FBA User Fail to Login

Question

Hi All,

         I upgraded one of the running site of SharePoint 2003 to SharePoint 2010 and  running site has some of users .I had taken the backup of Aspnetdb from sql  2005 and restored it in Sql server 2008 r2 ,Then I configured FBA and in IIS of my web application  i am able to get the roles and users . Finally when I try to login with FBA it is showing me as "SignIn as Different User".Can any one tell me how can I solve this issue

---

Thanks,

Quality Communication Provides Quality Work.

http://siddiq-sharepoint2010.blogspot.in/

Siddiqali Mohammad .

Answer 1

Did you configure the web.config of the Web Application and Central Administration, along with editing the STS web.config?

---

http://sharepoint.nauplius.net

Answer 2

Hi 

 Thanks for your blaze response,I have configure and every thing is fine in all 3 web config files .

---

Thanks,

Quality Communication Provides Quality Work.

http://siddiq-sharepoint2010.blogspot.in/

Siddiqali Mohammad .

Answer 3

Can you provide the relevant configuration sections of your membership/role provider in each of the web.configs?

---

http://sharepoint.nauplius.net

Answer 4

Hi,

    

 Central Admin

 <roleManager>
            <providers>
                <add name="FbaRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBACON" />
            </providers>
        </roleManager>
        <membership>
            <providers>
                <add name="FbaMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBACON" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
            </providers>
        </membership>

----------------------------------------------------------------------------------------------------------

Secure Storage Services

      <roleManager>
            <providers>
                <add name="FbaRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBACON" />
            </providers>
        </roleManager>
        <membership>
            <providers>
                <add name="FbaMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBACON" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
            </providers>
        </membership>

--------------------------------------------------------------------------------------------------------

Web Application

<membership defaultProvider="i">
      <providers>
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
                <add name="FbaMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBACON" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
      </providers>
    </membership>
    <!--     <roleManager cacheRolesInCookie="false" defaultProvider="c" enabled="true"> -->
    <roleManager cacheRolesInCookie="false" defaultProvider="c" enabled="true">
      <providers>
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
                <add name="FbaRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBACON" />
      </providers>
    </roleManager>

---

Thanks,

Quality Communication Provides Quality Work.

Siddiqali Mohammad .

Answer 5

It seems that your "old" users are not allowed to access your SharePoint Site.

Can you try to reassing permission to one of these users and verify if they are allowed to login?

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile

Answer 6

Hi Riccardo,

                 Thank you very much for your response,I assigned one of the fba user as "Secondary Administrator" for web application  in central admin .Then when i entered the credentials it worked out,I also changed the permission levels and tried .But it doesn't worked out ,I will be waiting for your reply

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 7

Open Central Admin then go to application management then manage web applications . Now select your web application & check Authentication Provider and User Policy option for the selected site. I think you need to add your user in User Policy.

---

G Goyal

Answer 8

Hi Mohammad, it's not about permission level, but I think it's about the "internal name" of the users that is not recognized from SharePoint 2010. Take a look to this article about migrating FBA Users from MOSS to SPS2010. http://blogs.technet.com/b/meamcs/archive/2011/03/12/migrate-users-from-forms-based-authentication-in-sharepoint-2007-to-sharepoint-2010-fba-claim-based-authentication.aspx

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile

Answer 9

Hi ,                                                                                                                                                      Thanks for your response , i think this is powershell command .I want to know what is older provider name and new provider name should I specify membership provider or role provider , I acing error as below .Request you to reply me as soon as possible.

---

Thanks,

Quality Communication Provides Quality Work.

Siddiqali Mohammad .

Answer 10

$oldprovidername and $newprovidername refers to Membership Provider.

In order to have a better understanding of the script you're running I suggest to use Powershell ISE or save the script in a .ps1 file and run it from SharePoint Management Shell (http://technet.microsoft.com/en-us/library/ee176949.aspx).

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile

Answer 11

HI 

  Thanks for your response, I get you back as soon as possible

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 12

Hi Riccardo,

         Getting below error 

 PS C:\Users\hosted.sharepoint> D:\fba.ps1
The term 'get-spuser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, ver
ify that the path is correct and try again.
At D:\fba.ps1:9 char:43
+                        $users = get-spuser <<<<  -web $url -Limit ALL
    + CategoryInfo          : ObjectNotFound: (get-spuser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
 
You cannot call a method on a null-valued expression.
At D:\fba.ps1:21 char:50
+                         if( $userlogin.StartsWith <<<< ("i:0#.f|") -or $userlogin.Contains("\") -or $userlogin.Contains("|") )
    + CategoryInfo          : InvalidOperation: (StartsWith:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
 
You cannot call a method on a null-valued expression.
At D:\fba.ps1:31 char:46
+                         $a = $userlogin.split <<<< (":")
    + CategoryInfo          : InvalidOperation: (split:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
 
The term 'Get-SPUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, ver
ify that the path is correct and try again.
At D:\fba.ps1:37 char:42
+                        $user = Get-SPUser <<<<  -web "$url" -Identity "$oldprovidername:$username"
    + CategoryInfo          : ObjectNotFound: (Get-SPUser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
 
The term 'Move-SPUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, ve
rify that the path is correct and try again.
At D:\fba.ps1:39 char:35
+                        Move-SPUser <<<<  -IgnoreSID -Confirm:$false -Identity $user -NewAlias "i:0#.f|$newprovidername|$username"
    + CategoryInfo          : ObjectNotFound: (Move-SPUser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
 
converted user kacstmp: to i:0#.f|FbaMembershipProvider|

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 13

As first line of the script add the following:

Add-PSSnapin Microsoft.SharePoint.Powershell

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile

Answer 14

Hi Riccardo,

                It doesn't worked .And below is the error,Reply me what is the problem in my script

----------------------------------------------------------------------------------------------------------------------------------

 Error

Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At D:\fba.ps1:35 char:74
+                          Move-spuser -IgnoreSID -Confirm:$false -Identity <<<<  $user -NewAlias "i:0#.f|$newprovidername|$username"
    + CategoryInfo          : InvalidData: (:) [Move-SPUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.SharePoint.PowerShell.SPCmdletMoveUser

-----------------------------------------------------------------------------------------------------------------------------------------

 Powershell Script Add-PSSnapin Microsoft.SharePoint.Powershell

$url ="http://host001:38216/sites/MedicationManagers/"

                       $oldprovidername = "fbaMembers"

                       $newprovidername = "FbaMembershipProvider"

                       # get all users in the site, this includes iwindows users

                       $users = get-spuser -web $url -Limit ALL

                       foreach($useriteration in $users)

                       {
                          $a=@()

                         $userlogin = $useriteration.UserLogin

                         # Skip if the user login contains "\" for windows users, and skip also if the user  login starts with "i:0#.f|" which is either new user or already migrated

                        if( $userlogin.StartsWith("i:0#.f|") -or $userlogin.Contains("\") -or $userlogin.Contains("|") )

                           {

                            continue;

                           } 
                         # get the user login name
                         $a = $userlogin.split(":")
                         $username = $a[1] 
                         # perform the actual migration by getting the user and Move the user 
                         $user = get-spuser -web "$url" -Identity "$oldprovidername:$username"
                         Move-spuser -IgnoreSID -Confirm:$false -Identity $user -NewAlias "i:0#.f|$newprovidername|$username"

                        # Log

                        Write-Host "converted user kacstmp:$username to i:0#.f|$newprovidername|$username"

                        }

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 15

It seems that $user is empty. Are you sure about the oldprovidername value?

You can try to comment the "Move-SPUser" cmdlet and add a Write-Host command in order to print the value of $a[0] and $user

Basically change this

$user = get-spuser -web "$url" -Identity "$oldprovidername:$username"
Move-spuser -IgnoreSID -Confirm:$false -Identity $user -NewAlias "i:0#.f|$newprovidername|$username"
 

With this

$user = get-spuser -web "$url" -Identity "$oldprovidername:$username"

Write-Host $a[0], $a[1], $user -nonewline

# Move-spuser -IgnoreSID -Confirm:$false -Identity $user -NewAlias "i:0#.f|$newprovidername|$username"
# Write-Host "converted user kacstmp:$username to i:0#.f|$newprovidername|$username"
 

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile

Answer 16

HI Riccardo,

                Thanks for your patient response,It is showing i.e same error as below.I also specified the connection string of SP 2007 below.Hope you reply or quote me,I will be waiting for your response.

----------------------------------Error

fbamembers advanced Get-SPUser : You must specify a valid user object or user identity.
At D:\fba.ps1:38 char:44
+                          $user = get-spuser <<<<  -web "$url" -Identity "$oldprovidername:$username"
    + CategoryInfo          : InvalidArgument: (Microsoft.Share....SPUserPipeBind:SPUserPipeBind) [Get-SPUser], PSArgumentException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletGetUser

------------------------------

Web Application of SP 2007
-----------------------

<connectionStrings>
    <add name="fbaSQL" connectionString="server=mkspp1;database=aspnetdb;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
  </connectionStrings>
  <system.web>
    <membership defaultProvider="fbaMembers">
      <providers>
        <add connectionStringName="fbaSQL" applicationName="/" name="fbaMembers" type="System.Web.Security.SqlMembershipProvider, System.Web,   Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <add name="fbaRoles" type="System.Web.Security.SqlRoleProvider, System.Web,Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="fbaSQL" applicationName="/" />
      </providers>
    </roleManager>

-----------------------

central admin of SP 2007

------------------------

<connectionStrings>
    <add name="fbaSQL" connectionString="server=mkspp1;database=aspnetdb;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
  </connectionStrings>
  <system.web>
    <membership defaultProvider="fbaMembers">
      <providers>
        <add connectionStringName="fbaSQL" applicationName="/" name="fbaMembers" type="System.Web.Security.SqlMembershipProvider, System.Web,   Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <add name="fbaRoles" type="System.Web.Security.SqlRoleProvider, System.Web,Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="fbaSQL" applicationName="/" />
      </providers>
    </roleManager>
  

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 17

siddiqali,
        Can you look at the aspnetdb database  and see if you have any  users there listed?
Cheers

Answer 18

Hi Patric,

               Thanks for response,Yes I have and I am able to view it in IIS roles and Users.I have written Write-Host to trace the result step by step and getting the user and provider info as below

    UserName Before Split in array is :: fbamembers:vickie wendit
    UserName After Split :: fbamembers vickie wendit
    UserName After getting split array value is :: vickie wendit
    OldProviderName is : fbaMembers
    OlduserName :: vickie wendit

.I am able to get the users name with older provider ,But when it come to below step the variable $User is getting null value .Hope you reply me

$user = Get-SPuser -web "http://host001:38216/sites/MedicationManagers/" -Identity "$oldprovidername:$username" 

 

                                            

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 19

you can try to add a try catch statement to check if this issue is just reltated to "vickie wendit" or to all users.

try {
  $user = get-spuser -web "$url" -Identity "$oldprovidername:$username" -ErrorAction Stop 

Write-Host $a[0], $a[1], $user -nonewline 
} catch {
   Write-Host “Unable to find user: $oldprovidername:$username"
}

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile

Answer 20

Hi Riccardo,

                  Thanks for being back and helping me in solving this issue .As per above exception

I am facing problem for all the users and below is 1 result I am facing

UserNmae Before Split to array is :: fbamembers:wellfount
UserNmae After Split :: fbamembers wellfount
UserNmae After getting split array value is :: wellfount
OldProviderName is : fbaMembers
Unable to find user: wellfount

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 21

Can you post the output (just some example) of the following command?

Get-SPUser -web "http://host001:38216/sites/MedicationManagers" -limit All

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile

Answer 22

Hi Riccardo,

                $users = Get-SPuser -web "http://host001:38216/sites/MedicationManagers/" -Limit All

                       Write-Host "$users"

Shows all the users existing in Site as below.I request you to contact me on siddiqali87@gmail.com if possible

fbamembers:advanced fbamembers:ajfarhoud fbamembers:afarouk fbamembers:ahelleson fbamembers:amy thane fbamembers:anthonypanici fbamembers:aromo fbamembers:barry cook fbamem
bers:bburrough fbamembers:capital fbamembers:one care fbamembers:carlisaacas fbamembers:cecily scott fbamembers:cworz fbamembers:cworz.mm fbamembers:chi nguyen fbamembers:c
moody fbamembers:cicelyscott fbamembers:cindy brashear fbamembers:cletiskoukoulakis fbamembers:collaborative fbamembers:colonial fbamembers:community first fbamembers:compl
ete pharmacy fbamembers:cinman fbamembers:cstiens fbamembers:csolutions fbamembers:cwood fbamembers:ddobek fbamembers:dan seckler fbamembers:dthedford fbamembers:dcousino f
bamembers:dilgin fbamembers:ddrake fbamembers:diversicare fbamembers:don groff fbamembers:donnakonst fbamembers:dlee fbamembers:ericgarcia fbamembers:ericneal fbamembers:es
toute fbamembers:egraves fbamembers:spadmin fbamembers:ginacole fbamembers:glenda fbamembers:hanyboutros fbamembers:rhornberger i:0#.w|mk\hosted.sharepoint MK\hosted.sharep
oint fbamembers:jessica mullin fbamembers:jimcram fbamembers:jcram fbamembers:jhoffman fbamembers:jodi.hoffman fbamembers:jmeyer fbamembers:julie shiver fbamembers:klammers
 fbamembers:kdroz fbamembers:karendroz fbamembers:kjohnson fbamembers:karla roberts fbamembers:keith fbamembers:kbasinger fbamembers:kengeorge fbamembers:kingston fbamember
s:ltolliver fbamembers:lifeline fbamembers:lonestar fbamembers:lyndsiwhite fbamembers:manorcare fbamembers:mapleknoll fbamembers:mhiggins fbamembers:max fbamembers:mventure
s fbamembers:msimon fbamembers:meritel.helpdesk fbamembers:test22 fbamembers:mcuesta fbamembers:mdonohue fbamembers:mike miller MKSPP1\administrator MKSPP1\cworz.mm fbamemb
ers:mkv rx MOSS2007\Administrator fbamembers:multiscript fbamembers:nanettewrobel fbamembers:nat capital i:0#.f|fbamembershipprovider|national fbamembers:national fbamember
s:nat multiscript fbamembers:new day fbamembers:nikkiskelnik fbamembers:nkinross fbamembers:norb.kinross NT AUTHORITY\authenticated users NT AUTHORITY\LOCAL SERVICE fbamemb
ers:nuscript fbamembers:omnilife fbamembers:palrx fbamembers:patrickmeyer fbamembers:pca fbamembers:pharamcare fbamembers:pharmacy solutions fbamembers:pharmerica fbamember
s:randy fbamembers:randyregal fbamembers:perlaravi fbamembers:regent care fbamembers:rinman fbamembers:rhytree i:0#.f|fbamembershipprovider|rtucci fbamembers:ronnie cox fba
members:rontucci fbamembers:rx solutions fbamembers:safedose fbamembers:scleveland fbamembers:sgeier MK\siddiq.mohammad i:0#.w|mk\siddiq.mohammad SPDOM\administrator SHAREP
OINT\system fbamembers:teresamapes fbamembers:tgundrum fbamembers:trilogy fbamembers:tri-med fbamembers:tris fbamembers:veritas fbamembers:vickie wendit fbamembers:vph fbam
embers:wellfount

                                              

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 23

Have you already tried to get user details for a single users? ie.

Get-SPUser "fbamembers:advanced" -web 'http://host001:38216/sites/MedicationManagers/'

Get-SPUser "fbamembers:amy thane" -web 'http://host001:38216/sites/MedicationManagers/'

In addition you can try selecting your users not by UserLogin but by ID. This require a little change in the script, but you can try with the test above and then with the following

Get-SPUser -web 'http://host001:38216/sites/MedicationManagers/' | select UserLogin, ID

## after getting the list of the user ID choose one of the
## results. The number in the following script is just an
## example

Get-SPUser 7 -web 'http://host001:38216/sites/MedicationManagers/'

I'm sorry but I can't connect with you by email or in other ways (and you should remove the email address from the previous post as per forum privacy policy :)).

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile

Answer 24

Hi Riccardo,

                Thanks for your patient response ,Thanks a billion . I didn't find any result after working above steps . When I executed the script it is showing errors ,Then step by step selecting  single word I executed(F8) ,In the below command I am getting value to $user as Null .When I selected $username it  is showing me username as "capital" and for oldprovidername as "fbaMembers" ,But when I selected -Identity it is showing me error as  below .I guess the problem is existed here ,Can you help me how can i solve the bellow issue .Hope you reply 

Missing expression after unary operator '-'.
At line:1 char:1

     $user = get-spuser -web "$url" -Identity "$oldprovidername:$username"

---

Thanks, Quality Communication Provides Quality Work. Siddiqali Mohammad .

Answer 25

Hi Mohammad, I have no more ideas and I haven't a test farm with this kind of configuration. The last try I can think about is to get user by userlogin and not with oldprovider + username (see below)

$user = get-spuser -web $url -identity $userlogin

Cheers
Riccardo

---

Italian SharePoint Community - My blog - My profile