Friday, July 21, 2006

Implementing Forms Authentication in MOSS Beta 2 with the ASP.NET SQL Provider - Part 1

Finally! I've got some time to take a really good look at MOSS :-) Along the way, I've been jotting down notes. Thought I'd just post them here so that in case if I forget to bring along my files, the information is right here on my blog.

Steps to get Forms Authentication working with the ASP.NET SQL provider:

1. Install the Application Services Database for SQL Server
a. Select Start > All Programs > Microsoft Visual Studio 2005 > Visual Studio Tools > Visual Studio 2005 Command Prompt.
b. Enter:
aspnet_regsql.exe -E -A all -S localhost\DatabaseServerName

c. Wait while features are added to the local SQL dataase

More details on the aspnet_regsql utility here:
http://msdn2.microsoft.com/en-us/library/x28wfk74.aspx

2. Add the First User
The database has been created. However, it does not
contain any users and threfore we won't be able to log in. There are at least two ways to add a user. We could write a script, or we could access the ASP.NET Web Site Administration
Tool.

[Update 27 Feb 2007] After a few tries, I find that writing a script is a lot easier and faster.
Option 1: Adding Users by Script

Simply run the following query in Microsoft SQL Management Studio against the aspnetdb database.

declare @now datetime
set @now= GETDATE()
exec aspnet_Membership_CreateUser 'appName', 'userid','password','','email@somewhere.com','','',1,@now,@now,0,0,null

Details on the structure of this script is available on MSDN.

Option 2: Adding Users by Creating a Web Application
a. Create a new web application.
b. Add the connection string between the <configuration>tags of the web.config file.



c. From Visual Studio, select Website ASP.NET Web Configuration.
d. Click Security Create User. Add the name of the user. Later on, we will configure this user to be the site administrator.



3. Modify the web.config file
a. Open the web.config file located in the C:\Inetpub\wwwroot\wss\VirtualDirectories\GUID
folder. To determine the exact location, open IIS and check the home directory of the SharePoint site.
b. Add the following connection string between the <configuration>tag:



c. Add the provider details between the <system.web>tag:



d. Repeat steps (a)-(c) for the SharePoint Central Administration v3 website. We'll need the central administration site to work with forms authentication so that we can add the first administrator of the site. It is important to perform this step, otherwise you won't be able to add the first forms-based administrator later.

Warning! Check for typos. A single mistake may result in hours of troubleshooting!

[27 Feb 2007] One problem that I've had was mismatch of the applicationName field. It's got to be the same as the one used within the SQL script or SharePoint won't be able to match the users.

4. Configure the SharePoint site for forms authentication
a. Select Start SharePoint Central Administration
b. Click Application Management.
c. In the Appliation Security section, click Authentication providers.
d. Check that you are working with the web application that you wish to configure Forms Authentication for.
e. Click Windows.
f. Set the the following fields:











  • Authentication Mode = Forms




  • Membership provider name = AspNetSqlMembershipProvider.
g. Click Save




5. Assign the user to be a site collection administrator.
a. In SharePoint Central Administration Application Management, click Site Collection Administrators (you can find it in the SharePoint Site Management section).
b. Add the user as the site collection administrator of the website in which forms authentication will be applied.



And we're almost done. There are a couple more things such as granting anonymous users access to sections of the site. Also, we probably want employees on the intranet to use their windows account to log on to the site. I'll write a little about these topics in future articles.

[Update 27 Feb 2007] I've corrected some of the code errors. Blogger ate up the angled brackets and some of the mixed cased tags became lower case. To get around this, I've converted all the code to images and (hope) to post the snippets to my Y! briefcase for downloading soon.

Labels: ,

13 Comments:

At 6:10 AM, Anonymous Anonymous said...

This was extremely useful, thanks!

We are a company moving towards a forms-based/SQL authentication model for our MOSS2007 site for all of our users. We want to avoid using CAL/Windows authentication at all costs.

Question: You added a site administrator in the Application Management section.
Say we had 500 users setup already in the SQL database. 10 of these were to be Site Collection Administrators. How could we add a large load of users with a variety of permissions settings (without adding them one by one in the Central Application Management)...any ideas?

 
At 6:11 AM, Anonymous Anonymous said...

This was extremely useful, thanks!

We are a company moving towards a forms-based/SQL authentication model for our MOSS2007 site for all of our users. We want to avoid using CAL/Windows authentication at all costs.

Question: You added a site administrator in the Application Management section.
Say we had 500 users setup already in the SQL database. 10 of these were to be Site Collection Administrators. How could we add a large load of users with a variety of permissions settings (without adding them one by one in the Central Application Management)...any ideas?

 
At 10:59 AM, Blogger Mei Ying said...

For a large number of users, each with a unique combination of rights, I'd definitely consider using the API to programatically import them. Using the API to manage users is a new feature for us, MCMS devs. We've been waiting for this feature for a long time!

 
At 10:16 AM, Anonymous Daniel Webster said...

Really interested in how to implement both forms and AD authentication on the same site.

Daniel Webster

 
At 1:55 AM, Anonymous Anonymous said...

I am unable to call the web services since our WSS 3.0 site uses forms authentication and web service only takes windows authentication. Any ideas how to get around this?

 
At 2:53 PM, Blogger vivekthangaswamy said...

Hi

Your article really superb.

I have a problem with step 5.

"5. Assign the user to be a site collection administrator."

The users i created by Option 2: are available in the DB but its not loading in the step 5 process can you plz help me to solve out.

 
At 4:14 PM, Blogger Sudha Chennai said...

Hi

This is really helps us,

I need one clarification. Now I have created a web application and the available zone there is 'Default'

Inside the membership, you have given applicationname="appname". What exactly the value to be given there. Now I have given "Extranet" inside that, and working fine. But I need the understandings of it. can you help me?

Thanks
sudhaoncyberworld@gmail.com

 
At 9:32 AM, Anonymous Anonymous said...

Why couldn't you type the text instead of a picture screenshot of the configuration strings to add? It's really painful to have to retype it. Thanks for the article, anyhow.

 
At 3:27 PM, Blogger Mei Ying said...

I would. But Blogger kept stripping away the angled brackets. Can't seem to find another way to preserve the tags.

 
At 11:36 PM, Blogger Gopinath Mani said...

Hi There,

Thanks for your procedure !!! It was really helpful. But, i am unsuccesffull. I got the form sign in page. But, unable to login. Can you give me some more tips or the set of things to look into.

Thanks

 
At 12:05 PM, Anonymous Anonymous said...

I am using WSS3.0 not MOSS2007. I found the system won't allow me to assign the user to be a site collection administrator. It will generate an error. It said nothig is match. The system only can add domain user not membership provider. Is there any suggestion for me? Thanks.

 
At 12:57 PM, Blogger Mei Ying said...

Hi

You may want to ensure that the FBA settings have been applied correctly to the SharePoint Central Administration site.

Hope this helps!

 
At 7:44 AM, Blogger webwarrior said...

Hi,

I had to put it into the web.config file of the Administration website before it would work on one of my site collections. I also added it to the web.config file of the Shared Service Provider admin directory.

Now it works perfectly. Make sure you type it correctly word by word, in the right case.

Thanks for the great tutorial, it saved me at least 16 hours of struggle. What is your bank account number so that I can make a deposit :-)

Shaun O'Reilly

 

Post a Comment

<< Home