TwitterLinkedInBlog

Monday, March 1, 2010

SP2007 - Forms Based Authentication (FBA)

Frakking FBA! Get Bill Gates in here!

Create the ASP.NET Membership Database:
Win+R > C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe > Next > Configure SQL Server for application services > Next > Server: mossserver, Database: fba_db > Next > Next > Finish

User and Role Creation:
Create a new folder on your desktop called 'FBA Management Site' > VS2008 > File > Open > Website... > [Browse to new folder on desktop] > Open > Website > Add New Item > Web Configuration File > Add

<connectionStrings>
  <add name="FbaConnectionString" connectionString="server=mossserver;database=fba_db;Trusted_Connection=true" />
</connectionStrings>
<system.web>
<membership defaultProvider="FbaMemberProvider">
  <providers>
    <add connectionStringName="FbaConnectionString"
      applicationName="/" name="FbaMemberProvider"
      type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</membership>
<roleManager enabled="true" defaultProvider="FbaRoleProvider">
  <providers>
    <add connectionStringName="FbaConnectionString" applicationName="/"
      name="FbaRoleProvider"
      type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</roleManager>

Website > ASP.NET Configuration > Security tab > Select Authentication Type > From the Internet > Security tab > Create or manage roles > fbaadmins > Security tab > Create user > fbaadmin

Configure Central Administration web.config:
<PeoplePickerWildcards>
  <add key="FbaMemberProvider" value="%" />
</PeoplePickerWildcards>
...
<connectionStrings>
  <add name="FbaConnectionString" connectionString="server=mossserver;database=fba_db;Trusted_Connection=true" />
</connectionStrings>
<system.web>
<membership defaultProvider="FbaMemberProvider">
  <providers>
    <add connectionStringName="FbaConnectionString" applicationName="/" name="FbaMemberProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
  <providers>
    <add connectionStringName="FbaConnectionString" applicationName="/" name="FbaRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</roleManager>

Configure Target Site web.config:
<PeoplePickerWildcards>
  <add key="FbaMemberProvider" value="%" />
</PeoplePickerWildcards>
...
<connectionStrings>
  <add name="FbaConnectionString" connectionString="server=mossserver;database=fba_db;Trusted_Connection=true" />
</connectionStrings>
<system.web>
<membership defaultProvider="FbaMemberProvider">
  <providers>
    <add connectionStringName="FbaConnectionString" applicationName="/" name="FbaMemberProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</membership>
<roleManager enabled="true" defaultProvider="FbaRoleProvider">
  <providers>
    <add connectionStringName="FbaConnectionString" applicationName="/" name="FbaRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</roleManager>

Configure ASP.NET Membership Database:
Verify that the App Pool Identity accounts for Central Administration and the Target Site have at least Read rights to the fba_db database:
SQL Server Management Studio > mossserver > Databases > fba_db > Security > right-click Users > New User... > Login name: [App Pool Identity account], User name: [App Pool Identity account w/out domain] > Database role membership: > check all Role Members with prefix aspnet_

Configure the Zone's Provider:
Central Administration > Application Management > Authentication Providers > [Select Target Web Application] > Default > Authentication Type: Forms, Enable anonymous access: No, Membership Provider Name: FbaMemberProvider, Role manager name: FbaRoleProvider, Enable Client Integration? No > Save

Configure Policy for Target Web Application:
Central Administration > Application Management > Policy for Web Application > Add Users > [Select Target Web Application] > Zones: Default > Next > Users: fbaadmins; fbaadmin, Permissions: Full Control > Finish

Configure Site Collection Administrators:
Central Administration > Application Management > Site Collection Administrators > [Select target web application] > Primary site collection administrator: fbaadmin > OK

Login:
Navigate to the target web application and login as fbaadmin.

Resources:
http://www.simple-talk.com/dotnet/windows-forms/configuring-forms-authentication-in-sharepoint-2007/

http://msdn.microsoft.com/en-us/library/bb975136.aspx

http://www.devcow.com/blogs/jdattis/archive/2007/02/23/Office-SharePoint-Server-2007-Forms-Based-Authentication-FBA-Walkthrough-Part-1.aspx

http://www.devcow.com/blogs/jdattis/archive/2007/03/01/Office-SharePoint-Server-2007-Forms-Based-Authentication-FBA-w-MySites-Walkthrough-Part-2.aspx

http://www.devcow.com/blogs/jdattis/archive/2008/03/10/forms-based-authentication-application-pool-account-permissions.aspx

CKS FBA:
http://cks.codeplex.com/releases/view/17901

No comments: