Skip to main content

Claim Based/ Form based Authentication in SharePoint 2010

During my regular working schedule, I came across a requirement of providing a claim based authentication in SharePoint 2010. 

Following are the steps I followed to achieve it:

1.  Create Database

Open Visual Studio/Management Studio and create a database with appropriate name. Note SQL Server Name.

Explore to C:\Windows\Microsoft.NET\Framework64\v2.0.50727 open aspnet_regsql.exe

Click on Next

Select Configure SQL Server for application services option and click Next button. Please see the image below:


Enter SQL Server name that was noted before and Select Database that you previously created.



Now Open your database and check tables in database

You will find many table in your table that are automatically created. 

2.   Configure Membership and Role Provider

Now, create a new asp.net web application/form project open web.config .


a.      By default, you will see a <connectionStrings/> node within <configuration> node. Specify the connection string to the database which has been created in the previous section

<configuration>
<connectionStrings>
<add name="constr" connectionString="Data Source=SQL Server Name;Initial Catalog=Your Database Name;Integrated Security=True;Pooling=False" providerName="System.Data.SqlClient" />
</connectionStrings>
</configuration>

Get Assembly Details


Open Run type assembly in it and click ok:

That would open assemblies’ window.


 Select System.Web right click open properties and note highlighted details b.      Add the membership provider and role provider within <system.web> tag. See below code for more information.


 <system.web> 

<membership defaultProvider="FBAMembershipProvider"><providers>

 <add connectionStringName="constr" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
passwordStrengthRegularExpression="" name="FBAMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />      

</providers>    

</membership>     

<roleManager enabled="true" defaultProvider="FBARoleProvider">      

<providers>        

<add connectionStringName="constr" applicationName="/" name="FBARoleProvider"
          type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />      

</providers>    

</roleManager>  

</system.web>

 Where type attribute values are from the assemblies that we noted in previous step.Save web.config file and launch the ASP.Net Configuration Wizard by clicking on Website ? ASP.Net Configuration(Project Menu> ASP.Net Configuration). Please see the image below:


Select role and memberships names that you specified in web.config.Click on security tab> click on Select authentication type




Enter required details of user

3. Create Web Application to implement Claim base authentication

Follow the below steps to create web application and site collection.

 a. Go to Central Administration ? Application Management ? Select ‘Manage Web Application’ link present under ‘Web Applications’ section.b. Click on ‘New’ option in the ribbon.  1. See the below image for ‘Authentication’ and ‘IIS Web Site’ section.

Enter required details of user 

 1.      Create Web Application to implement Claim base authentication

Follow the below steps to create web application and site collection.

a. Go to Central Administration ? Application Management ? Select ‘Manage Web Application’ link present under ‘Web Applications’ section.

b. Click on ‘New’ option in the ribbon.

  1. See the below image for ‘Authentication’ and ‘IIS Web Site’ section.



2. See the below image for ‘Security Configuration’ and ‘Claims Authentication Type’ section.

3. See the below image for configuring ‘Sign In Page URL’ and ‘Public URL’ section.



 4. See the below image for configuring ‘Application Pool’ and ‘Database Name and Authentication’ section.

  5. Create Site Collection after creating web application. Select the template whichever you want to create site collection.

Note : Do not edit defaultMembershipProvider and defaultRoleProvider  property of <Membership> and <Role> tags respectively in any of the web.config file if it is already stated. Also we don't need to add defaultMembershipProvider and defaultRoleProvider properties in SecurityToken web.config file.

4. Now Configure Web.config files of sharepoint sites to use Form based authentication. 

  • Open IIS Explore > Explore Server name > explore Sites > Select Central Administration v4 > Click on Explore  > Open Web.config file.
  • Copy <connectionstrings> tag from asp.net web application > web.config that we created few steps ago.
  • Paste <connectionstrings> tag after </sharepoint> and before <system.web> in web.config file of sharepoint central administration.
  • Add role to <role manager > tag in central administration web.config. You may simply copy and paste <add> tag from asp.net web application > web.config  > <role mamager > that we created.
  • Add member to <membership > tag in central administration web.config. You may simply copy and paste <add> tag from asp.net web application > web.config  > <membership> that we created.
  • Save central administration web.config and close.
  • Open IIs and select the web application that we created > Explore > web.config.
  • Add Connection string as we added to Central Administration web.config file
  • Add role to <role manager> and member <membership> tags in web application web.config file. (Same as we did in central administration web.config). 

5. Configure Security token service web.config file:

Explore to C:\Program Files\Common Files\Microsoft Shared\Web Server 

Extensions\14\WebServices\SecurityToken 

Open web.config file.

Add Connection string to <connectionstrings> tag. Role to <role manager> tag and member to <membership> tag(If you donnt find <connectionstrigs> tag and <system.web> tag in wb.config you need to add it by your self))
 

6.Add User Policy to our web application

 Follow the below steps to add user policy to the web application.

a. Go to Central Administration ? Manage Web Applications ? Select the FBA web application and click on ‘User Policy’ option in the ribbon.

b. Click on ‘Add Users’ link and select ‘Default’ as the zone and click on ‘Next’ button.



c. Type the user name created in ‘Create User’ section in the ‘Users’ textbox and click on people picker icon. You should see the user name get underlined in the ‘Users’ textbox.

6. Follow the verification steps to test form based authentication.


1. Go to FBA SharePoint site and select ‘Forms Authentication’ option.



2. Enter User Name and Password and select ‘Sign In’ button



3. You should be redirected to home page.

Regards,
Keyur Pandya





Comments

Post a Comment

Popular posts from this blog

Identity client runtime library (IDCRL) did not get a response from the login server.

Recently I was doing some testing with a background PowerShell and encountered a weird error. “Identity client runtime library (IDCRL) did not get a response from the login server”. The error that you might encounter while working with PowerShell. This error is very misleading when it comes to identifying what could go wrong. After doing quite a good amount of research below are the probable causes for the error. Invalid Credentials MFA (Multi-Factor Authentication) Manage security defaults. Solutions Invalid Credentials Check if your credentials are wrong. Especially if you are using variables. MFA (Multi-Factor Authentication) Check if MFA is enabled on the account which you are using. These only affect you badly if you are developing PowerShell for a background Job. Go to Microsoft 365 admin center Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication. M...
2 comments
Read more

Business Data Connectivity

I came to a requirement wherein I was supposed to get data from an 3 rd party portal using API’s and then bring them to SharePoint server. The first approach that I finalized was just to make BDC solution that will get data from 3 rd party portal and will deploy it to SharePoint. How to Create BDC solution in SharePoint? I found below link that is having really great description about hot to create and deploy the BDC solution to SharePoint. http://www.c-sharpcorner.com/uploadfile/hung123/creating-business-data-connectivity-service-using-visual-studio-2010/ After creating an POC I came to know that BDC model cannot be deployed on Multi tenant farm. So what can be done next? After some amount of googling I came to know that we can create BDC solution using WCF services also. So I created a WCF service solution that acted as a wrapper that used to fetch data from the portal. We can them publish that service to IIS or Server and use the servic...
2 comments
Read more

Site Design Tasks, Power Automate and Modern Sites

S harePoint Site templates are now replaced with Site designs in Modern Sites. We can create custom site designs using some json script(s). Site Design allows to create lists, create list views, apply theme, customize navigation, create content types, create site columns and so on. Click here to see JSON scheme reference for creating custom site design.  Endpoint to apply site design as a part of flow is as below. _api/Microsoft.Sharepoint.Utilities.WebTemplateExtensions.SiteScriptUtility.AddSiteDesignTaskToCurrentWeb We must use “Send Http Request to SharePoint” action to make an API call to SharePoint. SiteDesignId must be part if body, this is GUID of the SharePoint site design you need to apply. We can line up sequence of calls if we need to apply multiple site designs to a single site. We can now wait for few mins and all our sited designs will get applied or we can also check the status by making another API call with below endpoint. You just need to pass the Apply Desig...
Post a Comment
Read more