How to Configure Form Based Authentication in SharePoint 2010?
SharePoint out-of-the-box does not support Classic FBA. SharePoint 2010 by default authenticates user against Active Directory. If you want your SharePoint 2010 website to authenticate user against external data source (like SQL Database, Access Database, etc.) then that can be achieved by configuring Form Based Authentication on SharePoint website. Here, I will explain you – How to configure Form Based Authentication in SharePoint 2010 with MS SQL Server as a back-end.
1. Setup backend Database against which you want to authenticate users of SharePoint 2010 website:
To setup backend database, perform following setups:
1.1. Go to following location: C:\Windows\Microsoft.NET\Framework64\v2.0.50727
1.2. Locate aspnet_regsql.exe file
1.3. Run aspnet_regsql.exe file by double clicking on the same. It shall open a form as displayed in the screenshot. Click on Next button:
1.4. The form prompts you to provide database information – i.e. Database Server, Username, Password and Database Name
[Note: Select the database name if you have already created a blank database. If you have not then provide the name with which you want to create the new database that you want to use].
1.5. Click on Next button. It shall ask you to confirm the settings. Review the details which you have provided and if it is OK then confirm it by clicking on Next button.
1.6. Click on Finish button to complete the process. Once you are done with this process, the database should be created. You can verify the same by connecting to Database server.
2. Create one SQL user and provide permission onto the Database.
To create new SQL user and provide appropriate permission to that user, perform following steps:
2.1. Open SQL Management Studio and connect to database server on which you have created the database
2.2. Go to Security -> Logins tab
2.3. Right click on Logins tab and click/select on New Login option
2.4. On General tab, enter required information as shown in following screen:
2.5. On User Mapping tab, set db_owner as role and default schema as shown in following screen:
2.6. Click on OK button to save the settings. This shall provide appropriate permission to newly created user onto the database. Confirm this once by connecting to database server with newly created user.
3. Create new SharePoint 2010 website from SharePoint Central Admin.
3.1. While creating SharePoint web application, select Authentication Type as Claims Based Authentication.
3.2. Once you have created SharePoint web application, create site collection for that SharePoint website
4. Now, you need to add ASP.NET membership provider and ASP.NET Role provider in configuration file of SharePoint Central Admin, SecurityTokenServiceApplication and SharePoint website (for which you want to configure FBA).
To do so follow steps which I have mentioned below
4.1. Open Internet Information Service (IIS)
4.2. Select Server Node
4.3. Click on ConnectionString Option from right panel:
4.4. Add connection string which points to FBA database as shown in following screen:
4.5. Select SharePoint Central Admin website from left panel and double click on Provider option from left panel as highlighted in following screen:
4.6. Click on Add option from Actions tab in right most corner. It shall open following screen:
4.7. Make sure that .NET Roles is selected in the Features drop down.
4.8. Enter Name [I have entered ‘FBARole’].
4.9. Select connection string of FBA
4.10. Enter / (back slash) as Application Name
4.11. Click on OK button. It should add one provider with the name you provided in the Name field to the list of .NET Roles providers for SharePoint Central Admin website.
4.12. Now, select .NET Users option in Features drop down as shown in following screen:
4.13. Click on Add option from Actions tab in right most corner. It shall open following screen:
4.14. Enter Name [I have entered ‘FBAMembers’].
4.15. Select connection string of FBA
4.16. Enter / (back slash) as Application Name
4.17. Click on OK button. It should add one provider with the name you provided in the Name field to the list of .NET Users providers for SharePoint Central Admin website.
4.18. Click on SharePoint Central Admin website in the left panel and double click on .NET Users option in the right panel as shown in following screen:
4.19. Click on Select Default Provider option from Actions tab in right most corner
4.20. Select your ASP.NET Membership provider name as shown in following screen:
4.21. IIS will try to load users of your selected membership provider. Because you have not added user yet. It will not display any users in the list.
4.22. Click on Add option from Actions tab in right most corner to add one FBA user as shown in following screen:
4.23. Perform steps 4.5 to 4.17 on SecurityTokenServiceApplication and SharePoint website (on which you want to configure FBA)
5. You need to add name of ASP.NET membership provider and ASP.NET role provider to SharePoint website.
To do so follow the steps mentioned below:
5.1. Open SharePoint Central Admin website in browser
5.2. Go to Application Management -> Manage web applications
5.3. Select SharePoint website (on which you want to configure FBA) and click on Authentication Provider from Ribbon as shown in following screen:
5.4. It shall open a popup as shown in following screen. Click on Default link:
5.5. It shall open Edit Authentication. In that go to Claims Authentication Types section, check/enable Enable Forms Based Authentication (FBA) option and enter ASP.NET Membership Provider and ASP.NET Role Provider which you have created in step 4 as shown in following screen. Click on Save button to save the settings.
5.6. Congratulations! FBA is now configured.
6. Now, try to login into the SharePoint website using FBA user which you have created in Step 4 to check FBA configuration. Before that you have to provide permission to that FBA user on that SharePoint website. In my case, I am providing permission to that user to secondary site collection administrator.
To do so, follow steps mentioned below:
6.1. Open SharePoint Central Admin website in browser
6.2. Go to Application Management -> Manage web applications
6.3. Click on Change site collection administrators option under Site Collections
2 thoughts on “How to Configure Form Based Authentication in SharePoint 2010?”
Thank you Kiran,
An excellent article having each and every steps in all possible details.
May you continue to post many more, Bless you sir.
Waiting for your upcoming worthy blogs.
Thanks Bhvesh for your time for reading the article. I really appreciate that. I feel really happy that you like my article. I will continue to contribute towards this blog. Stay tuned.