Home > administration and configuartion, SharePoint Server 2010 > Configuring claims and forms based authentication for use with an ASP.NET Membership Provider in SharePoint 2010

Configuring claims and forms based authentication for use with an ASP.NET Membership Provider in SharePoint 2010

                                                                           Forms Based Authentication

1-      Create web application

  • Select Claims Based Authentication
  • Identity Providers
    • Check the Enable Windows Authentication box or you won’t be able to crawl the site
    • Check the Enable ASP.NET Membership and Role Provider checkbox
      * In the Membership provider name edit box, type SqlMember
      * In the Role provider name edit box, type SqlRole
    • Create a new site collection

forms authentication with ASP.NET Provider

2 –      Create Database (aspnetdb) for users:

  • Navigate to C:\Windows\Microsoft .Net\Framework64\v2.0.50727. Locate the aspnet_regsql.exe application and execute it. This will open the windows in the figure below

forms authentication with ASP.NET Provider

  • Click next and choose “Configure SQL server for application services
  • Click next and enter server name and authentication and click next and verify the server information
  • By this you created the aspnetdb now, Now you can populate the SQL Server database with user
  • Click next and enter server name and authentication and click next and verify the server information
  • By this you created the aspnetdb now, Now you can populate the SQL Server database with user information using an application on CodePlex called MembershipSeeder (http://cks.codeplex.com/releases/view/7450#DownloadId=19598). You can proceed with the configuration without usingthe MembershipSeeder application but you will have to manually add users to the aspnetdb tables

1-      Adjust Central Administration web.config

  • Add connection string
    • Locate central administration from IIS and choose Connection String

forms authentication with ASP.NET Provider

  • Add New Connection String  and enter server information and enter “AspNetSqlMembershipProvider” for the connectionString Name

forms authentication with ASP.NET Provider

  • Add Member and Role
    • Open Central administration web.config
    • Locate <system.web> entry and paste the following
    • <roleManager enabled=”true”

         cacheRolesInCookie=”false”

         cookieName=”.ASPXROLES”

         cookieTimeout=”30″z

         cookiePath=”/”

         cookieRequireSSL=”false”

         cookieSlidingExpiration=”true”

         cookieProtection=”All”

         defaultProvider=”AspNetWindowsTokenRoleProvider”

         createPersistentCookie=”false”

         maxCachedResults=”25″>

         <providers>

            <clear />

            <add connectionStringName=”AspNetSqlMembershipProvider”

               applicationName=”/”

               name=”SqlRole”

               type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

            <add applicationName=”/”

               name=”AspNetWindowsTokenRoleProvider”

               type=”System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,
      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

         </providers>

      </roleManager>

       

      <membership defaultProvider=”SqlMember”

         userIsOnlineTimeWindow=”15″ hashAlgorithmType=””>

         <providers>

            <clear />

            <add connectionStringName=”AspNetSqlMembershipProvider”

               enablePasswordRetrieval=”false”

               enablePasswordReset=”true”

               requiresQuestionAndAnswer=”true”

               passwordAttemptWindow=”10″

               applicationName=”/”

               requiresUniqueEmail=”false”

               passwordFormat=”Hashed”

               name=”SqlMember”

               type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,
      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

         </providers>

      </membership>


    • Double check whether the <membership> and <rolemanager> entries only exist ones. Delete any double entries
    • Locate the <PeoplePickerWildcards> entry and paste the following below it

<clear />

<add key=”AspNetSqlMembershipProvider” value=”%” />

<add key=”SqlMember” value=”%”/>

<add key=”SqlRole” value=”%”/>

4-      Adjust web.config of Security Token Service under Sharpoint  WebServices

  • Add Connection String
    •  Locate Security Token Service from IIS and choose Connection Strings

    • Add New Connection String  and enter server information and enter “AspNetSqlMembershipProvider” for the connectionString Name

forms authentication with ASP.NET Provider

  • Add Role and manager
    • Open STS web.config
    • Add a <system.web> entry directly below the </connectionStrings> and enter the following XML

 <membership>

   <providers>

     <add connectionStringName=”AspNetSqlMembershipProvider”

        enablePasswordRetrieval=”false”

        enablePasswordReset=”true”

        requiresQuestionAndAnswer=”true”

        passwordAttemptWindow=”10″

        applicationName=”/”

        requiresUniqueEmail=”false”

        passwordFormat=”Hashed”

        name=”SqlMember”

        type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

   </providers>

</membership>

 

<roleManager enabled=”true”>

   <providers>

      <add connectionStringName=”AspNetSqlMembershipProvider”
applicationName=”/”

         name=”SqlRole”

         type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

   </providers>

</roleManager>

    • Add a </system.web> entry below it

1-      Adjust the web.config of the claims based web application.

  • Add Connection String
    • Locate Security Web application from IIS and choose Connection Strings as before.
    •  Add New Connection String  and enter server information and enter “AspNetSqlMembershipProvider” for the connectionString Name as before.
    •  Locate the <membership> entry
    • Replace everything from <membership> to </membership> with the following XML

<membership defaultProvider=”i”

   userIsOnlineTimeWindow=”15″

   hashAlgorithmType=””>

   <providers>

      <clear />

      <add connectionStringName=”AspNetSqlMemberShipProvider”

         enablePasswordRetrieval=”false”

         enablePasswordReset=”true”

         requiresQuestionAndAnswer=”true”

         passwordAttemptWindow=”10″

         applicationName=”/”

         requiresUniqueEmail=”false”

         passwordFormat=”Hashed”

         name=”SqlMember”

         type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

     <add name=”i”

        type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider,

Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />

   </providers>

</membership>

    • Locate the <roleManager> entry
    • Replace everything from <roleManager> to </roleManager> with the following XML

<roleManager enabled=”true”

   cacheRolesInCookie=”false”

   cookieName=”.ASPXROLES”

   cookieTimeout=”30″

   cookiePath=”/”

   cookieRequireSSL=”false”

   cookieSlidingExpiration=”true”

   cookieProtection=”All”

   defaultProvider=”c”

   createPersistentCookie=”false”

   maxCachedResults=”25″>

      <providers>

         <clear />

         <add connectionStringName=”AspNetSqlMemberShipProvider”

            applicationName=”/”

            name=”AspNetSqlRoleProvider”

            type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

         <add applicationName=”/”

            name=”SqlRole”

            type=”System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

         <add name=”c” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider,

Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />

   </providers>

</roleManager>

    • Paste the following XML below the PeoplePickerWildcards entry

<clear />

<add key=”AspNetSqlMembershipProvider” value=”%” />

<add key=”SqlMember” value=”%”/>

<add key=”SqlRole” value=”%”/>

6-     Add a user policy to the web application

  • Go to Central Administration
  • Go to Application Management
  • Click on Manage Web Applications
  • Select the claims based web application
  • Click on User Policy
  • Click on the Add Users link
  • Click the Next button.
  • Click the Address Book icon.
  • Type in the NT login name or account name and click the search button. If it’s working correctly you should see at least two entries for the account – one that is for the user’s Active Directory account, and one that is for that same account but which was found using the LDAP provider.
  • Select the account in the User section and click the Add button
  • Click the OK button
  • Check the Full Control checkbox, then click the Finish button

forms authentication with ASP.NET Provider



Advertisements
  1. March 6, 2013 at 6:44 pm

    I’m now not positive the place you’re getting your information, however great topic.
    I must spend a while learning much more or working out more.
    Thank you for fantastic information I used to be searching for this info for
    my mission.

  2. wordpress security suite
    May 8, 2013 at 2:52 am

    I blog quite often and I genuinely thank you for your content.
    This article has truly peaked my interest. I
    am going to take a note of your website and keep checking for new
    information about once per week. I opted in for your Feed too.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: