Thursday, 28 April 2011

SharePoint 2010 - Form Based Authentication with Claims Authentication Part 1/2

Here the summary of how-to configure form based authentication in SharePoint 2010.
  1. Install and configure membership provider, e.g sqlmembershipprovider.
  2. Create a new web application with claim authentication, alternatively update existing web application from basic to claims based.
  3. Configure the SharePoint IIS instance to consume membership provider.
  • (optional) create a custom login page (I will list it in part 2)

I am strongly suggest you try all these steps in test or dev environment first to avoid any unhappy result. :)

Install and configure membership provide
You can choose any membership provider for FBA and for simplicity I had picked SQL membership provider for my demonstration.

First of all, you need a SQL database and it can be Express or full version.

Run the aspnet_regsql.exe execute file from this location.

C:\Windows\Microsoft.NET\Framework64\v2.0.50727 (please note the drive may be varies)



Then select



Point the application to right database and any necessary username and password.



Click finish to complete the configuration



Create or update the Web Application

To create a new web application, go to Central Admin -> Application Management -> Web Application -> Create New Web Application.

Select Claims Based Authentication

(Note: You need the Claims Based Authentication for FBA)




Fill the FBA details  and you need these information in later stage, feel free to change it but make sure you write it down.




And fill the rest details of web application and then select "OK".


For update existing web application to Claims based, run this PowerShell script.

$webapp = Get-SPWebApplication "http://yourwebapplicationurl"
$webapp.UseClaimsAuthentication = "True"
$webapp.Update()


Configure SharePoint IIS instance to use the membership provider

Once above two steps are completed then we can start to configure SP instance in IIS to talk to our SQL memberhsip provider.

Go to Administrative Tools -> Internet Information Services (IIS) Manager.

Select your web instance from tree menu under Site



The first step you need to setup a connection strings first, select Connection String then Add.

Your connection string should be look like this


The server name is the server which we were installed membership provider database to, the database has to same as value put down in previous step.

 GO back to your IIS website root and select Providers.

Select .Net Roles from dropdown and click on Add.



Remember we put down the values in SharePoint Central Adminstration for Role manager in previous step? Now we have to enter it again in Name field and details as below.

Type: SQLRolePRovider
Name: FBARole
ConnectionStringName: FBACon
ApplicationName: /



Once finished then select .Net Users from feature dropdown and select Add.

Fill these values in new window opened.
Type: SQLMembershipProvider
Name: FBA
ConnectionStringName: FBACon
ApplicationName: /



Same steps have to apply on Central Adminstration v4  website and SecurityTokenServiceApplication web service.



Once all set, go to website and you should expect to see screenshot below if all went smoothly.



Select Windows to auto logon if you current user has permission.

You may ask "what if I don't want the login selection box appear when user visit SharePoint site?".

Then you can extend your SharePoint site and have Windows (Site A) and Form authentication (Site B) side-by-side, for those need access to Windows authentication they can access SharePoint site A and the rest for Site B.