SharePoint 2007 Forms Authentication It’s easy when you know how! I’ve been playing around with Beta 2 of Microsoft Office SharePoint Server 2007 for a couple of weeks now trying to get Forms Authentication to work. Together with Dan Winter from Microsoft and Adam Tybor I’ve got an internet presence site working with Forms Authentication and anonymous access. Perfect for an public facing internet site run on SharePoint 2007. So here’s the step by step guide on how to do it (with pictures!) A quick word of warning – this works for Moss 2007 Beta 2. If the process for any subsequent releases change I’ll post the changes on the blog as well. 1, Create a new site – go to Office Server Central Administration -> Application Management -> Create or Extend Web Application -> Create a new Web Application Enter the settings to create a new SharePoint site. Leave the Authentication Provider as NTML. Check Allow Anonymous to Yes. Fill in the rest of the settings as you normally would and create the Web Application. 2, Once the Application has been created choose to ‘Create a new Windows SharePoint Services site collection’. Give the site a nice name, check the box to ‘Create site at this url’ and leave (root) selected from the dropdown. For the primary site administrator enter the username of the main SharePoint administrator. This will change anyway once we’ve got Forms Authentication up and running. From the Template Selection pick ‘Internet Presence Web Site’. This is a good one as it will have a login screen created by default that we can use to let people login under Forms Authentication. Click ok to finish creating the site, and in the following screen click the link to open the new site in a new browser. 2a, I missed this step out originally - sorry Go back to the Application Management page in Central Admin and click on Authentication Providers. In the following screen select the site you wish to change the authentication provider to Forms for. Once you've selected it you'll see Windows as the MemberShipProviderName. Click on this and you'll see the screen below: Set the authentication type to Forms and enter the Member Ship Provider Name to AspNetSqlMembershipProvider. If anonymous access isn't ticked, tick that now. 3, Now we need to finish enabling anonymous access. When you visit the site for the first time by clicking the link in Central Admin it will ask you to login with normal Windows Login popup (login with the username you added in step 2 for the site administrator). Assuming you created an Internet Presence site you’ll get a list of tasks to do on the front page with ‘Enable anonymous access’ being the top one. Click the link and it’ll take you to the page where you set what access visitors to the site will have. For this example just choose Entire Website and click ok. 4, The next step is outside of SharePoint. We need to create our aspnetdb to store all our roles and users in. We could use the database that gets installed by SharePoint if you do the default installation, but to keep it on a separate db I installed SQL Express and the Management studio for it. Download them both from here. Once you’ve got these installed fire up a Visual Studio command prompt (or a cmd prompt and go to c:\windows\microsoft.net\framework\v2.0.50727) and run aspnet_regsql. Create your roles and membership data on the sql server you so wish. 5, Now you need to edit web.config for the site you created and web.config for the SharePoint v3.0 Central administration website. These sites are created by default in c:\inetpub\wwwroot\wss\virtualdirectories. (To find out which directory is your Central admin one you’ll need to go into IIS, right click the site->properties->home directory, same for the other if you didn’t change the name of the folder when creating the site) So in both web.configs we need to supply the connection string details for our aspnetdb. Just outside the <System.Web> tag put: <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Server=yourserver;Database=aspnetdb;uid=sa;pwd=*******;" providerName="System.Data.SqlClient" /> </connectionStrings> Once you’ve edited both web.config’s go to a command prompt and do an iisreset. 6, Now we need to add some users to our database. The easiest way to do this is to create an ASP.NET 2.0 website using Visual Studio 2005 (or Visual Web Dev). Add a web.config to the project and then add exactly the same connection string as you did above for your new SharePoint site. Build the project. Back in Visual Studio, under the website menu, select the option for ASP.NET Configuration. This opens up the ASP.NET web site administration tool where we can add the users and roles we want. Select the Security link, create a role (something like administrators), and then go and add a user. 7, Now the final step, and this is why we had to add the connection string to the web.config for the Central Administration site as well. The site administrator that we added when we created the site (which was an active directory account) has now been removed. So we need to add the user we created in step 6 as the site collection administrator. Goto Central Administration -> Application Management -> site collection administrators – and enter the username created in step 6 in Primary site collection administrator. And that’s it. Logout of Central Administration (make sure you do this as it saves a cookie whenever you are logged in), and navigate to your new Forms Authentication site. You should be able to anonymously access it ok. Click the login link at the top right of the screen and use the username and password you created to login! Woot!!!! :-) Technorati Tags : SharePoint 2007 Moss 2007 posted on Wednesday, June 14, 2006 11:25 PM Get email alerts when this blog is updated! Feedback # re: SharePoint 2007 Forms Authentication 6/19/2006 6:16 PM Doug Fowler It may be worth noting that you also have to set the site's Authentication provider to Forms with AspNetSqlMembershipProvider being the Membership Provider Name. Thanks for the great post! # re: SharePoint 2007 Forms Authentication 6/22/2006 6:35 PM Tim Landgrave When I try to put the <ConnectionStrings> tag inside of the system.web tag in the Administration site I get an error (tag not allowed). When I put it anywhere else in the web.config the site settings administrator won't recognize that it exists. Any ideas? Also, your post says nothing about adding the Membership and Role tags to the web.config file for the new Web Application. Every other guide says that those have to be entered. Are they necessary or not? # re: SharePoint 2007 Forms Authentication 6/22/2006 7:36 PM Ambreen hi, great article, got everything working to the point that i can login with the form and username/password in the aspnetdb. but i'm not able to set the primary site administrator via central administration, keeps giving me no exact match found message any suggestions would be really helpful thanks , ambreen # re: SharePoint 2007 Forms Authentication 6/23/2006 3:48 PM Gary Nice articel Nick, tried using AD instead of SQL for user data ? # re: SharePoint 2007 Forms Authentication 6/23/2006 4:32 PM Shawn Russell Nice article! I noticed in my web.config that the ConnectionStrings can not set within the System.Web tag but as with my other ASP.NET apps has to be placed inside the Configuration tag; otherwise you get a configuration error. Am I missing a configuration step to make and I should be placing this within the System.Web section or does it actually need to be inside the Configuration tag? Thanks! # re: SharePoint 2007 Forms Authentication 6/26/2006 5:58 PM Nick Swan Tim, I've just been back and checked the web.configs of my sites and it seems that the ConnectionStrings need to go just outside of <system.web>. I can only think it's an error on my part....let me know how you get on. Ambreen have you added the connection string to aspnetdb in the web.config for central administration site as well? Gary, not sure what you mean to be honest. Shawn, as with Tim checking back my text above seems wrong. The <ConnectionStrings /> go just above <System.Web> Let me know how you get on and I'll make changes to the main article. # re: SharePoint 2007 Forms Authentication 6/26/2006 6:03 PM Nick Swan I've changed it now to say put the connection strings just outside System.Web. I think I put 'inside' by mistake when I meant 'outside'! :-) # re: SharePoint 2007 Forms Authentication 6/26/2006 6:20 PM Nick Swan Hi all. check out step 2a, sorry I missed this out originally! Thanks Doug it was your feedback that pointed it out to me. sorry again! # re: SharePoint 2007 Forms Authentication 6/28/2006 6:47 PM Ekta Very good article, i was struggling for forms authentication and it helped me a lot. Can you help me in getting Internet presence site template also pls? # re: SharePoint 2007 Forms Authentication 6/29/2006 6:12 AM Shalin Hi, I followed all the steps, still not able to search users after configuring through Central Administration. Please help. # re: SharePoint 2007 Forms Authentication 7/4/2006 10:08 AM Lars Nielsen This is a great article. I've been working this around for a day and tried to get there myself, but couldn't. I got most of it up'n running, but kept bounching into the actual authentication (in fact, I think i needed the IISReset). ...well: Now I've run into another problem. I want to customize my site with the Sharepoint Designer 2007, but runs into an authentication problem. The reason seems simple, though I cannot figure out an resolution; we are now using Forms Authentication, and naturally the designer cannot transfer it's user rights. Is it possible to use several authentication mechanisms in the same solution. Not Windows authentication with forms, but something similar such as application security? # re: SharePoint 2007 Forms Authentication 7/6/2006 12:44 PM Duncan Great article, and a couple of points: First, I've run into the same problem as Lars, in that I can't figure out how to use Sharepoint Designer with the forms authentication site. Second, I can now add users to the site, after I've added them to the database via the ASP.NET web site administration tool. But is there any way to add groups created this way? I've not had any luck so far. # re: SharePoint 2007 Forms Authentication 7/6/2006 1:24 PM Brian Managed to get forms auth going in under an hour, which having done it, I know would have taken much, much longer without such good guidence. However, am I missing something obvious? I can create and authenticate users, but they don't seem to be automatically added as 1st class sharepoint users (they don't show up in People And Groups) until they're added manually by an administrator. Just authenticating users doesn't buy me much - surely authorization for specific sites, lists, etc. is ultimately what everyone wants to do? Anybody have any thoughts to share? # re: SharePoint 2007 Forms Authentication 7/7/2006 7:17 AM Brian Answered my own question:- use the roles provider. Getting it working is actually very easy, realising that it's working is a bit harder! Set up the role manager for your site in it's web.config (no need to change central administration), add the role member name in the site's authentication providers (i.e. AspNetSqlRoleProvider) in central administration, and that's it. You then go into people & groups for your site and add any role you've created as a _user_ - the system should recognise it and add it as a group. That group can then be used for authorization purposes, and any user belonging to the group will be subject to it's permissions. # re: SharePoint 2007 Forms Authentication 7/7/2006 11:45 AM Michael I'm having the same issue as Ambreen. I've added the <connectionStrings> to both web.config's but when I go to the Central Administration and try to add the Primary Site Collection Administrator, it keeps telling me No exact match found. Any ideas? # re: SharePoint 2007 Forms Authentication 7/9/2006 2:44 PM Steve Sofian Great article... Thanks I am trying to use AD or LDAP as an authentication provider and using the ASP.NET login control and change password control....Just wondering if you have tried anything on this # re: SharePoint 2007 Forms Authentication 7/11/2006 11:18 AM Saquib Irfan Great article.... good one # re: SharePoint 2007 Forms Authentication 7/12/2006 4:20 PM Ekta Suppose i want to use my custom database for Users, then how do I do that? In which file the code is written to access users from aspnetdb database. Can we change this file? How should i go about this. # re: SharePoint 2007 Forms Authentication 7/12/2006 4:32 PM Will In regards to Michael and Ambreen's problem about adding the <connectionStrings> to both web.configs, but still getting "No exact match found": I ran into the same problem, and ended up solving it by also adding the membership provider to the web.config file of the Central Administration. In other words, inside the system.web tag I added: <membership> <providers> <add name="MembershipADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="domain\user" connectionPassword="password" /> </providers> </membership> Hope this works! # re: SharePoint 2007 Forms Authentication 7/13/2006 5:57 AM Patrick Imboden Great! And thanks to Brian too. # re: SharePoint 2007 Forms Authentication 7/15/2006 5:35 PM Daniel Is there any way to add a script or page in Sharepoint that will allow me to create, modify, delete users right from there. I would also like to be able to let the users change their own passwords. Thanks # re: SharePoint 2007 Forms Authentication 7/17/2006 10:22 AM joy I have deployed the MOSS 2007 site to FORM authentication.now I want to add user into it programmatically. but it failed. however when the site is AD authentication, I can add user successfully. I can't find what's the problem is and would you please do me a favor? many many thanks joy # re: SharePoint 2007 Forms Authentication 7/19/2006 1:27 AM F.A. Works great! Has anyone seen any disadvantages of using Forms-based authentication? I.E. Do we lose certain functionality or is there certain features of Sharepoint 2007 that, when using them, cause conflicts? # re: SharePoint 2007 Forms Authentication 8/4/2006 3:09 PM Pawan Brian, Could you explain how to configure role provider. I enable role provider in the WSS config file and added the name in central administrations. However, it does not bring up any roles that I have created when I try to add users. I can see all the users that I have added but the roles don't show up in the search in "add people and groups". Any help would be appreciated. Thanks, Pawan # re: SharePoint 2007 Forms Authentication 8/11/2006 7:36 AM Lubo Hi from Bulgaria, Great post and great comments! For the guys who have problems with SharePoint Designer and Forms Authentication - revert to Windows Authentication for a moment while working with SharePoint Designer. It's just a radio button click in the Central Administration Pages. For those who want to create SQL users from their SharePoint site - create some web parts that use the Membership API. It's very simple, just add System.Web.Security namespace and use methods like Roles.GetAllRoles(), Roles.CreateRole() or add CreatUserWizard control programatically. Greetings, Lubo # Using SharePoint 2007 Forms Authentication & AD Simultaneously 8/14/2006 4:52 PM Michael We have a need to need to implement an extranet utilizing both AD and Forms Authentication - Any issues with using both in the same physical environment? # re: SharePoint 2007 Forms Authentication 8/16/2006 11:59 AM Bob Mixon Great post Nick! I have included a traceback to this post from my blog at: http://www.bobmixon.com/cs/blogs/bobmixon/archive/2006/08/16/108.aspx Bob Mixon [SPS MVP] http://www.BobMixon.com # re: SharePoint 2007 Forms Authentication 8/17/2006 11:05 AM Patrick Imboden If you want Sharepoint designer and/or infoptah to work... login to your site with the "forms" admin account, and check the "sign me in automatically" checbox... Sharepoint and Infopath will use this cookie to authenticate. # re: SharePoint 2007 Forms Authentication 8/23/2006 11:56 AM Styles When I access the security tab of ASP.NET configuration this message shows up: "A connection was successfully established with the server, but then an error occurred during the login process. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.)" Anyone who can help me with this? I've got also a stupid little question. In the connection string there is a field "uid=sa" and "pwd=*******". What do I have to do with these? Leave them like this or fill in credentials? # re: SharePoint 2007 Forms Authentication 8/29/2006 3:24 PM Daniel Webster Can we use user information in an existing SQL database for authentication? # re: SharePoint 2007 Forms Authentication 8/30/2006 5:14 PM Daniel Webster We are using an existing database for authentication and that is working well. We are having problems identifying the database for profile imports. Specifically the Provider Name and Search Base in the Connection configuration. # re: SharePoint 2007 Forms Authentication 9/4/2006 5:51 AM joe thank you # re: SharePoint 2007 Forms Authentication 9/16/2006 6:18 PM Jeff Merithew I'm a teacher that is trying to create a SharePoint site for my fellow teachers. I'm using a stripped down version of windows SBS 2003 (most extra features are uninstalled) and SharePoint services 3 beta refresh. Your article above intrigued me in that I am trying to create users for SharePoint (fellow teachers) without making local accounts for them. I was hoping to just create a simple table in SQL that contains the users (a table I can continually edit) that SharePoint will pull from to be added to any site. Is this possible? Also, users need to be able to change their password and personal information through SharePoint. # re: SharePoint 2007 Forms Authentication 9/22/2006 12:08 PM Lionel Barre Thanks, great, We managed to set up forms authentication for LDAP provider and SQL Provider. Only problem, we have is, we are completely unable to get it to work in anonymous, we are always redirected to the forms login page. Any idea? We also set up the default zone with Windows authentication, this is the only zone working in anonymous mode. # re: SharePoint 2007 Forms Authentication 10/5/2006 10:29 PM tad After I implemented the form based authentication. Most features are gone. For example, people and group, Lists, Discussion. They all return "File Not Found error". I created a aspnetdb on Sql Server 2000 to store my login data. # re: SharePoint 2007 Forms Authentication 10/6/2006 3:22 AM Rajeev Abrol Very Good Article, made my life easier # re: SharePoint 2007 Forms Authentication 10/11/2006 11:45 AM Gat Great article, a good document to fit extranet access without requiring AD support. @Lionel Barre : I got the same problem than you, have you find a way to fix this issue ? # re: SharePoint 2007 Forms Authentication 10/11/2006 4:34 PM Vin Hi, Good One! I am running into the same problem as ambreen & Michael was... "no exact match found" while trying to resolve the users created thru asp.net web site administration tool. A part of My Central admin web.config looks like this <B> </SharePoint> <connectionStrings> <add name="AspNetSqlProvider" connectionString="server=DEV1\DEV1; database=aspnetdb; Trusted_Connection=True" /> </connectionStrings> <system.web> <membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <remove name="AspNetSqlMembershipProvider" /> <add connectionStringName="AspNetSqlProvider" passwordAttemptWindow="10" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" description="Stores and retrieves membership data from the Microsoft SQL Server database" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"> <providers> <remove name="AspNetSqlRoleProvider" /> <add connectionStringName="AspNetSqlProvider" applicationName="/" description="Stores and retrieves roles data from the local Microsoft SQL Server database" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> </B> And a part of the web.config of my web app in MOSS looks like the foll: <B> </SharePoint> <connectionStrings> <add name="AspNetSqlProvider" connectionString="server=DEV1\DEV1; database=aspnetdb; Trusted_Connection=True" /> </connectionStrings> <system.web> <membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <remove name="AspNetSqlMembershipProvider" /> <add connectionStringName="AspNetSqlProvider" passwordAttemptWindow="10" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" description="Stores and retrieves membership data from the Microsoft SQL Server database" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"> <providers> <remove name="AspNetSqlRoleProvider" /> <add connectionStringName="AspNetSqlProvider" applicationName="/" description="Stores and retrieves roles data from the local Microsoft SQL Server database" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> </B> Pls advise! Thanks in Advance! # re: SharePoint 2007 Forms Authentication 10/20/2006 2:26 PM Vin Got it resolved. Once i did a clean B2TR slipstream installation. I could see logged in using the users in aspnetdb till yesterday and today for some reasons i get this "File Not found" error when i try to open the site. Vin # re: SharePoint 2007 Forms Authentication 10/25/2006 10:46 AM Hans I have the same question as Pawan. How to get the role provider working. I cannot see the roles/groups defined in the database used by the roleprovider. Any help, links etc are welcome. Thanks in advance, Hans # re: SharePoint 2007 Forms Authentication 10/30/2006 12:21 PM Travis Vin, Check your web.config files. I had the same problem, if you edit the files while IIS is running it will corrupt the files with random ? everywhere. Turn IIS off, then replace the ? with the correct character and then turn IIS back on. Hope that helps, -- Travis # re: SharePoint 2007 Forms Authentication 11/7/2006 10:12 AM Rafael I've already done all steps and I read the posts as well, but when I go to "Central Administration -> Application Management -> site collection administrators " and try to put users from database I get this message: "No exact match was found." Seems that application isn't reading the connection string I put inside both web.config file or something like that. Could anyone help me? # re: SharePoint 2007 Forms Authentication 11/7/2006 2:13 PM Philip There appears to be a bug in MOSS 2007 Beta relating to forms authentication. Editing the config settings with the IIS ASP.Net Configuration Settings Tool will insert an xmlns attribute into the configuration element of the web application's config file which causes MOSS to report a "File Not Found" error. Removing the xmlns attribute fixes the error. Before <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <configuration> <configSections> <sectionGroup name="SharePoint"> <section name="................................. After <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <configSections> <sectionGroup name="SharePoint"> <section name="................................. The following link furthur describes this bug. http://www.infusionblogs.com/blogs/kguenther/archive/2006/06/27/608.aspx # re: SharePoint 2007 Forms Authentication 11/8/2006 4:05 PM Damon Everything seems to work, but I keep getting sent to a login page when I try to access the site. I've made sure I have check the Enable anonymous access checkbox in the Central Admin for my website and I have also set my website to allow anonymous uses to see the entire website. What am I missing? # re: SharePoint 2007 Forms Authentication 11/15/2006 11:24 AM Matt W In step 2, I do not believe that "Internet Presence Web Site" is an option for a site type in B2TR. # re: SharePoint 2007 Forms Authentication 11/15/2006 7:49 PM Vin Is it possible to have a "People Search" functionality like the normal sharepoint people search??? This question came up since we have our users seperated from the user profile database. If that's not possible, is there anyway to import the users in to the appropriate SSP's user profile database?? I badly need a solution for this since people search is a must and i have all my users in the aspnetdb. Any early reply is well appreciated! Thanks! # re: SharePoint 2007 Forms Authentication 11/16/2006 5:23 AM Thomas Goddard Did anyone figure out how to resolve the error where "No exact match was found." occurs within the Site Collection Admins page, after you add the connection string to both the central admin and extended site's configs? I have tried various formats for the connection string but the Site Collection Admin page is always unable to recognize the user. I tried rebooting the server too. # re: SharePoint 2007 Forms Authentication 11/16/2006 1:00 PM Vin Thomas, If you're using MOSS 2007 Beta2, i would suggest you to install B2TR and try this. It worked for me when i did a slipstream installation. If you're having B2TR already, am sorry..am not aware of it. # re: SharePoint 2007 Forms Authentication 11/17/2006 1:38 PM Vin Lemme explain the scenario in a little detail. I have "n" number of customers & i've created a web app for each customer. I have also enabled forms authentication for every web app which has it's own custom aspnetdb (Each customer's user profiles are maintained in their own custom_aspnetdb - The requirement is to maintain the each customer's users in a seperate database). So, everything is working well so far. Now i have a couple of questions : 1. I want to perform a "People search" on each web app and since we have the users in the aspnetdb i have no idea how to perform a "people search" with aspnetdb database in place. 2. If we can't simulate "People Search" with users in aspnetdb, is it possible to import users from aspnetdb to the appropriate SSP's user profile database, so that we can avail the sharepoint's "People Search" directly. 3. If we can import users from aspnetdb, how to keep the user details in sync between "aspnetdb" and "User Profile db" in SSP FYI, I have created a seperate SSP for each web app (unless otherwise if a customer have a partner and they want to access each other's profiles. In that case, both of the web apps will be bound to a same SSP). It would be of great help if you could answer these questions. I am not using AD or LDAP, it's just a aspnetdb and new users are manually feeded in to the database using a webpart. # re: SharePoint 2007 Forms Authentication 11/22/2006 6:46 PM PJ-WSU I got my central admin site to recognize users from my AspNetSqlMembershipProvider. I set up one of those users as a site collection owner on my application. However, when I try to login to the extranet site, it keeps tossing me back to the login form. Any ideas? Thanks. # re: SharePoint 2007 Forms Authentication 11/24/2006 2:59 AM Premjeet Hi all, I could not see the Internet Presence Site template in Sharepoint 2007 template collection Under which template it is listed? Thanks and regards Premjeet # re: SharePoint 2007 Forms Authentication 11/29/2006 12:48 PM Jigs Hi, I'm seeing "No exact match was found" error described by Thomas. I have MOSS 2007 RTM installed and i'm trying to use OOTB AD Provider. Here's my web.config setting <connectionStrings> <add connectionString="LDAP://MyADServer/dc=MyAdServerDomain,dc=net" name="ADConnString" /> </connectionStrings> <membership defaultProvider="ADProvider"> <providers> <clear/> <add name="ADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=184.108.40.206, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnString" connectionUsername="tccdev\AdminUser" connectionPassword="AdminPassword" /> </providers> </membership> # re: SharePoint 2007 Forms Authentication 12/1/2006 7:50 AM Meghna Hi, Good article. I have same problem as Damon I keep getting login page when I try to access the site even have checked anonymous access. Can we integrated AD user within form authetication? Regards & Thanks Meghna. # re: SharePoint 2007 Forms Authentication 12/7/2006 9:03 AM Liz Hi, Have anyone tried calling the share point web services for a forms authenticated site?I am getting redirected to login page even if the credentials are passed. Thanks, Liz # re: SharePoint 2007 Forms Authentication 12/8/2006 2:27 PM Joshua Thanks for the instructions. I have a couple of quick questions: 1. Is there a permission set that allows select users/groups to APPROVE the modified content (say in a workflow process) but does not give them the ability to PUBLISH? So you can establish a workflow that has authors (who create the content but cannot publish) and editors (who review the content and publish). 2. Regarding user groups and permissions, is there a build-in module/feature that allows for self-registration? So say there is a portion to the site that is available to the general public (anonymous access) and then if a user signs up and logs in they have access to the more in depth community aspects (blogs, discussions, and shared documents)? And this newly self-registered user will automatically get put into a pre-defined user group. Also, does anybody have any other locations where these types of topics are discussed? Thank you, # re: SharePoint 2007 Forms Authentication 12/19/2006 12:44 PM Bob you mention "We could use the database that gets installed by SharePoint if you do the default installation" How would I go about doing this? # re: SharePoint 2007 Forms Authentication 12/19/2006 5:19 PM Reed Great article..I noticed a lot of people asking the same question I have now, and that regards using this forms based authentication with Active Directory. Can you provide me with any instructions on doing this?..Thanks! # re: SharePoint 2007 Forms Authentication 12/19/2006 9:03 PM Bob The Active Directory is not difficult: Add the below to your config and set the Servername, and give an account with access to create, view.. etc. Next set the Sharepoint Auth method to Forms and use the Member name specified below (ADProvider). My problem maybe you can help is how do you associate the Forms login with a Windows Login as sharepoint se's the Forms user as a completely different user from the Windows Authenticated user even though they are both Authenticated from Active Directory? <connectionStrings><add connectionString="LDAP://YourServerName" name="ADConnString"/></connectionStrings> <membership defaultProvider="ADProvider"> <providers><add name="ADProvider" enableSearchMethods="true" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=220.127.116.11, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnString" connectionUsername="DOMAIN\Administrator" connectionPassword="AdminPassword" attributeMapUsername="SAMAccountName"/> </providers> </membership> # re: SharePoint 2007 Forms Authentication 12/20/2006 12:26 PM yxg Hi all, I could not see the Internet Presence Site template in Sharepoint 2007 template collection , the same question with Premjeet. I know it should be listed under the "collaboration" template, but mine only have 5 in it : Team site, Blank Site, document Workspace,Wiki Site and blog", instead of 8, lack of " Records Repository,Internet Presence WebSite, My site host". the picture at the right of the selection area is yellow, instead of blue. The version I installed is MOSS Trial version 1.0, 264.7 MB. As far as I remember, when I installed it, the sharePoint Server Standard Trial number works, instead of that of Enterprise edition. perhaps it may appear if some of you kindhearted send me a folder in your: program files\common files\microsoft shared\web server extensions\12\TEMPLATE\SiteTemplates path, I guess the "BLANKINTERNET" folder is ok. my email : firstname.lastname@example.org thanks Premjeet, have you got it? your earliest reply will be appreciated! yxg # re: SharePoint 2007 Forms Authentication 12/21/2006 4:08 AM yxg I searched Google and find this , then I got a MVP’s mail which is the same answer. http://www.msd2d.com/content/tip_viewitem_03.aspx?id=187d7e70-b33e-43bc-8174- 1dab6c92eb69 it’s a good site. # re: SharePoint 2007 Forms Authentication 12/23/2006 10:37 AM yxg It's a pity that SQLServer 2005 management studio Express can't be installed with SQLServer 2005 management studio at the same machine. But my SQLServer 2005 and VS2005 are not CTP, just curious why they are conflict? # re: SharePoint 2007 Forms Authentication 12/25/2006 11:59 PM yxg Hi all, Suppose such a scenario, there are many child sites under an internet presence web site, when users of different child sites log on the internet presence web site with their own passwords, is it possible that they are directed to different child sites respectively? that is, user1 is directed to child site1, user2 is directed to child site2? and so on. thanks # re: SharePoint 2007 Forms Authentication 1/8/2007 5:37 PM JonB Bob, did you ever get an answer to the problem with AD authentication. I have the same issue in that I can log in through the form and the user is recognized as being in AD and properly logged in BUT, no matter what I do, no one has any access to the actual content. After logging in through the form I get a page that says: go back to the site Error: Access Denied Current user You are currently logged in as [john.Doe.Valid.AD.User] Sign in as a different user I have made the user the Site Collection Administrator as well as added them to a group having full access to the site and no luck. Note that I have added the ADConenction and the membership DefaultProvider stuff to the web.config for both the extranet site and the configuration site. The intranet version of the site uses windows authentication and that site allows access to properly authenticated domain users. # re: SharePoint 2007 Forms Authentication 1/9/2007 10:58 PM Marc Dispensa I have forms authentication working however i get an error when i try to use excel services. Any ideas on how to make excel services work with forms auth? # re: SharePoint 2007 Forms Authentication 1/10/2007 2:53 AM AG Hi JonB/Bob/Thomas, I am also getting same problem. I am able to register my custom provider in app web.config as well as in admin web.config (in bin also). User is getting authenticated but not able to enter the site. After logging in through the form I get a page that says: go back to the site Error: Access Denied Current user You are currently logged in as [john.Doe.Valid.AD.User] Sign in as a different user In centralAdmin also, (getUser(...) functin is not getting called so user is not verified while adding it to site administrator collection.) Please help me out. # re: SharePoint 2007 Forms Authentication 1/11/2007 12:30 PM Ryan Also getting go back to the site Error: Access Denied Current user You are currently logged in as [john.Doe.Valid.AD.User] Sign in as a different user When authenticated as a form based used (underlined in the setting setting / add user). Weird. Any one any ideas... # re: SharePoint 2007 Forms Authentication 1/12/2007 6:51 PM DonB WSS 3.0 does not have the "Internet Presence Web Site" Template. Neither does the MOSS2007 Enterprise Trial. How can I obtain this template? I am not a ASP developer by trade and the code that would already be built in this template would be extremely helpful. # re: SharePoint 2007 Forms Authentication 1/14/2007 10:44 AM yxg DonB, I searched Google and find this , then I got a MVP’s mail which is the same answer. http://www.msd2d.com/content/tip_viewitem_03.aspx?id=187d7e70-b33e-43bc-8174- 1dab6c92eb69 it’s a good site. # re: SharePoint 2007 Forms Authentication 1/15/2007 6:58 AM Jordan Richards Error: Access Denied Ok guys if you are getting this. Site Settings - Modify All Site Settings - (Galleries) Master pages and page layouts Check in, and then Authorize your master page. I'd bet that you have a modified master page which is in use and thus your users are authenticating but do not have permission to see Pending Master Pages. Hope this helps Jordan Richards :) # re: SharePoint 2007 Forms Authentication 1/24/2007 9:30 PM GavinR I'm having issues with the AD Authentication.. I've completed the above (for the ADProvider) and I can logon using the NT accounts and can see the first portal page, but it seems none of my NT groups are being noticed.. I've added say "Sharepoint Portal Admins" NT Security/global group as Admins on the portal and when I logon with a user in this group I do not see the "Site Settings" drop down box for editing, When I click on any links on the front page (from the default page created) I get a 'access denied' page.. anyhelp would be fantastic. # re: SharePoint 2007 Forms Authentication 1/26/2007 5:26 PM tlk This posting was HUGELY helpful!! But I, too, am having trouble using Excel Services now via my external zone. The error I get is "Excel Web Services could not determine the Windows SharePoint Services site context of the calling process." # no exact match found message 1/30/2007 5:29 PM Carlos I still have this problem, I copy the connectionString and the Membership provider from my App web.config to the one in the central administration site. I have shapepoint 2007 and services version 3. Do I have to apply the patch that someone recomend there for B2TR ? Thanks in advance. # re: SharePoint 2007 Forms Authentication 1/30/2007 8:39 PM FBA Gavin, For the groups to work, you need to add the "role provider" as well. But folks, Before jumping into forms authentication beware that the audience targeting will not work with forms authentication. # re: SharePoint 2007 Forms Authentication 2/6/2007 7:33 PM Bryan I'm stuck on step #2, I do not have the option to select "From the Template Selection pick ‘Internet Presence Web Site’" from the Template section under Collaboration. # re: SharePoint 2007 Forms Authentication 2/12/2007 5:06 AM Amina Bryan Select "Publishing Portal" under the Publishing tab. Its the same as Internet Presence Web Site’. # re: SharePoint 2007 Forms Authentication 2/27/2007 3:39 PM Hina i am trying to set user logins for sharepoint website. i want to check user authentication from active directory. how can i do that? any idea? please email me at email@example.com # re: SharePoint 2007 Forms Authentication 2/28/2007 5:33 AM Shaun Is the Access denied issue resolved?? If someone has been able to rectify, please post the solution as i have not been able to figure it out. Thanks # re: SharePoint 2007 Forms Authentication 3/1/2007 1:38 AM Shaun Great article!! Working good.. Is there anything like we cant create a team site inside a publishing home site? # Help - 'no exact match' 3/10/2007 5:04 PM Mike I have followed this how to as well as the one by Steve Peschka, yet in step 7 above (add user as site collection administrator), or in the 'Policy for Web Application' page, I cannot add the users from my Membership database, and search says 'no exact match found'. I validated that the application pool user for both Central Administration as well as the Sharepoint site ('Network Service') has access to the Membserhip database. Help? # re: 'no match found' 3/10/2007 6:43 PM Mike I posted a comment earlier today about getting 'no match found' when trying to add users from my sql membership database as Administrators - the problem was that I had not created users in my membership database using the ApplicationName in my membership configuration: <membership> <add name="AspNetSqlMembershipProvider" applicationName="/" ... I had added users using a custom login form using the sample provided here:http://msdn2.microsoft.com/en-us/library/ms998317.aspx The users will not show up unless they are created using the same applicationName used in the Sharepoint membership provider configuration (all of the samples use "/"). Once I created a user in the membership database using the applictaionName="/", I was able to add the user and successfully log in to the site. It would be nice if there was a set of Sharepoint user management pages to use with the AspNetSqlMembershipProvider. -Mike firstname.lastname@example.org # re: adding users w/o VS.Net 3/12/2007 3:46 PM Tohams Is there a way to add users w/o using Visual Studio 2005? I can't connect to the SQL Server the user store will be on from my dev machine (which is where VS.Net is). Thanks! # MCMS 2002 - SharePoint 2007 Forms Authentication 3/14/2007 8:05 PM Ahmad If I have MCMS 2002 on SP2 (running APT .NET 1.1) framework 1.1 and I have WSS 3.0 on a seperate server on 2.0 framework. Is it possible to forward MCMS 2002 (from SQL Database) to pass credential to WSS 3.0 to autotmatically authenticate users to WSS site? and that users will not have to relogin! Is this possible? is there a way to go around that without having to upgrade current MCMS site from ASP .NET 1.1 to 2.0? Please Help!!! # re: SharePoint 2007 Forms Authentication 3/20/2007 5:56 PM MRB Hi, Nice article.Thanks I have configured Sp2007 and at the stage of creating new site collection.its so weird that I dont see the publishing template in the template selection..I tried to activate Office SharePoint Server Publishing in the site features.But it says One or more features must be turned on before this feature can be activated. Office SharePoint Server Publishing Infrastructure Provides centralized libraries, content types, master pages and page layouts and enables page scheduling and other publishing functionality for a site collection. I am beating the bush since morning.Please shed some light how can I accomplish this (activate the publishing feature) Thanks in advance. -MRB # re: SharePoint 2007 Forms Authentication 3/24/2007 1:50 PM Arnold J. I have ADmembership working and had to add the ADMembership:<username> to the siteusers. SharePoint does not recognize this user as the actual AD user but as the ADMembership:<username>. This way the extranet users won't have access to their user related info. Is there a workaround? # re: SharePoint 2007 Forms Authentication 3/28/2007 12:19 PM Hisham Qaddomi I did the forms authentication OK but I want to customize the user profiles with my own fields. If you add them to the SQL data base they will not appear in the SharePoint profile page. How can I do that? # re: SharePoint 2007 Forms Authentication 4/1/2007 11:24 AM Michael Bailey OK; I beleive I have FBA working with the ActiveDirectoryProvider in my MOSS 2007 installation. (I can find users through the "Policy for Web Application" and grant them rights to the zone for which I have the provider enabled (Extranet).) When connecting to the web application hosting the specified zone, I am directed to the Sign In page but after entering my username and password and clicking "sign in", nothing happens. There is a postback, but then the login page just pops up again. It never authenticates me. Any idea what's going on? # re: SharePoint 2007 Forms Authentication 4/8/2007 5:05 AM Vivek After successfully enabling the forms authentication, when i try to publish the InfoPath 2007 in it it says "the following web server does not appear to be running windows sharepoint services <my site address>". Do anyone faced this problem? Any solution? # re: SharePoint 2007 Forms Authentication 4/16/2007 3:29 PM David Gilbert So, is there any way to target content to users that are in the Extranet zone? I really don't want to put these users in my Active Directory. From everything I read, it looks I can't do this. Maybe there's a way to have LDAP against the ASP.NET SQL DB? Thanks Dave # re: SharePoint 2007 Forms Authentication 4/17/2007 1:08 PM David Gilbert How can we target content to the Extranet Zone users from the ASP.NET DB? I need to user audiences to target content to both the internal and external users. It looks like I can't add/import profiles unless the Account Name can be validated against AD/LDAP. Thanks Dave # re: SharePoint 2007 Forms Authentication 4/17/2007 2:17 PM vik FBA, could you please explain more about why "the audience targeting will not work with forms authentication" What we found out that at web application level the audience targeting does works with Forms authentication. We have Forms auth based on SQL srvr. As we all know a SSP can be applied to more than one web application, if one web applc is Forms based and other is Windows auth based, then yes the AD audience will not work for forms and similarly the Forms based roles will not be recognized by Windows auth. But if you create a SSP and just apply to one web applc and then if its having Forms auth it should work. # re: SharePoint 2007 Forms Authentication 5/21/2007 4:45 AM Adnan Al- Ghourabi Those who are having the "No exact match was found.", here is how to resolve it: In IIS, go to the properties of SharePoint Central Administration v3, and click on the ASP.NET tab. In there, under General, you'll notice that the connection parameters is pointing to: data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true So just change it to that of the Web application you created. If you make the change through IIS, make sure to go to the Web.config file and replace <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> with <configuration>, otherwise you will get a Web.config configuration error (Event ID 1310) Could not load file or assembly 'Microsoft.SharePoint.ApplicationPages, Version=18.104.22.168, Culture=neutral, PublicKeyToken=71e9bce111e9429c' or one of its dependencies. The system cannot find the file specified.
Pages to are hidden for
"SharePoint 2007 Forms Authentication - DOC"Please download to view full document