locked
Forms based authentication setup RRS feed

  • Question

  • For the project i need to do i don't have Active Directory avalilable.
    Therfore I have created new application with forms authentication.
    It all went ok to the point where I needed to create site collection.
    Problem is with assigning site collection administrator. It open popup dialog for the user search
    but i can not find any users.
    Just to make sure that we understand each other i have followed this procedure
    http://msdn.microsoft.com/en-us/library/gg252020.aspx#Y3671

    If anybody konws whats wrog please respond since i can not go any further before solving this issue.
    Thanks,

    Tuesday, June 14, 2011 11:35 AM

Answers

  • What you are seeing says that the Admin1 user is authenticated, just not authorized in SharePoint for access to anything, which if you haven't added them as a site collection administrator or given them other permissions is exactly what you should see.  If you still can't see them in People Picker then something is wrong with your settings in the Central Admin Web.config.  Without having access to your web.config file I'm not sure what else I can do to help.  FBA is working on the web site or you wouldn't get the message that you are signed in.  But you need to be able to add the user in Central admin as the site collection administrator or you won't be able to login.
    Paul Stork SharePoint Server MVP
    • Marked as answer by Seven M Friday, June 24, 2011 2:54 AM
    Thursday, June 16, 2011 12:09 PM
  • if you want your FBA users to be resolved in People picker in Central Administration web application you need to modify web.config of the Central Administration.

    1. from web.config of your application copy the following sections:

    <membership defaultProvider="fbaMembers">
     <providers>
      <add connectionStringName="fbaSQL" applicationName="/"
       name="fbaMembers" 
       type="..." />
     </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="fbaRoles">
     <providers>
      <add connectionStringName="fbaSQL" applicationName="/"
       name="fbaRoles" type="..."/>
     </providers>
    </roleManager>
    

    and insert them into appropriate place in CA web.config

    2. Copy connection string to CA web.config (if you use standard aspnet_db SQL database fro FBA)

    <connectionStrings>
     <add name="fbaSQL" connectionString="..." />
    </connectionStrings>
    

    3. And the last step which actually enables resolving of the users in people picker. Change PeoplePickerWildcards section in CA web.config - add membership provider you use in your web application (fbaMembers in this example):

    <PeoplePickerWildcards>
     <clear />
     <add key="AspNetSqlMembershipProvider" value="%" />
     <add key="fbaMembers" value="%" />
    </PeoplePickerWildcards>
    
    After this users should be resolved in People picker of CA.

    Blog - http://sadomovalex.blogspot.com
    CAML via C# - http://camlex.codeplex.com
    • Marked as answer by Seven M Friday, June 24, 2011 2:54 AM
    Thursday, June 16, 2011 1:00 PM

All replies

  • Double check your settings in the web.config for the Central Admin web site.  If you aren't seeing FBA users in Central Admin that's normally the issue.  Compare what you've done to this walkthrough.  Its a bit more detailed than the MSDN article you followed.

    http://sharepointchick.com/archive/2010/05/07/configuring-claims-and-forms-based-authentication-for-use-with-a.aspx


    Paul Stork SharePoint Server MVP
    Tuesday, June 14, 2011 11:53 AM
  • Paul,

    i still can not see any forms users.

    I made some changes. Now I have dual authentication Windows integrated/NTLM and Forms authentication.

    I did it for the reason to create site collection and the try to administer site collection and to add Forms users.

    I still can not sign in in the SP application with the message

    -------------------------------------------

    Error: Access Denied

    Current User
    You are currently signed in as:  admin1
     
    Sign in as a different user

    ---------------------------------------------

    the message is the same if I use NTLM user which is also a site administrator.  This means that user is authenticated but not authorized - right? But last user is site admin.

    I still see the biggest issue that i can not see any forms users in the people picker.

    If you figure this out please let me/us know what is the issue.

    Thursday, June 16, 2011 10:28 AM
  • What you are seeing says that the Admin1 user is authenticated, just not authorized in SharePoint for access to anything, which if you haven't added them as a site collection administrator or given them other permissions is exactly what you should see.  If you still can't see them in People Picker then something is wrong with your settings in the Central Admin Web.config.  Without having access to your web.config file I'm not sure what else I can do to help.  FBA is working on the web site or you wouldn't get the message that you are signed in.  But you need to be able to add the user in Central admin as the site collection administrator or you won't be able to login.
    Paul Stork SharePoint Server MVP
    • Marked as answer by Seven M Friday, June 24, 2011 2:54 AM
    Thursday, June 16, 2011 12:09 PM
  • if you want your FBA users to be resolved in People picker in Central Administration web application you need to modify web.config of the Central Administration.

    1. from web.config of your application copy the following sections:

    <membership defaultProvider="fbaMembers">
     <providers>
      <add connectionStringName="fbaSQL" applicationName="/"
       name="fbaMembers" 
       type="..." />
     </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="fbaRoles">
     <providers>
      <add connectionStringName="fbaSQL" applicationName="/"
       name="fbaRoles" type="..."/>
     </providers>
    </roleManager>
    

    and insert them into appropriate place in CA web.config

    2. Copy connection string to CA web.config (if you use standard aspnet_db SQL database fro FBA)

    <connectionStrings>
     <add name="fbaSQL" connectionString="..." />
    </connectionStrings>
    

    3. And the last step which actually enables resolving of the users in people picker. Change PeoplePickerWildcards section in CA web.config - add membership provider you use in your web application (fbaMembers in this example):

    <PeoplePickerWildcards>
     <clear />
     <add key="AspNetSqlMembershipProvider" value="%" />
     <add key="fbaMembers" value="%" />
    </PeoplePickerWildcards>
    
    After this users should be resolved in People picker of CA.

    Blog - http://sadomovalex.blogspot.com
    CAML via C# - http://camlex.codeplex.com
    • Marked as answer by Seven M Friday, June 24, 2011 2:54 AM
    Thursday, June 16, 2011 1:00 PM