SharePoint 2016: Forms Based Authentication – Part 4

In the previous article SharePoint 2016: Forms Based Authentication – Part 3 of this series on implementing FBA with SharePoint we saw the execution of Step 5 for the process.

In this last article of this series we are going to see the execution of Step 6 & 7 and for the sake of quick review I am putting up the process diagram again in here.

Process Diagram

1

Step 6: Add External Users

  • Go to IIS
  • Select the Web Application on the left navigation pane
  • Click on “.Net Users” on the right section

2

Sometimes you might encounter the following error, this happens because the Default Provider is not set at the time you are trying to Add Users

3

In order to set the default provider you need to click on the “Set Default Provider” link under Actions Pane on the right

4

Select the membership provider as we configured in the earlier steps

5

Now you can add the users.

Click on the “Add” Link under the Actions Pane

6

Adding user information as needed

7

Click “Next”

8

Click “Finish”

And we can see the first FBA user in our system

9

Step 7: Test Forms Based Authentication

Browse the Web Application Via browser

We can see the Selection Window for the choosing the preferred Authentication mechanism

10

Let’s choose Windows Authentication first since we did not give explicit permissions to the FBA User yet, that is why system won’t allow the user to login to the SharePoint Site.

11

And being a authenticated Windows User we are good to go and able to see the Web Application Home Page

Then click on “Site Settings”

12

Click on “People and groups”

13

Click on “Add Users” to add new user to the desired security group.

In here I am adding new user to the Members Groups.

14

Type the name of the FBA user that you have added

In here the FBA User name is “FBAUser”

15

Share the site with FBA user

16

We can see the FBA User added to the Group

17

Now when we are going to browse the Web Application and go with Forms Based Authentication

Choosing this setting will present default login page as we selected in the earlier steps while enabling Web Application with FBA.

Enter FBA user name & password

18

And since we granted the permission to this FBA User in the SharePoint Site, SharePoint allows you to login to the site using FBA user credentials.

19

That is all for this series.

Hope you find it helpful.

Advertisements

SharePoint 2016: Forms Based Authentication – Part 3

In the previous article SharePoint 2016: Forms Based Authentication – Part 2 of this series on implementing FBA with SharePoint we saw the execution of Steps 3 & 4 for the process.

In this article we are going to see the execution of Step 5 and for the sake of quick review I am putting up the process diagram again in here.

Process Diagram

1

Step 5: Configure Authentication Provider

In this step we will associate the Membership Provider with the Web Application that we want to enable with Form Based Authentication

  • Go to Central Administration
  • Click on Manage Web Application

2

  • Select the Web Application
  • Click on “Authentication Providers” link in the ribbon bar

3

  • Click on the Zone “Default”

4

On the Authentication Provider Screen

  • Check “Enable Forms Based Authentication (FBA)”
  • Specify the Membership Provider Name “SPMembership” that we configured previously
  • Specify the Role Manager Name “SPRoles” that we configured previously

5

Under “Sign In” Page Section you can choose to configure a Custom Sign Page if you need or you can proceed with Default Sign Page provided by SharePoint OOB.

In this case I am going along with Default Sign Page offered by SharePoint OOB.

6

That is it for this part of the demo.

I will see you guys in the next article covering Steps 6 & 7 as follows-

SHAREPOINT 2016: FORMS BASED AUTHENTICATION – PART 4

Hope you find it helpful.

 

SharePoint 2016: Forms Based Authentication – Part 2

In the previous article SharePoint 2016: Forms Based Authentication – Part 1 of this series on implementing FBA with SharePoint we saw the execution of Steps 1 & 2 for the process.

In this article we are going to see the execution of Steps 3 & 4 and for the sake of quick review I am putting up the process diagram again in here.

Process Diagram

1

Step 3: Configure IIS

  • Start IIS Manager with Admin rights

2

  • Select IIS Server Name on the left navigation
  • Click on the “Connection Strings”

3

  • Click on Add

4

  • On the “Add Connection String” Screen
  • Enter name of Connection String
  • Enter SQL Server Instance Name
  • Enter Database Name
  • Verify the Connection String and make sure it is correctly build up

5

Once done with the process we can see to the Connection String created

6

Select IIS Server Name on the left navigation and Click the “Providers”

7

  • Select Feature “.Net Roles” from the dropdown
  • Click Add

8

  • On the “Add Provider”
  • Select Type as “SqlRoleProvider”
  • Enter Name as appropriate
  • Enter Connection String Name as appropriate
  • Enter Application Name as “/”
  • Click OK

9

  • Select Feature “.Net Users” from the dropdown
  • Click Add

10

  • On the “Add Provider” Screen
  • Select Type as “SqlMembershipProvider”
  • Enter Name as appropriate
  • Configure behavior of the Membership Provider
  • Choose Connection String Name we created earlier under Data Section
  • Scroll down to configure more settings

11

Enter “/” as Application Name under General Section

12

  • Expand the Web Application from the left navigation
  • Click on the “Providers” from the right hand side

13

Configure “Providers” (Roles & Membership Providers) as shown above since the steps are exactly same so I am not repeating it.

I am putting up the screen shots here for your quick reference

1415161718

Step 4: Modify Web.Config

In the IIS select the Web Application that you want to implement with FBA

  • Click on “Explore”

19

This will open the Virtual Directory for the Web Application

Edit the Web.Config file for the Web Application using Visual Studio

20

Now locate “PeoplePickerWildcards” Section as shown below

21

Specify the name of membership provider “SPMembership” that we have configured in steps above

22

With this we are all done for this demo.

In this article we have covered Step 3 & 4. We will look for Step 5 in upcoming article on Configuring FBA for SharePoint as follows-

SHAREPOINT 2016: FORMS BASED AUTHENTICATION – PART 3

Stay tuned.:)

SharePoint 2016: Forms Based Authentication – Part 1

Form Based Authentication (FBA) is one of the Authentication Mode supported by SharePoint that allows us to implement our own authentication mechanism and helps to extend a SharePoint Site for Non-Active Directory (AD) Users.

While SharePoint default installation employs Active Directory to query User Profiles and to authenticate the Users using Windows Authentication, FBA uses the custom database hosted in conjunction with AD to store User’s Credentials and the authentication in this case takes place using database query to the FBA Custom Database for FBA User Profiles.

FBA becomes really important when it comes to the requirements where we need to expose SharePoint to outer world. For example: Sharing documents with your Clients and Vendors or else.

In this article we will see to all the steps involved in implementing FBA with SharePoint and we can depict the process as per the Process Diagram below-

Process Diagram

1

Step 1: Provision Web Application

In order to start with implementing FBA we need a Web Application and Site Collection hosted inside it. I have created both Web Application & a Site Collection using SharePoint UI.

23

Step 2: Provision Membership Database

In order to provision Membership Database for storing user credentials Microsoft has been provided with a utility “aspnet_regsql.exe”.

In order to execute this utility we follow the below steps:

  • Launch SharePoint 2016 Management Shell
  • Run the following commands:

CD \Windows\Microsoft.Net\Framework64\v4.0.30319

          .\aspnet_regsql

4

Once we execute the commands above the Database Configuration wizard come up

  • Click Next on Welcome Screen

5

  • Choose “Configure SQL Server for application services” on the Setup Option Screen
  • Click Next

6

  • Enter database details on Server and Database Selection Screen
  • Enter SQL Database Server Name

You can specify the database name or leave it as default which will create a database by the name “aspnetdb”

7

  • On the confirmation Page you can see the Database Server Name and Database Name as well that is going to be provisioned
  • Click Next

8

This will provision the Membership Database to SQL Server

  • Click Finish on the completion screen

9

Now in order to verify if Membership Database has been created successfully or not and to allow requirement permissions for SharePoint Admin account.

Note: Granting permission explicitly on “aspnetdb” is necessary for SharePoint Admin Account as this is just a SQL Server Database with SharePoint having no knowledge of it. So by default SharePoint Admin Account won’t be allowed to get access to this database.

  • Login in to SQL 2014 Management Studio

10

  • Expand the Database Node and see for “aspnetdb” database

11

In order to grant permissions to the SharePoint Farm Account which is “Prashant\Administrator” in here follow the steps below:

  • Expand the Security Node
  • Expand the Logins Node
  • Locate the account you want to grant permissions
  • Right Click it
  • Select Properties

12

  • On the Account Properties Screen Select “User Mapping”

13

  • Select the “aspnetdb” Database
  • Select “db_owner” Role
  • Click OK to save the changes to SQL Server

14

With this we are all done for this demo.

In this article we have covered Step 1 & 2. We will look for Step 3 & 4 in upcoming article on Configuring FBA for SharePoint as follows-

SHAREPOINT 2016: FORMS BASED AUTHENTICATION – PART 2

Stay tuned. 🙂