locked
User Authentication Issue in SharePoint (FBA) - question on code used RRS feed

  • Question

  • Below I have explained the user authentication issue in newly created SharePoint site.

     Sharepoint Environment

     Using applications:  MOSS 2007, .Net Framework 3.5, SQL Server 2005.

    1. SharePoint site is using Forms Based Authentication (FBA) as the Authentication Provider (SQL Server membership provider).
    2. Sub sites are created under the parent SharePoint site/Site Collection through a .Net web service using SharePoint SDK.
    3. Groups and users are created as follows.

     Example: This is the high level code sample taken from the code base

    SPSecurity.RunWithElevatedPrivileges(delegate()
          {
              using (SPSite spSite = new SPSite(siteURL))
              {
                  using (SPWeb parentWeb = spSite.OpenWeb())
                  {
                      if (parentWeb.Webs[siteName].Exists)
                      {
                           using (SPWeb spWeb = parentWeb.Webs[siteName])
                           {
                                spWeb.AllowUnsafeUpdates = true;
    
                                //Create new user
                                MembershipUser membershipUser = Membership.GetUser(userId);
    
                                if (membershipUser == null)
                                {
                            membershipUser = Membership.CreateUser(userId, "password", eMail, passwordQuestion, passwordAnswer, isApproved, out status);
                                }
    
                                //Ensure user in SP site
                                SPUser newUser = spWeb.EnsureUser(userId);
    
                                //Create SP Group
                                spWeb.SiteGroups.Add(groupName, spWeb.ParentWeb.AssociatedOwnerGroup, null, string.Format("This group is automatically created from the site:{1}", spWeb.Url, spWeb.Name));
    
                                spGroup = spWeb.SiteGroups[groupName];
    
                                if (spGroup != null)
                                {
                                   //Assigining permission to the SP group
                                   SPRoleAssignment roleAssignment = new SPRoleAssignment(spGroup);
                                   SPRoleDefinition roleDefinition = spWeb.RoleDefinitions[roleDefinitionLevel]; //Ex: "Full Control", "Read"
                                   roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
                                   spWeb.RoleAssignments.Add(roleAssignment);
                                 }
    
                                 //Adding user to SP Group
                                 spGroup.AddUser(newUser);
                                 spGroup.Update();
    
                                 spWeb.Update();
                                 spWeb.AllowUnsafeUpdates = false;
    
                             }
                        }
                    }
                 }
       });
    
     
    1. There are 2 groups available in the sub site;
      1. “Admin user group” with “Full Control” privilege.
      2. “General user group” with “Read” privilege.

     Issue

    1. Even though login user exists in the membership data store (created from “ aspnet_regsql.exe”) and SharePoint Site’s Users, some times the logged in user (General User example: “USER X”) doesn’t get authenticated and it’s redirected to “Access Denied” page.
      Just after this happens;

      o         If we logged in as “Admin User” and then sign out

      o         Then tried to logged in as “USER X” it’s get authenticated and redirected to the “default.aspx” page

    1. But if the general user tries to re login after sometime (maximum about 8 hrs) it’s denied. We cannot monitor and come up with exact time duration of the login expiration of “USER X” as it’s rapidly changes.

    Thanks.

    • Edited by Mike Walsh FIN Thursday, December 17, 2009 4:42 AM uestion on code used added
    Thursday, December 17, 2009 3:39 AM

Answers

  • Please make sure the membership user trying to login has permission to the sharepoint site. Membership provider users don't get access to SharePoint site unless you assign those users to sharepoint site. Also make sure users in reader group is not trying to access any page that he/she doesn't have permission. If after login user is redirected to a page where he doesn't have permission then the user may get access denied page.


    Thanks,
    Sohel Rana
    http://ranaictiu-technicalblog.blogspot.com
    • Marked as answer by Chengyi Wu Thursday, December 24, 2009 6:12 AM
    Thursday, December 17, 2009 9:43 AM