/
2
Configure Forms-Based Authentication using Active Directory Membership Provider in SharePoint 2010
In this post, I am going to explain you how to configure forms-based authentication using active directory membership provider.
First, let’s create a web application. Go to Central Administration
Click New from the ribbon to create a new web application
Under Claims Authentication Types, Check ‘Enable Forms Based Authentication (FBA)’ check box and enter membership provider name in ASP.NET Membership provider name text box.
Membership provider name is user defined and can be anything. Here, I am using ‘ADMembershipProvider’. This name will be used at the time of modifying web.congif’s.
In order to configure FBA, we need to modify web.config of
1) Central Administration
2) Security Token Service Application and,
3) Your Claims based web application
Warning: Take a backup of above mentioned web.configs before modifying.
1)Open SharePoint Central Administration web.config in your favorite editor. Find </configSections> and add the following below it.
To know your connection string, open ‘Active Directory Users and Computers’ in ‘Administrative Tools’.
In the console tree, right click the domain object -> All Tasks -> Resultant Set Of Policy (Planning)…
Click the browse button next to Container under User information and select the container. This will get you the container path.
Enter the user name and password and click Sign In
And, now you are done
First, let’s create a web application. Go to Central Administration
Click on Manage web applications under Application Management
Select Claims Based Authentication under Authentication Category of Create New Web Application Dialog.
Membership provider name is user defined and can be anything. Here, I am using ‘ADMembershipProvider’. This name will be used at the time of modifying web.congif’s.
Click OK.
In order to configure FBA, we need to modify web.config of
1) Central Administration
2) Security Token Service Application and,
3) Your Claims based web application
Warning: Take a backup of above mentioned web.configs before modifying.
1)Open SharePoint Central Administration web.config in your favorite editor. Find </configSections> and add the following below it.
<connectionstrings> <add connectionstring="LDAP://domain1.com/CN=Users,DC=domain1,DC=com" name="ADConnectionString" /> </connectionstrings>
To know your connection string, open ‘Active Directory Users and Computers’ in ‘Administrative Tools’.
In the console tree, right click the domain object -> All Tasks -> Resultant Set Of Policy (Planning)…
Click the browse button next to Container under User information and select the container. This will get you the container path.
Now, your connection string will be like LDAP://domain object/container path
Next, find <PeoplePickerWildcards> and replace its content with the following
Next, find <membership> and replace its content with the following
<clear /> <add key="AspNetSqlMembershipProvider" value="%" /> <add key="ADMembershipProvider" value="%" />
Next, find <membership> and replace its content with the following
<providers> <add attributemapusername="sAMAccountName" connectionstringname="ADConnectionString" enablesearchmethods="true" name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers>
2) Open Security Token Service Application web.config. Find </system.net> and add the following below it.
3) Now, open your claims based web application web.config
Find </configSections> and add the following below it.
Next, find <PeoplePickerWildcards> and replace its content with the following
Next, find <membership defaultProvider="i"> and replace its content with the following
Now, let’s create site collection for the previously created web application
1) Set the title for the site collection
2) Under Primary Site Collection Administrator category, Click
and search for the active directory user.
Select the user under Form Auth category of Select People dialog and click OK.
3) Click OK to finish site collection creation.
Now, browser the web application and select Forms Authentication
<system.web>
<membership defaultProvider="i">
<providers>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName"/>
</providers>
</membership>
</system.web>
<connectionStrings>
<add name ="ADConnectionString" connectionString="LDAP://domain1.com/CN=Users,DC=domain1,DC=com" />
</connectionStrings>
3) Now, open your claims based web application web.config
Find </configSections> and add the following below it.
<connectionStrings> <add name ="ADConnectionString" connectionString="LDAP://domain1.com/CN=Users,DC=domain1,DC=com" /> </connectionStrings>
Next, find <PeoplePickerWildcards> and replace its content with the following
<clear />
<add key="AspNetSqlMembershipProvider" value="%" />
<add key="ADMembershipProvider" value="%" />
Next, find <membership defaultProvider="i"> and replace its content with the following
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName" />
</providers>
Now, let’s create site collection for the previously created web application
1) Set the title for the site collection
2) Under Primary Site Collection Administrator category, Click
and search for the active directory user. Select the user under Form Auth category of Select People dialog and click OK.
3) Click OK to finish site collection creation.
And, now you are done
Enjoy this article?
Subscribe to:
Post Comments (Atom)
About Me
Subscribe
Posts
Comments
Hi. Thanks for this great post. It will really help many people.
There is a problem. I followed your steps but when I create site collection and click "Select People dialog" for "Primary Site Collection Administrator category" and type my active directory registered user name, I DO NOT get two instances of the user. In fact when I select "Active Directory" option from the left column and then search for the user, it appears in search. When I select "Forms Auth" from the left column and search, I get NOTHING, Please help.
hi KASHAN AHMED, do you resolve your error ?