg

After entering through the authentication providers, you can find the authentication providers list.

Screenshot - image002.jpg

Now select your web application for which you want to change the authentication mode to Custom Forms Authentication. Now click on the zone which is hyperlinked, that will redirect you to the authentication edit mode screen, where you can change the authentication mode to forms authentication.

Screenshot - image003.jpg

In the above screen clip you can see Authentication Types. Under that select the Forms, this will reload the screen and shows the options for Forms Authentication. Now you need to fill the Membership provider name text box with your custom membership provider. Here I'm going to use the AspNetSqlMembershipProvider for this demonstration. Enter the AspNetSqlMembershipProvider as Membership provider name in the authentication edit mode page and hit the save button.

Screenshot - image004.jpg

Install the Application Services Database for SQL Server

There are two ways to install the application services database for SQL Server. One simple way is as follows.
Step 1: Open your command prompt and run the following command.
Select Start > All Programs > Microsoft Visual Studio 2005 > Visual Studio Tools > Visual Studio 2005 Command Prompt.
Step 2: Enter:

aspnet_regsql.exe -E -A all -S

Wait while features are added to the local SQL database.
Another way is installing the Database using Aspnet_regsql.exe, ASP.NET includes a tool for installing the SQL Server database used by the SQL Server providers, named Aspnet_regsql.exe

The Aspnet_regsql.exe tool is located in the drive: 
\WINDOWS\Microsoft.NET\Framework\versionNumber folder on your Web server.Aspnet_regsql.exe is used to both create the SQL Server database and add or remove options from an existing database.

Step 1: Open the aspnet_regsql.exe from the following locationC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

Step 2: Now run the aspnet_regsql.exe in the server to configure or map the database.

Screenshot - image005.jpg

Screenshot - image006.jpg

Screenshot - image007.jpg

In the database dropdown you choose your own database, if you use the default option it will use aspnetdb database (if it exists) or it will create aspnetdb and use it.

Screenshot - image008.jpg

Screenshot - image009.jpg

Adding Users to your Membership Provider

Now we need to add users to the membership provider to which you assigned the forms authentication. We have two options to add users to our membership provider. One is via SQL Script and other one is by creating a Web Application. First let's start with the SQL Script option:
Step 1:
Run the following query in Microsoft SQL Management Studio against the aspnetdb database.
declare @now datetime
set @now= GETDATE()
exec aspnet_Membership_CreateUser 'appName','userid','password',

The next option is creating via a web application.
Step 1: Create a new web application using your Visual Studio 2005.
Step 2: Add a web.config file to your newly created web application.
Step 3: Now add the connection string to your web.config file, under the <configuration> tag

Screenshot - image010.jpg

Step 4: Now select Website ASP.NET Web Configuration in your Visual Studio 2005.

Screenshot - image011.jpg

Step 5: Navigate through security tab, now you can view the three blocks Users, Roles, Access Rules. Under the Users block you can see Select authentication type hyper linked, click on the link to select the authentication type.

Step 6: Now you will get two options for your site access from Internet and from Local Network. You must select the From Internet option and click on the button done.

Step 7: Under the users block you can see two more hyper links. One is Create user and another one is Manage users. Create user is to create new, or add new users to your membership provider. Manage users is to delete or edit the created users in the membership provider.

Configuration File Changes in MOSS 2007

After completing all the previous processes completely without any errors, now we need to do some configuration changes in the MOSS 2007 web.config files, navigate through the following path in your drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG and open your machine.config in Notepad or Visual Studio. You can find the <system.web> tag, under the tag <membership>, <profile> and <roleManager> copy all those tag elements.

Screenshot - image012.jpg

Configuration Change in Your Website

First select the web application for which you have changed the authentication mode to forms authentication. Open the web.config file located in the C:\Inetpub\wwwroot\wss\VirtualDirectories\ folder. To determine the exact location, open IIS and check the home directory of the SharePoint site. And make backup copy of your web applications web.config file, and open the original one in your editor. Add the connection string in your web application web.config file as you entered in the sample web application.

Screenshot - image013.jpg

Now we need to add the role, membership and others in your web applications configuration.

Screenshot - image014.jpg

And save the configuration file and close it.

Configuration Change in Central Administrator

Follow the Configuration Change in Your Website process for the central administrator's web.config file.

Central Administrator � User Management

Assign the user to be a site collection administrator

Open your Central Administrator and click on the application management tab, under the SharePoint Site Management click on the Site collection administrators.

Screenshot - image015.jpg

In the site collection list select the site in which you have enabled the forms authentication and configuration changes for Forms Authentication. And add the primary site collection administrator and secondary site collection administrator; this will get the users from the aspnetdb which you assigned for forms authentication.

Screenshot - image016.jpg

The users from the membership provider will be listed as above.

Add Users to MOSS 2007 after Forms Authentication is enabled

Open your central administrator of your MOSS 2007 and select the Application Management tab. Under the Application Security select Policy for Web application after selecting just click on the add user button and proceed through the navigation and Choose Users you want to add and set rights for them in the process.
Another way is login with your site administrator, Select Site Actions, then Site Settings, then People and Groups. Select the New button to add a user to the site. This will also work.


The above procedure will enable the custom forms authentication in the MOSS 2007, which is one of the important features that available in Microsoft Office SharePoint Server.


  1. SharePoint Interview Questions on SharePoint

    SharePoint 2010 Tutorials


    Personal Blogs

    A SharePoint and Personal blog on sharepoint 2010, wss, moss 2007, interview questions and jobs, C#.Net,, Sql Server,

  2. Thank you for the good writeup. It in fact was a amusement account it.

    Look advanced to more added agreeable from you! By the way, how could we communicate?

    Also visit my blog - kitchen cabinet

  3. Good post. I learn something totally new and
    challenging on blogs I stumbleupon every day. It's always interesting to read through articles from other authors and use something from other websites.

    my weblog - CastleVille cheats

  4. I know this web page gives quality depending posts and extra data, is there any
    other website which gives such things in quality?

    My web page -

  5. When some one searches for his essential thing, so he/she desires to be available that in detail, thus that thing is maintained over

    Here is my weblog - taobao english

  6. Un Villeroy & Boch Aperture est l'attribution robinetterie de la Villeroy Boch-AG, un architecte allemand et bienfaiteur d'articles de maison qui sont mitigeur douche acceptés au-delà du monde. Le casting est accepté pour leur maison et les articles des affaires qui correspond tout à fait aux robinetterie cuisine besoins variés des propriétaires d'aujourd'hui.

  7. This plastic glasses is definitely something that I can’t leave home without. Friends of mine want to have their own, too, after they’ve seen mine. It is from