Tuesday, August 14, 2012

How to Implement The Claims Based Authentication(FBA-Form Based Authentication)

SharePoint 2010 supports FBA, Like WSS 3.0 or MOSS 2007. It's a feature of ASP .Net which we use with SharePoint. SharePoint 2010 you can create web applications using Classic Based Authentication or Claims based Authentication. However, FBA can only be configured with web applications created using Claims Based Authentication.

What are the differences between Classic Mode Authentication and Claims based Authentication?

Classic Mode Authentication: It refers to the integrated windows authentication. You cannot configure the Forms based authentication if your web application is using Classic Mode Authentication. You can convert a web application from Classic Mode Authentication to Claims Based Authentication. However, that can only be done using PowerShell commands and its an irreversible process. I have detailed steps to convert the web application from Classic Mode authentication to Claims Based Authentication.

Claims Based Authentication: SharePoint 2010 is built on Windows Identity Foundation. It enables authentication from windows as well as non-windows based systems. This also provides the capability to have multiple authentication in a single URL.

Steps for Implementing Claims Based  Authentication.

1.Configure SQL for membership store
  • Create database
  • Create SQL User
  • Add SQL user to database
2. Configure Central Admin to use SQL membership store
3. Configure Secure Store Web Service to use SQL membership store
4. Create new Web Application for extranet site
5. Configure Extranet site to use SQL membership store.

Let's go...


First Run the Wizard, This specifies the Server and the Database that we use to store Users.

 On SharePoint 2010 server open the command prompt.
  Navigate to C:\Windows\Micrsooft .Net\Framework64\v2.0.50727
  Run “aspnet_regsql.exe”. This will open ASP .Net SQL Server Setup wizard. On this click on NEXT. 

Once the database is created, we’re going to create and add a SQL User.

After Creating User we need to map it to the Membership Database.

We added vens to aspnetdb database and gave them the db_owner role.

We’re done with SQL.


Next we need to work with Configure Central Admin Web Site to use SQL Membership Provider.

 We specify the Connection string and Providers.


Configure Secure Store Web Service to use SQL Membership Provider.

Create Connectionstrings and RoleProviders and Membership Providers.


Create Extranet Web Application.

Go to Central Admin, Select the Application Management page, and select Manage web applications.  Select New from the ribbon to create a new web application.
Select Claims Based Mode Authentication as Authentication Type.  Select values for all the other options until you get to the “Enable Forms Based Authentication”.
Add the values we created earlier in the section “Enable Forms Based Authentication” for role and membership provider.

Configure Membership Providers for Web App through IIS

In IIS Manager, browse to the new site SharePoint – FBA. For our new FBA site we need to do the following:
  • Add connection string
  • Add Providers for members and roles
  • Configure .NET Roles
  • Configure .NET Users

  • Set Authentication to Forms and Integrated
  • Add User as Site Collection Admin

Now Create a site Collection under the Web Application.

We are done!......

Now Test the Site...

In a Web Browser, when you access the site http://localhost (if that’s what you used), you’ll be presented with the SharePoint login screen, not a Windows login pop-up. (Wow, and you thought SharePoint 2007 had a spartan login screen. Get a load of this !)

Login with the fbaadmin credentials and you should be able to access the site.

Add the reference to the user friendly People Picker

For that to work in Central Admin and this site against your .NET membership database, you need to add a reference to the provider.

    In IIS Manager, browse to the Central Admin web application. Explore the folder and find the web.config file. Open in Notepad.

    Find the <PeoplePickerWildcards> node and use the following:

<clear />
<add key=”FBA” value=”%” />

No comments:

Post a Comment