none
Sharepoint 2013 FBA permission issues RRS feed

  • Question

  • I have implemented a custom FBA solution in SharePoint 2013 
    using this link <http://sivarajan.me/post/sharepoint-2013-custom-claims-fba-based-mixed-mode-authentication-part-1>

    1)FBA users got "sorry this site has not been shared with you"

    i followed the belwo steps and now all fba users can view the site 

    On Central Administration, navigate to Application Management -> Under Web Applications: Manage web applications
    Select your My Site -web application by clicking it, and open Permission Policy
    Click Add Permission Policy Level
    Enter at least the Name for your Permission Policy
    Select following Permissions:
    Create Subsites  -  Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
    View Pages  -  View pages in a Web site.
    Browse User Information  -  View information about users of the Web site.
    Open  -  Allows users to open a Web site, list, or folder in order to access items inside that container.
    Leave other parts unmarket and click Save
    Make sure your My Site -web application is selected and open User Policy
    Click Add Users, and on first view leave Zones: (All zones) selected, then click Next >
    On Choose Users -part click Browse (the catalogue type of icon). Click All Users and select Everyone activated. Press Add -> and OK
    On Choose Permissions, select the Permission Policy you recently created, and finally click Finish

    I have 3 documents libraries directory under the root 

    partners.contoso.com/documents1
    partners.contoso.com/documents2
    partners.contoso.com/documents3 

    I have following FBA users test1, test2,test3 

    When test1 logs in it should only be able to see documents1 
    test2 --> documents2
    test3 --> documents3 

    I have not implemented the asp.net role manager as I am controlling that in SharePoint user group  

    When test1 logs in it is able to view all the document libraries (documents1,documents2,documents3) 

    is it because asp.net role  is not implemented ?

    Thanks

    Friday, February 20, 2015 8:59 PM

Answers

  • I am not 100% sure but I think SharePoint groups themselves are not identities but container of them.  You can implement role provider.  I am positive that should work.

    These postings are provided "AS IS" with no warranties, and confers no rights.

    Friday, February 20, 2015 10:09 PM

All replies

  • Is the following your requirement you want to achieve or is there anything you've in place to accomplish this that isn't working in an FBA site?

    When test1 logs in it should only be able to see documents1 

    test2 --> documents2
    test3 --> documents3 

    If that's your requirement then you can achieve this using item level permissions on the individual documents to the respective users.


    These postings are provided "AS IS" with no warranties, and confers no rights.

    Friday, February 20, 2015 9:09 PM
  • Do I have  to implement the role class which derives from system.web.security.roleprovider or is it ok that i do not implement role class and use SharePoint security group and add users to that ?

    eg 

    I have partners.contoso.com 

    root level I have 3 document libraries not Folders

    walmart

    target

    costco 

    I can access that particular document library directly by using 

    http://partners.contoso.com/walmart

    http://partners.constoso.com/target .. so on 

    I have 100 partners like this , each partner has a document library and should one be able to see his document library (walmart...)

    each document library (walmart) contains subfolders and files > 100 files 

    so i create a sharepoint group walmart users with read permissions then i go to that particular document library and the stop inheriting parent and only leave walmart users in there and then when I log in FBA using test2 (fba user) then that user should not be able to see the walmart folder because it has unique permissions and only test1 should be able to see that . I have done this in SP2013 so many times and it works but it does not work for FBA users 



    Friday, February 20, 2015 10:02 PM
  • I am not 100% sure but I think SharePoint groups themselves are not identities but container of them.  You can implement role provider.  I am positive that should work.

    These postings are provided "AS IS" with no warranties, and confers no rights.

    Friday, February 20, 2015 10:09 PM