C#.NET: Sharepoint 2010 FBA configuration

Dear Friends,

           This blog is regarding configuring Form Based Authentication for Sharepoint Server 2010/Sharepoint foundation 2010. There was requirement to have FBA on another server(remote server) on different server location than Sharepoint Server 2010. We can enable FBA for Sharepoint application having Asp.net Membership database and it is not necessary to have Sql FBA database to be on same server as Sharepoint Server 2010 or Sharepoint Foundation 2010.

            We need to have Application Pool for that application having Identity of Network Service. Let walk through complete process of activating FBA for an application. There are many excellent resources available for the same. This is just an improvement and attempt to minimize the steps for configuring FBA with ease, secure way and easily achievable and more importantly if there is need to have FBA DB that is on cross domain and not on the same server as your Sharepoint Server or Sharepoint foundation 2010.

Highly recommend: Please take one notepad file and note all things which we will define as DB Server, DB User, Connection string name, Membership name, Membership provider

STEP 1: Configure FBA DB in Sql Server for Membership

Copy and paste below highlighted path on your My Computer:

   C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

       This will open wizard which allows you to configure your DB settings

Press Finish.

After finishing setup wizard. Open Sql Server Management Studio 2008 & verify that DB FBASppc DB has been created or not. Once the database is created, we’re going to create and add a SQL user, rather than use integrated authentication. If your SQL instance is not already running in mixed-mode, you can change it through Server properties in SQL Server Management Studio.

Select Security, Right click Add New >> Login

Now, map the new Sql User with our DB
Select Database, Expand FBAsppc database >> Right Click Security >> Add >>
User Enter same username ("Fbasp") which we entered at Security new login and for Login name enter name which we entered at security new login.

Assign db_owner roles and rights to the user for Sql Login.

We created a SQL user called Fbasp. We added Fbasp to ASPNetFormsAuth database naming FBASppc and gave them the db_owner role. We’re done with SQL part.

STEP 2: Configuring Sharepoint Central Admin web site to use Sql Membership for FBA

Open IIS>> Start >> Run>> inetmgr >>
We need to add new connection string and role provider

Connection String configuration

Open the Connection Strings Page. Under Actions menu on the right, select Add… to create a new connection string. Provide the details for the membership database for the new connection string.

Go back to the Web Application page and open up Providers page. Here we will create a provider for Roles and Users. Set feature to .NET Roles and click Add… in the Actions pane to add a new role provider. Please provide Application name which enables provider to authenticate user of that application.

Add Membership Provider
Add .Net Users using Sql Membership Provider. We are naming
RoleProvider: FbaspRoleprovider
Membership Provider: FbaMembershipprovider
Please note the names of Conneciton string, RoleProvider, Membership Provider

Please note to give proper connection string, proper types while configuring the settings.
The above configuration will modify the Central Admin web.config. We can confirm by explore Central Admin in IIS.

</connectionStrings>

STEP 3: Configuring Sharepoint Web Services for Secure Store to use Sql Membership for FBA

Repeat every steps we perform in STEP 2 Central Admin in SecurityTokenServiceApplication

STEP 4: Creating New Web Application in Sharepoint using Claim Based Authentication

Open Central Admin
Select Application Management and select Manage web applicaitons
Select New from Ribbon to create a new web application
Select Claim Based Authentication as Authentication type
Make sure to Select FBA Authentication and provide Role Provider name, Membership Provider name which we had in notepad files entered during provider settings in Central Admin and SecurityTokenServiceApplication.
Add the values we created earlier in the section “Enable Forms Based Authentication” for role and membership provider.

Once, web application is created successfully. Don’t create Site-collection until configuring some more steps.

STEP 5: Configure New Web Application

Add Connection String
Same as in Step 2 & 3
Add Role & User providers in Providers section as done previously
Configure .Net Roles
The below steps are not required for Central Admin and Security Token Service

We do not have any roles in our database at this point, so let’s create two (admin, SuperUser) by clicking Add… in the actions pane.
Configure .NET Users

Now we need to do the same for .NET Users. Open the .NET Users page. You will get a similar warning saying the default is not trusted.

Set the default provider to FbaMembershipprovider(our case may be like FbaMembershipprovider). If you had members in the database, you would now see them listed. Assuming you doesn’t let’s add some.

After done it Please make sure set default provider in .net User. Otherwise during login in site collection its throwing Access Denied.

You should also check the default Role Provider for the web application and ensure that is set to “c”. If this is set to the SQL provider that you created, you will get an unexpected error after you logon.
Also set Default Provider “c” in Configure .NET Roles and set Default Provider "i" in .Net Users.

Below two steps most Important.
Set Authentication

SharePoint should have done this when you created the web application, but let’s confirm. From the web application home page in IIS Manager, select Authentication under the IIS section. Confirm that the web application has both Integrated and Forms enabled.