How to configure FBA with .Net membership on an extended web application

This document will help you to extend and configure a web application with Forms based authentication using .Net membership.

To begin with , we have a web application which is already running under port 80 with windows integrated authentication. https://contoso. This site is accessible as intranet for the users and we want to access the same content from extranet using a URL https://extranet.contoso.com. So we need to extend the web application hosting https://contoso to https://extranet.contoso.com and enable FBA.

Extending web application to extranet

1. Open Central administration web site and Application management then “create or extend web application”

2. Click on “Extend and existing web application “

3. Select “web application” as https://contoso

4. Click on create a new IIS website

5. Enter the Port as 80

6. Provide the host header as extranet.contoso.com

7. Select Zone as “extranet” and click OK and wait till it finishes

8. Once finished, make sure we have a site created in IIS manager

9.Make necessary DNS changes to access https://extranet.contoso.com

9. Try to access https://contoso and https://extranet.contoso.com and make sure both are accessible.

Now both are working with windows integrated authentication; we will change https://extranet.contoso.com to FBA

Creating the ASP.NET membership database

 

  1. Login to the SQL server with admin privilege and open Windows Explorer and navigate to the path %System Drive%\Windows\Microsoft.NET\Framework\v2.0.50727.
  2. To start the ASP.NET SQL Server Setup Wizard, double-click aspnet_regsql.exe.
  3. Start the wizard by clicking Next, and then complete the wizard as shown in below Figures clip_image002
  4. Click Configure SQL Server for application services, and then click next. clip_image004
  5. In the Server box, type YOUR SQL SERVER NAME for the database name, and click next. clip_image005
  6. Confirm that the data you typed is correct, and then click Next. clip_image006
  7. The database is created and the final status information is displayed. Click Finish to complete the wizard.

clip_image007

Creating Users and Roles

 

  1. Now , login to SharePoint server and download the file MembershipSeeder.zip https://www.codeplex.com/CKS/Release/ProjectReleases.aspx?ReleaseId=7450
  2. Start the MembershipSeeder tool.
  3. Click Configure.
  4. In the dialog box that opens, type the name of the computer running SQL Server that hosts your SQL membership database. (SQL SERVER NAME)
  5. Click on Ok to save your changes, and then restart MembershipSeeder so that it will use the new server name.
  6. In the User Prefix field, type a value.(Eg:-User1)
  7. In the Password field, type the password you want each user to have.(Eg:-!Passw0rd)
  8. Select the option “Only create or delete 1 user don’t user the # of user field” as we are creating only one user now. If this option is not used , there will be 50 users created as User1,User2,User3 etc
  9. Click Create to create user where the user name is the value of the User Prefix field clip_image008
  10. To add a new role, type a name for the role in the Role field (eg:-admins), and then click Create.
  11. Now , Make sure the Role name is “admins” and type user prefix as “User1” and click on Add to Role (this will assign the role “Admins” to the user “User1”). Make sure you have selected “Only add 1 user, don’t use the # of users field” here as well.

clip_image009

Editing Web.config file for site extranet.contoso.com

  1. 1. Open IIS manager on the SharePoint server (start->run->inetmgr)

  2. 2. Right click on the extended site (extranet.contoso.com) and click on explore

  3. 3. Copy web.config file and paste it there itself(backing up the file)

  4. 4. open the web.config file with text editor (eg:-notepad)

  5. 5. In your text editor, search for the string "PeoplePickerWildcards" . That should take you to a section of the web.config file that looks like the following code.

  6. <PeoplePickerWildcards>

  7. <clear />

  8. <add key="AspNetSqlMembershipProvider" value="%" />

  9. </PeoplePickerWildcards>

  10. 6. Add a line <add key="fbaMembers" value="%" /> and now it will look like

  11. <PeoplePickerWildcards>

  12. <clear />

  13. <add key="AspNetSqlMembershipProvider" value="%" />

  14. <add key="fbaMembers" value="%" />

  15. </PeoplePickerWildcards>

  16. 7. Now, in your text editor, search for the string "<system.web> ", which takes you to the opening tag for the system.web element.

  17. 8. Directly above this tag, add the below given connectionStrings element, which looks like the following code. Change the attribute appropriately – marked in RED (provide your SQL server name instead of spdb)

  18. <connectionStrings>

  19. <add name="fbaSQL"

  20. connectionString="server=spdb;database=aspnetdb;Trusted_Connection=true" />

  21. </connectionStrings>

  22. 9. The application pool account for the web application https://contoso/ must have at least Read rights to all of the objects in the aspnetdb database specified in the connection string.

  23. 10. Now, in your text editor, search for the string "<system.web> ", which takes you to the opening tag for the system.web element. Copy and paste the below code just under <system.web>.

  24. <membership defaultProvider="fbaMembers">

  25. <providers>

  26. <add connectionStringName="fbaSQL" applicationName="/"

  27. name="fbaMembers"

  28. type="System.Web.Security.SqlMembershipProvider, System.Web,

  29. Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

  30. </providers>

  31. </membership>

  32. <roleManager enabled="true" defaultProvider="fbaRoles">

  33. <providers>

  34. <add connectionStringName="fbaSQL" applicationName="/"

  35. name="fbaRoles" type="System.Web.Security.SqlRoleProvider, System.Web,

  36. Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

  37. </providers>

  38. </roleManager>

  39. 11. Now save the web.config file and close notepad

 

Editing Web.config file for site “Central administration”

1. Right click SharePoint Central administration V3 website and click on explore

2. Copy web.config file and paste it there itself (backing up the file)

3. open the web.config file with text editor (notepad)

4. In your text editor, search for the string "PeoplePickerWildcards" . That should take you to a section of the web.config file that looks like the following code.

<PeoplePickerWildcards>

<clear />

<add key="AspNetSqlMembershipProvider" value="%" />

</PeoplePickerWildcards>

5. Add a line <add key="fbaMembers" value="%" /> and it will look like

<PeoplePickerWildcards>

<clear />

<add key="AspNetSqlMembershipProvider" value="%" />

<add key="fbaMembers" value="%" />

</PeoplePickerWildcards>

6. Now, in your text editor, search for the string "<system.web> ", which takes you to the opening tag for the system.web element.

7. Directly above this tag, add the below given code. Change the attribute appropriately – marked in RED (provide your SQL servername instead of spdb)

<connectionStrings>

<add name="fbaSQL"

connectionString="server=spdb;database=aspnetdb;Trusted_Connection=true" />

</connectionStrings>

8. Now, in your text editor, search for the string "<system.web> ", which takes you to the opening tag for the system.web element. Copy and paste the below code just under <system.web>.

<membership defaultProvider="fbaMembers">

<providers>

<add connectionStringName="fbaSQL" applicationName="/"

name="fbaMembers"

type="System.Web.Security.SqlMembershipProvider, System.Web,

Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

</providers>

</membership>

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">

<providers>

<add connectionStringName="fbaSQL" applicationName="/"

name="fbaRoles" type="System.Web.Security.SqlRoleProvider, System.Web,

Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

</providers>

</roleManager>

9. If you have multiple front-end Web servers, you must make these changes to the web.config files on each server.

10. Perform and IISRESET operation

 

Configuring FBA for the site https://extranet.contoso.com

 

  1. Open your browser and navigate to the Central Administration Web site.
  2. Click the Application Management tab.
  3. Click Authentication providers.
  4. Ensure that the correct Web application is selected; it is displayed in the upper-right corner of the page. If the correct Web application is not shown, click the Web application drop-down list to select the correct one. With the correct Web application displayed, click the authentication type link that is displayed next to the Extranet zone. clip_image010
  5. In the Authentication Type section, click Forms. The page updates and displays Membership provider name and Role manager name boxes.
  6. Type the appropriate values in the Membership and Role boxes. clip_image011
  7. Click Save to commit your changes. The browser returns to the Authentication Providers main page, which should now display the new authentication provider name next to the extranet zone

clip_image013

Creating Policy for web application

 

  1. Open your browser and navigate to the Central Administration Web site.

  2. Click the Application Management tab, and then click Policy for Web application.

  3. Ensure that the correct Web application is selected (https://contoso/)t is displayed in the upper-right corner. Click Add Users.

  4. In the Zones list, click the Extranet zone.

  5. Important:

    This step is critical! If you select the wrong zone, you cannot correctly grant the policy rights.

  6. On the Add Users page, click the address book icon to open the People Picker dialog box. clip_image016

  7. In the People Picker dialog box, type User1 in the Find box, and then click the search button. You can even use the Roles created (“admins”) going onwards.

  8. The results will be displayed if the configuration you created in the web.config file is correct. If not, there is a problem in the web.config files, which we have to re-look at.

  9. You should also notice that the account name is displayed in the format that SharePoint uses internally to keep track of it: MembershipProviderName:accountName. In this scenario, that means the account name for User1 is fbaMembers:user1

  10. Double-click User1 to add it to the Add box, and then click OK and Select Full Control, clip_image017

  11. Click Finish to save your changes.

  12. Execute IISRESET on all SharePoint servers

  13. Access the site with https://extranet.contoso.com and login with username/password (username :- User1 and password :- !Passw0rd)