Thursday, 16 February 2012

Form Based Authentication in SharePoint 2010

Form Based Authentication

we need to change three web.config values
1)Central Admin
2)STS Web.Config
3)Clams Web application Web.Config

Create a new web application
  • Go to Central Administration
  • Go to Application Management
  • Click on Manage Web Applications
  • Click New
  • Select Claims Based Authentication
  • Identity Providers
         * Check the Enable Windows Authentication box or you won’t be able to crawl the site
         * Check the Enable ASP.NET Membership and Role Provider checkbox
              * In the Membership provider name edit box, type SqlMember
              * In the Role provider name edit box, type SqlRole
    • Create a new site collection
    • Go to Central Administration
    • Go to Application Management
    • Click Create site collections
    • Select the newly created web application
    • Fill in a name and select a template
               Configure the Membership Provider and Role Manager.
  • On SharePoint 2010 server open the command prompt.
  • Navigate to C:\Windows\Micrsooft .Net\Framework64\v2.0.50727
  • Run “aspnet_regsql.exe”. This will open ASP .Net SQL Server Setup wizard. On this click on NEXT.

  • Click on “Configure SQL Server for Application Services”.

  • Specify the Database name. If you don’t specify the database name then it will create a database call aspnetdb



      • Adjust the web.config of the Central Administration site
      • Open the Central Administration site's web.config file
      • Find the </configSections> entry
      • Paste the following XML directly below it 
      <connectionStrings>
   <clear />
   <add name="AspNetSqlMembershipProvider"
 connectionString="data source=sql.sharepoint.com;Integrated Security=SSPI;Initial Catalog=aspnetdb" 
 providerName="System.Data.SqlClient" />
</connectionStrings>
      • Find the <system.web> entry
      • Paste the following XML directly below it 
      <roleManager enabled="true" 
   cacheRolesInCookie="false" 
   cookieName=".ASPXROLES" 
   cookieTimeout="30" 
   cookiePath="/" 
   cookieRequireSSL="false" 
   cookieSlidingExpiration="true" 
   cookieProtection="All" 
   defaultProvider="AspNetWindowsTokenRoleProvider" 
   createPersistentCookie="false" 
   maxCachedResults="25">
   <providers>
      <clear />
      <add connectionStringName="AspNetSqlMembershipProvider" 
         applicationName="/" 
         name="SqlRole" 
         type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      <add applicationName="/" 
         name="AspNetWindowsTokenRoleProvider" 
         type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   </providers>
</roleManager>

<membership defaultProvider="SqlMember" 
   userIsOnlineTimeWindow="15" hashAlgorithmType="">
   <providers>
      <clear />
      <add connectionStringName="AspNetSqlMembershipProvider" 
         enablePasswordRetrieval="false" 
         enablePasswordReset="true" 
         requiresQuestionAndAnswer="true" 
         passwordAttemptWindow="10" 
         applicationName="/" 
         requiresUniqueEmail="false" 
         passwordFormat="Hashed" 
         name="SqlMember" 
         type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   </providers>
</membership>
      • Double check whether the <membership> and <rolemanager> entries only exist ones. Delete any double entries.
      • Paste the following XML below the <PeoplePickerWildcards> entry 
      <clear />
<add key="AspNetSqlMembershipProvider" value="%" />
<add key="SqlMember" value="%"/>
<add key="SqlRole" value="%"/>
      Adjust the web.config of the Security Token Service (STS) virtual directory NB: you will need to make the changes to the Security Token Service virtual directory on each server hosting either Central Administration or the claims based web application
      • Open the Security Token Service (STS) virtual directory's web.config file
      • Find the </system.net> entry
      • Paste the following XML directly below it 
      <connectionStrings>
   <clear />
   <add name="AspNetSqlMembershipProvider"
 connectionString="data source=sql.sharepoint.com;Integrated Security=SSPI;Initial Catalog=aspnetdb" 
 providerName="System.Data.SqlClient" />
</connectionStrings>
      • Add a <system.web> entry directly below the </connectionStrings>
      • Paste the following XML directly below the <system.web> entry 
      <membership>
   <providers>
     <add connectionStringName="AspNetSqlMembershipProvider" 
        enablePasswordRetrieval="false" 
        enablePasswordReset="true" 
        requiresQuestionAndAnswer="true" 
        passwordAttemptWindow="10" 
        applicationName="/" 
        requiresUniqueEmail="false" 
        passwordFormat="Hashed" 
        name="SqlMember" 
        type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   </providers>
</membership>

<roleManager enabled="true">
   <providers>
      <add connectionStringName="AspNetSqlMembershipProvider"
         applicationName="/" 
         name="SqlRole" 
         type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   </providers>
</roleManager>
      • Add a </system.web> entry directly below it
      Adjust the web.config of the claims based web application
      • Open the claims based web application's web.config file
      • Find the </configSections> entry
      • Paste the following XML directly below it 
      <connectionStrings>
   <clear />
   <add name="AspNetSqlMembershipProvider"
 connectionString="data source=sql.sharepoint.com;Integrated Security=SSPI;Initial Catalog=aspnetdb" 
 providerName="System.Data.SqlClient" />
</connectionStrings>
      • Locate the <membership> entry
      • Replace everything from <membership> to </membership> with the following XML 
      <membership defaultProvider="i" 
   userIsOnlineTimeWindow="15" 
   hashAlgorithmType=""> 
   <providers> 
      <clear /> 
      <add connectionStringName="AspNetSqlMemberShipProvider" 
         enablePasswordRetrieval="false" 
         enablePasswordReset="true" 
         requiresQuestionAndAnswer="true" 
         passwordAttemptWindow="10" 
         applicationName="/" 
         requiresUniqueEmail="false" 
         passwordFormat="Hashed" 
         name="SqlMember" 
         type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 
     <add name="i" 
        type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, 
Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> 
   </providers> 
</membership>
      • Locate the <roleManager> entry
      • Replace everything from <roleManager> to </roleManager> with the following XML: 
      <roleManager enabled="true" 
   cacheRolesInCookie="false" 
   cookieName=".ASPXROLES" 
   cookieTimeout="30" 
   cookiePath="/" 
   cookieRequireSSL="false" 
   cookieSlidingExpiration="true" 
   cookieProtection="All" 
   defaultProvider="c" 
   createPersistentCookie="false" 
   maxCachedResults="25"> 
      <providers> 
         <clear /> 
         <add connectionStringName="AspNetSqlMemberShipProvider" 
            applicationName="/" 
            name="AspNetSqlRoleProvider" 
            type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 
         <add applicationName="/" 
            name="SqlRole" 
            type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 
         <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, 
Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> 
   </providers> 
</roleManager>
      • Paste the following XML below the PeoplePickerWildcards entry 
      <clear />
<add key="AspNetSqlMembershipProvider" value="%" />
<add key="SqlMember" value="%"/>
<add key="SqlRole" value="%"/>
      Add a user policy to the web application
      • Go to Central Administration
      • Go to Application Management
      • Click on Manage Web Applications
      • Select the claims based web application
      • Click on User Policy
      • Click on the Add Users link
      • Click the Next button.
      • Click the Address Book icon.
      • Type in the NT login name or account name and click the search button. If it’s working correctly you should see at least two entries for the account – one that is for the user’s Active Directory account, and one that is for that same account but which was found using the LDAP provider.
      • Select the account in the User section and click the Add button
      • Click the OK button
      • Check the Full Control checkbox, then click the Finish button
        Add Users in SQL(need to run the following Query)

    declare @now datetime
     set      @now= GETDATE()
    exec aspnet_Membership_CreateUser '/','sureshec47','Lakshmi47',
    '','rsuresh@kotecso.com','','',1,@now,@now,0,0,null


    EXEC      aspnet_Roles_CreateRole '/', 'Admin'
    EXEC aspnet_UsersInRoles_AddUsersToRoles '/', 'sureshec47', 'Admin', 8


    we will get the users in the SP Central Admin like the following fig
     


    Posted by at

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)