Skip to main content

Configure a SharePoint 2013 Web Application with Forms Based Authentication [ FBA ] with a LDAP membership provider

Dear All
The below post is a authenticated version of Form Based Authentication (FBA) in SharePoint 2013


Here we  go...

This blog article provides a step-by-step guide with screenshots on how to configure a new Web Application with Forms Based Authentication (FBA) using a LDAP membership provider. While the steps are described in TechNet article http://technet.microsoft.com/en-us/library/ee806890%28v=office.15%29.aspx , when it comes to put them in practice you might stumble across difficulties, where this blog comes to your assistance Enjoy!

Summary:


  1. Create a new user in Active Directory.
  2. Create a new Web Application in Central Administration that uses forms-based authentication.
  3. Configure the web.config files.
  4. Create a new site collection for the new created Web Application and add the FBA user as site collection administrator.
  5. Browse to the new created site and test the functionality.

1. Create a new user in Active Directory

I named the user ‘fbaadmin’ and placed it in an organization unit called FBA’.

2. Create a new Web Application in Central Administration that uses forms-based authentication.


a. Browse to Central Administration > Application Management > Manage Web Applications and click ‘New’.

b. Type in a port number (e.g. 1100) and check the boxes next to “Enabled Windows Authentication | Integrated Windows authentication | NTLM” and “Enabled Forms Based Authentication (FBA)”.

c. Type in a name for the “ASP.NET Membership provider name” (I named it ‘membership’) and for the “ASP.NET Role manager name” (I named it ‘rolemanager’).



d. Click OK to create the Web Application. 

3. Configure the web.config files for:

a. Central Administration

b. Security Token Service

c. The new Web Application created


a. To configure the Central Administration web.config file

i. Open IIS Manager via Start > Run > inetmgr.

ii. In the console tree, open the server name, and then Sites.

iii. Right-click the SharePoint Central Administration v4 site, and then click Explore.

iv. In the folder window, double-click the web.config file.

v. In the <Configuration> section, find the <system.web> section and add the following example entry

 <membership defaultProvider="AspNetSqlMembershipProvider">
      <providers>
        <add name="membership"
             type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
             server="contosodc.contoso.com"
             port="389"
             useSSL="false"
             userDNAttribute="distinguishedName"
             userNameAttribute="sAMAccountName"
             userContainer="OU=FBA,DC=contoso,DC=com"
             userObjectClass="person"
             userFilter="(ObjectClass=person)"
             scope="Subtree"
             otherRequiredUserAttributes="sn,givenname,cn" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
      <providers>
        <add name="roleManager"
             type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
             server="contosodc.contoso.com"
             port="389"
             useSSL="false"
             groupContainer="DC=contoso,DC=com"
             groupNameAttribute="cn"
             groupNameAlternateSearchAttribute="samAccountName"
             groupMemberAttribute="member"
             userNameAttribute="sAMAccountName"
             dnAttribute="distinguishedName"
             groupFilter="((ObjectClass=group)"
             userFilter="((ObjectClass=person)"
             scope="Subtree" />
      </providers>
    </roleManager>

"Very Important" 
Note: you have to substitute the yellow highlighted parts with the information specific to your environment, as follows:

· For server you need the FQDN of your domain controller (in my case it is ‘contosodc.contoso.com’)
· For userContainer you need the distinguished name of your user container – you can find it on the Domain Controller > Active Directory Users and Computers > ‘your domain’ > right click on the corresponding OU and switch to the ‘Attribute Editor’ tab:



· The name of your role manager in <add name="roleManager".

· For groupContainer you need the distinguished name of your group container – you can find it on the Domain Controller > Active Directory Users and Computers > right click on ‘your domain’ and switch to the ‘Attribute Editor’ tab:

b. To configure the Security Token Service web.config file

i. In the console tree of Internet Information Services (IIS) Manager, open the SharePoint Web Services site.

ii. In the console tree, right-click SecurityTokenServiceApplication, and then click Explore.

iii. In the folder window, double-click the web.config file.

iv. In the <Configuration> section, create a new <system.web> section and add the following example entry:

<membership>
      <providers>
        <add name="membership"
             type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
             server="contosodc.contoso.com"
             port="389"
             useSSL="false"
             userDNAttribute="distinguishedName"
             userNameAttribute="sAMAccountName"
             userContainer="OU=FBA,DC=contoso,DC=com"
             userObjectClass="person"
             userFilter="(&amp;(ObjectClass=person))"
             scope="Subtree"
             otherRequiredUserAttributes="sn,givenname,cn" />
      </providers>
    </membership>
    <roleManager enabled="true" >
      <providers>
        <add name="rolemanager"
             type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
             server="contosodc.contoso.com"
             port="389"
             useSSL="false"
             groupContainer="DC=contoso,DC=com"
             groupNameAttribute="cn"
             groupNameAlternateSearchAttribute="samAccountName"
             groupMemberAttribute="member"
             userNameAttribute="sAMAccountName"
             dnAttribute="distinguishedName"
             groupFilter="(&amp;(ObjectClass=group))"
             userFilter="(&amp;(ObjectClass=person))"
             scope="Subtree" />
      </providers>
    </roleManager>

Note: you have to substitute the yellow highlighted parts with the information specific to your environment, as described above at point 3.a.v.

c. To configure the new web application’s web.config file

i. In the console tree of Internet Information Services (IIS) Manager, right-click the site that corresponds to the name of the web applications that you just created, and then click Explore.

ii. In the folder window, double-click the web.config file.

iii. In the <Configuration> section, find the <system.web> section.

iv. Find the <membership defaultProvider="i"> section and add the following example entry to the<Providers> section:

 <add name="membership"
        type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
        server="contosodc.contoso.com"
        port="389"
        useSSL="false"
        userDNAttribute="distinguishedName"
        userNameAttribute="sAMAccountName"
        userContainer="OU=FBA,DC=contoso,DC=com"
        userObjectClass="person"
        userFilter="(&amp;(ObjectClass=person))"
        scope="Subtree"
        otherRequiredUserAttributes="sn,givenname,cn" />
Note: you have to substitute the yellow highlighted parts with the information specific to your environment, as described above at point 3.a.v.

v. Find the <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> section and add the following example entry to the <Providers>section:

<add name="roleManager"
        type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
        server="contosodc.contoso.com"
        port="389"
        useSSL="false"
        groupContainer="DC=contoso,DC=com"
        groupNameAttribute="cn"
        groupNameAlternateSearchAttribute="samAccountName"
        groupMemberAttribute="member"
        userNameAttribute="sAMAccountName"
        dnAttribute="distinguishedName"
        groupFilter="(&amp;(ObjectClass=group))"
        userFilter="(&amp;(ObjectClass=person))"
        scope="Subtree" />

Note: you have to substitute the yellow highlighted parts with the information specific to your environment, as described above at point 3.a.v.

After you have done all changes in the web.config files, save and close the files.


4. Create a new site collection for the new created Web Application and add the FBA user as site collection administrator


a. Browse to Central Administration > Application Management > Create site collection.

b. Choose the Web Application which you have created at step 2.

c. Add a Title for the site, e.g. rootsite.

d. In the Primary Site Collection Administrator click on the symbol and search for the user name created at step 1.

Select the user found under “Forms Auth” and click OK.



The settings for the new site collection will look like this (I added also a secondary site collection administrator):




5. Browse to the new created site and test the functionality.

If you have selected both Windows NTLM and FBA authentication, you will get a dropdown menu where you can choose between the 2 authentication mechanisms:







That's it

Regards
3art Technology Experts
http://www.3art.tech
Labels:

Comments

Post a Comment

Popular posts from this blog

Content Query Webpart Template In SharePoint 2013 and add new column in it

Dear All, Here is the easiest way to make add custom column under your content query web part and then you can format it as you want. Step 1:  Open Sharepoint design Step 2:  Open site for sharepoint parent site collection Step 3:  Locate the following folder Style Library > XLS Style Sheets Step 4:  Open "ItemStyle.xsl"  file Add the custom style sheet as you want <xsl:template name="[Your Style Name]" match="Row[@Style='[Your Style Name]']" mode="itemstyle">                                                   <xsl:param name="CurPos" />                                                     <xsl:variable name="SafeLinkUrl">                                                       <xsl:call-template name="OuterTemplate.GetSafeLink">                                                         <xsl:with-param name="UrlColumnName" select="'LinkU
1 comment
Read more

SharePoint: A Complete Guide to Getting and Setting Fields using C#

Original article https://social.technet.microsoft.com/wiki/contents/articles/21801.sharepoint-a-complete-guide-to-getting-and-setting-fields-using-c.aspx Introduction This article demonstrates how to set and get the various SPField types for a SharePoint list using C#. The examples demonstrated set and get fields from an item that belongs to a custom list. The custom list contains a number of fields, and all the fields are named based on the type of field they are. For example, there is a Text field, which has been named, textfield. This is depicted in the following picture:   Applies To The examples demonstrated below are tested with and apply to the following versions of SharePoint: SharePoint 2010 SharePoint 2013 Get the List, and the first SPListItem This is the basic code for getting an item. If the list has at least one item, the first item is retrieved, otherwise a new item is created. var web = SPContext.Current.Site.RootWeb; var list = web.Lists.Try
Post a Comment
Read more

Updatepanel or Enable Ajax in SharePoint webpart

Dear All It is really giving me a hard to get this techniques if you want to run the update panel in sharepoint 2013 webpart then you need to initialize the script manage by code   protected override void OnInit(EventArgs e)         {             base.OnInit(e);             InitializeControl();             // Register the ScriptManager             ScriptManager scriptManager = ScriptManager.GetCurrent(this.Page);             if (scriptManager == null)             {                 scriptManager = new ScriptManager();                 scriptManager.ID = "ScriptManager1";                 scriptManager.EnablePartialRendering = true;                 Controls.AddAt(0, scriptManager);             }         } In ascx page you need to add the following  <asp:UpdateProgress ID="UpdateProgress1" runat="server">     <ProgressTemplate>         <h1>Your progress value</h1>     </ProgressTemplate> </asp:U
23 comments
Read more