How to Configure Form Base Authentication(FBA) in SharePoint Server 2010 Claim based using LDAP


Hello Friends,

It’s been months I haven’t written anything as I was busy with lot of stuff. There are many things to write but starting with topic for which I got many mails from lot of friends through blogs and linked in.

As we all are aware with Claim based in SharePoint 2010 and different option/ways of Authentication( Ldap, Sql, Federation). Claim is the technology of today, In SharePoint 13 Microsoft even removed the Classic  Mode and made it the days of past. Today we will discuss with the form based with LDAP Authentication.

 I will try to provide and exact way to configure Form based authentication in Claim Based Authentication in SharePoint. To enable a form based , web application should be created in Claim based mode only.

Steps:

Creating a Claims based web application using GUI

  • Go to Application Management in Central admin
  • Go to Manage Web Applications and create a new web application
  • In the option select Claims Based Authentication mode

web app creation1-Ashish Banga

  • In claim authentication types select Enable Windows Authentication and select NTLM
  • In authentication type section for  form based configuring select Enable ASP.NET Membership provider name.

    Note: Membership provider and Role manager name which you provide in this section will be used in everywhere for web config and enabling it. So give it properly and note it for reference.

  • Click on “OK” button to create the web application.
    web app creation2-Ashish Banga
  • web app creation3-Ashish Banga web app creation4-Ashish Banga
  • Now everybody knows web application is nothing until and unless there is at least a single site collection in it. So first create a site collection for it.
  • Go to CA, Application Management, Create site collections
  • Select the appropriate web application
  • Create a site collection with adding appropriate entries .
  • Now the task remain is to modify different web config files and adding user policy for the web application.
Modifying Web.Config files for the FBA web application , Central Administration and Secure Token Service

Note: All the web config entries for copying are provided at end of blog:

In the below web configs (for all ) 3 entries need to be added as per your entry:
1) one for Membership provider and Role manager name
2) Server name
3) Group Container. If you have access to AD you can find the container easily. Go to the AD . Select a user or a group in the container

AD1-Ashish Banga

AD2-Ashish Banga

Modifying web.config of the web application

  • Open the web.config file  of claim based web application’s
  • Find the <membership> entry. There should be only one membership entry and modification should be done in that only. Duplicity will give error.
  • Put the below XML directly under <Providers> entry
    webconfig-WP1-Ashishbanga
  • Find the <roleManager> entry.
  • Put the below XML directly under <Providers> entry.
    webconfig-WP2-Ashishbanga
  • Put the below entry in the People Picker Wildcards entry
    people picker-Ashishbanga

Modifying web.config of the Central Administration site

  • Open web.config file of  Central Administration site
  • Find the <system.web> entry
  • Put the following XML directly below it
    webconfig-CA-Ashishbanga
  • Put the below entry in the People Picker Wildcards entry
    people picker-Ashishbanga                            

 

Modifying web.config of the Security Token Service (STS) in 14 Hive

  • Open the web.config file  of Security Token Service (STS)
  • Find the </system.net> entry
  • Below full entry need to be added directly below </system.net> entry
    webconfig-secure store-Ashishbanga

Note: If you more than one SharePoint servers hosting Central Administration or the claims based web application then all web config entries need to be changed in all SharePoint servers.

Add a user policy to the web application

  • Go to CA, Application Management, Manage Web Applications
  • Highlight the claims based web application
  • Click on User Policy and select Add Users link
  • Click the Address Book icon. Type the login name to search. There will be two entries for same name one of AD and other for LDAP
  • Select the account from form authentication one in the User section and click the Add button
  • Give the Full Control access by checking that box. then click the Finish button
    LDAP1-Ashish Banga
    LDAP2-Ashish Banga

Now is the time for testing:

Open your web application in the browser. If all things are done fine. It will open like this:

Claim Based application1-Ashish Banga

Now click on sign in:

Claim Based application2-Ashish Banga

Now Your form based authenticated site will open for you:

Claim Based application3-Ashish Banga

Web config entries


Membership entry:
         <add name=”LdapMember” type=”Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” server=”server2008.ashish.com” port=”389″ useSSL=”false” userDNAttribute=”distinguishedName” userNameAttribute=”sAMAccountName” userContainer=”OU=CLAIM,DC=ASHISH,DC=COM” userObjectClass=”person” userFilter=”(ObjectClass=person)” scope=”Subtree” otherRequiredUserAttributes=”sn,givenname,cn” />

Role provider entry:
<add name=”LdapRole” type=”Microsoft.Office.Server.Security.LdapRoleProvider,  Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” server=”server2008.ashish.com” port=”389″ useSSL=”false” groupContainer=”OU=CLAIM,DC=ASHISH,DC=COM” groupNameAttribute=”cn” groupNameAlternateSearchAttribute=”samAccountName” groupMemberAttribute=”member” userNameAttribute=”sAMAccountName” dnAttribute=”distinguishedName” groupFilter=”(ObjectClass=group)” userFilter=”(ObjectClass=person)” scope=”Subtree” />

People picker entry:
<PeoplePickerWildcards>
<clear />
<add key=”AspNetSqlMembershipProvider” value=”%” />
<add key=”LdapMember” value=”*”/>
<add key=”LdapRole” value=”*”/>
</PeoplePickerWildcards>

Role Manager key for CA:
<roleManager enabled=”true” defaultProvider=”AspNetWindowsTokenRoleProvider” >

Hope I was able to describe the content correctly based on my knowledge and learning.

If you liked this post, do like on Facebook at :https://www.facebook.com/Ashishsharepointblog

Feel free to Rate and provide feedback if you find post useful

Hope this help
Ashi

This entry was posted in SharePoint2010, SQLServerPedia and tagged , , , , , , , , , , , , , , , , . Bookmark the permalink.

8 Responses to How to Configure Form Base Authentication(FBA) in SharePoint Server 2010 Claim based using LDAP

  1. javni says:

    Hi, i believe that i can enhance my knowledge from your blogs.I suppose its awesome to use some of your concepts!!

  2. jenny says:

    Very good article. I absolutely love this website.
    Keep writing!

  3. Eric says:

    We have configured our web.config files (CA,WFE,STS) using the above codes (chaging the attributes to match our environment) and we are getting an authorization error when we try to login in. The only thing we did not do was the people picker, would this cause someone who is in LDAP to get a failed login?

    • ashishbanga says:

      Hello Erock,

      Apology, for reply after so many days.
      As per the blog if you follow the actual steps , you will not get even a single error. secondly kindly recheck the web config and the naming convention for LDAPROLE and LDAPMEMBER which is very important.As the name you have given while creating the webapp should be used everywhere.

      You can send me the screenshot of the error. I will reply you back with possible solution.

  4. narendra says:

    Hi ,

    I have done the ldap forms authentication for sharepoint 2010 as followed by above steps.

    But i am not able to login. i am getting the bellow error.

    The server could not sign you in. Make sure your user name and password are correct, and then try again

  5. Anirudh says:

    Hello Ashish,

    I have been looking your blogs from couple of months . i got so many help with your concepts and way to presenting.

    You are awesome on the path of explaining things to audience.

    Keep it up and Thanks.

    Anirudh

  6. Devika Katju says:

    Remarkable things here. I’m very happy to peer your post. Thanks a
    lot and I’m having a look forward to contact you.
    if you have any recommendations or techniques for new blog owners please share.
    I know this is off subject however I just wanted to ask.
    Cheers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s