Configuring SharePoint to use Forms Authentication and SQL

Share |

November 16, 2009 16:35 by author

A growing commonality we're seeing is allowing external visitor access to SharePoint, whether it's a police department rolling it out their community or an organization wanting to allow it's 80+ volunteers access. The most cost effective way to do this is to use forms authentication and SQL server to store the membership database. You can use the same Active Directory your site is running on now but then you need to license each user in your network. Using SQL server stores the user accounts in the SQL database and therefore doesn't require any CALs for authentication. If you are using Microsoft Office SharePoint Server (MOSS) you will still require purchasing MOSS CALs for each user.

These steps I walk through pertain to Windows SharePoint Services (WSS). I have not tried these on MOSS, but I'm guessing it'll work there as well.

Before you begin, note that when you're completed, SharePoint will be looking at SQL for user accounts but SharePoint does not include the necessary tools to add, edit or reset passwords for users. You will have to create your own or find a third party solution. We have a solution available, email sales for more information.

1) Create the SharePoint site collection.

This might be a given, but make sure your SharePoint site is up and running. You cannot configure forms authentication on a site that doens't exist.

2) Extend the site to a new zone.

Go to Central Administration, then Application Management. Click Create or extend Web Application. On the next page click Extend an existing Web application.

On the extend web application page:

Web Application : Select the site you want to enable SQL authentication
IIS Web Site : Type in the port (80 unless you want a non-standard port, use 443 for SSL) and host header (web address) you want your SQL users to access. It cannot be the same address as the existing AD site.
Security Configuration : Keep the defaults unless you want to enable SSL.
Load Balanced URL : Keep the URL the way it is, it should reflect the host header you entered above. Under Zone, select a zone name that correctly categorizes the site you're extending.

Click OK. Your site is now accessible from both web addresses; the original address that was setup and now the new one. If you were to look in IIS you will see the new site setup. Now that it is a unique instance, we can now configure it for Forms Authentication.

3) Install Membership Provider to SQL Server.

See http://msdn.microsoft.com/en-us/library/ms229862.aspx for more information on how to install the membership provider. During the installation process I install the membership provider to the Content database the site is using. This helps keep everything in one place in the event we need to move it.

4) Configure Zone for Forms Authentication.

Back in Central Administration, go to Authentication Providers in Application Management. Make sure you have your site selected in the Web Application selector. You should see two zones: Default and the other one you created. Click the second zone you created.

On the Edit authentication page:

Authentication Type : Select Forms. The page will reload with new options.
Membership Provider Name : Enter AspNetSqlMembershipProvider. We will be using this same name a little later.
Role Manager Name : Enter AspNetSqlRoleProvider. Again, we will be using this later.
Client Integration : I recommend keeping this set to No. Enabling Yes could cause some issues.

Click Save. Next we will configure the sites to use your SQL server for the membership provider

5) Configure Extended Web Site Membership Provider

Open Windows Explorer (My Computer) and browse to c:\inetpub\wwwroot\wss\virtualdirectories. Within this folder you will see a folder for each SharePoint site hosted on your server. Open the folder that contains the new address you extended the site to. Next, right click the file web.config and Open it with Notepad. If you're using Windows Server 2008, open Notepad as administrator first, then open the web.config file.

Within the web.config file:

Locate </configSections> and copy the following immediately after it.

Enter the server name and database where you installed the membership provider in step 3. Note Integrated Security option in the connection string. You will require to setup the security account that SharePoint is running on to have access to the SQL server if it doesn't already.

Locate <system.web> and copy the following immediately after it.

The applicationName (appears twice above) should mirror your site's name or something unique. If you extend another SharePoint site at a later point to use SQL, you'll want to use a different applicationName.

Save and close the web.config file.

6) Configure Central Admin Membership Provider

In order for Central Administration to know anything about your SQL users you need to replicate the same settings in the Central Admin web.config file. In Windows Explorer browse to C:\inetpub\wwwroot\wss\virtualdirectories and open the folder that matches the same port number that Central Admin uses. Open the web.config file in the same manner you did in step 5 and update in the same way.

You're all set!

You should be good to go! Browse to the new web address and you'll be prompted with a forms based sign in. As I said before these steps, you will need to setup a custom application to manage the user accounts in SQL. SharePoint does not include this functionality. We have a solution available, email sales for more information.

986d8e37-a7e6-4e4d-b020-7c05e0c54224|2|5.0

Tags: sharepoint, users, permissions, forms authentication, membership provider
Categories: SharePoint
Actions: E-mail | Kick it! | Permalink | comment

Comments (0) | RSS comment feed

Comment RSS

Home \| Blogs \| Support \| About Delphi \| Contact
Development \| Computers & Networks \| Websites \| Products & Services \| Client Success \| News

David's Ramblings on Development SharePoint, InfoPath, .Net and more << WARNING stsadm -o uninstall is legit! \| Could not load file or assembly on SharePoint page >> Configuring SharePoint to use Forms Authentication and SQL Share \| November 16, 2009 16:35 by David Lozzi A growing commonality we're seeing is allowing external visitor access to SharePoint, whether it's a police department rolling it out their community or an organization wanting to allow it's 80+ volunteers access. The most cost effective way to do this is to use forms authentication and SQL server to store the membership database. You can use the same Active Directory your site is running on now but then you need to license each user in your network. Using SQL server stores the user accounts in the SQL database and therefore doesn't require any CALs for authentication. If you are using Microsoft Office SharePoint Server (MOSS) you will still require purchasing MOSS CALs for each user. These steps I walk through pertain to Windows SharePoint Services (WSS). I have not tried these on MOSS, but I'm guessing it'll work there as well. Before you begin, note that when you're completed, SharePoint will be looking at SQL for user accounts but SharePoint does not include the necessary tools to add, edit or reset passwords for users. You will have to create your own or find a third party solution. We have a solution available, email sales for more information. 1) Create the SharePoint site collection. This might be a given, but make sure your SharePoint site is up and running. You cannot configure forms authentication on a site that doens't exist. 2) Extend the site to a new zone. Go to Central Administration, then Application Management. Click Create or extend Web Application. On the next page click Extend an existing Web application. On the extend web application page: Web Application : Select the site you want to enable SQL authentication IIS Web Site : Type in the port (80 unless you want a non-standard port, use 443 for SSL) and host header (web address) you want your SQL users to access. It cannot be the same address as the existing AD site. Security Configuration : Keep the defaults unless you want to enable SSL. Load Balanced URL : Keep the URL the way it is, it should reflect the host header you entered above. Under Zone, select a zone name that correctly categorizes the site you're extending. Click OK. Your site is now accessible from both web addresses; the original address that was setup and now the new one. If you were to look in IIS you will see the new site setup. Now that it is a unique instance, we can now configure it for Forms Authentication. 3) Install Membership Provider to SQL Server. See http://msdn.microsoft.com/en-us/library/ms229862.aspx for more information on how to install the membership provider. During the installation process I install the membership provider to the Content database the site is using. This helps keep everything in one place in the event we need to move it. 4) Configure Zone for Forms Authentication. Back in Central Administration, go to Authentication Providers in Application Management. Make sure you have your site selected in the Web Application selector. You should see two zones: Default and the other one you created. Click the second zone you created. On the Edit authentication page: Authentication Type : Select Forms. The page will reload with new options. Membership Provider Name : Enter AspNetSqlMembershipProvider. We will be using this same name a little later. Role Manager Name : Enter AspNetSqlRoleProvider. Again, we will be using this later. Client Integration : I recommend keeping this set to No. Enabling Yes could cause some issues. Click Save. Next we will configure the sites to use your SQL server for the membership provider 5) Configure Extended Web Site Membership Provider Open Windows Explorer (My Computer) and browse to c:\inetpub\wwwroot\wss\virtualdirectories. Within this folder you will see a folder for each SharePoint site hosted on your server. Open the folder that contains the new address you extended the site to. Next, right click the file web.config and Open it with Notepad. If you're using Windows Server 2008, open Notepad as administrator first, then open the web.config file. Within the web.config file: Locate </configSections> and copy the following immediately after it. <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Data Source=servername;Initial Catalog=databasename;Integrated Security=SSPI" /> </connectionStrings> Enter the server name and database where you installed the membership provider in step 3. Note Integrated Security option in the connection string. You will require to setup the security account that SharePoint is running on to have access to the SQL server if it doesn't already. Locate <system.web> and copy the following immediately after it. <roleManager> <providers> <remove name="AspNetSqlRoleProvider" /> <add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/wss" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> <membership> <providers> <remove name="AspNetSqlMembershipProvider" /> <add connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/wss" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="15" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="1" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> The applicationName (appears twice above) should mirror your site's name or something unique. If you extend another SharePoint site at a later point to use SQL, you'll want to use a different applicationName. Save and close the web.config file. 6) Configure Central Admin Membership Provider In order for Central Administration to know anything about your SQL users you need to replicate the same settings in the Central Admin web.config file. In Windows Explorer browse to C:\inetpub\wwwroot\wss\virtualdirectories and open the folder that matches the same port number that Central Admin uses. Open the web.config file in the same manner you did in step 5 and update in the same way. You're all set! You should be good to go! Browse to the new web address and you'll be prompted with a forms based sign in. As I said before these steps, you will need to setup a custom application to manage the user accounts in SQL. SharePoint does not include this functionality. We have a solution available, email sales for more information. 986d8e37-a7e6-4e4d-b020-7c05e0c54224\|2\|5.0 Tags: sharepoint, users, permissions, forms authentication, membership provider Categories: SharePoint Actions: E-mail \| Kick it! \| Permalink \| Comments (0) \| Comment RSS Related posts Customizing SharePoint List FormsSpecifically to Windows SharePoint Service 3.0, creating a custom form is rather easy. It took me a ...Joining SharePoint ListsIn many scenarios, we SharePoint developers want to take two different lists and join them and prese...Versioning Your Published InfoPath FormsIf you haven't experienced it already, when you have an InfoPath form live on your server, and you m... Comments Add comment Name* E-mail* Website Country Format your comments: b i u quote Comment Preview Comment Notify me when new comments are added	RSS Twitter September 1. 17:46 Reviewing SharePoint Development Standards and compiling our own http://ow.ly/2ybJe September 1. 16:14 SharePoint 2010 Development: use the VS 2010 options or WSPBuilder? August 31. 17:28 compiling resources to get my dev team to SharePoint 2010 from 2007. Any recommendations? Follow me on Twitter About David Lozzi I love what I do. I'm not the sketchy type that hides in his basement coding all day. I have a beautiful wife and two great children. I've spent my last 10 years plus in the technology arena. more... Search Include comments in search Tag cloud .Net alerts browser size CAML forms authentication google iis infopath InfoPath inputformcontrol inputformsection ISA Server membership provider MS CRM permissions Reviews SEO sharepoint SharePoint sharepoint designer stsadm UniObjects.Net users web design web part Web part websites Websites workflows Workflows wspbuilder xsl xslt RecentPosts Connecting Outlook to SharePoint Calendar IssueComments: 0Rating: 0 / 0 Printer Friendly in SharePointComments: 2Rating: 5 / 1 SharePoint Workflow Failed on RestartComments: 0Rating: 5 / 1 Setting a web part to be scrollableComments: 2Rating: 4.8 / 4 Copy a SharePoint Site via CodeComments: 2Rating: 0 / 0 Browser Size by GoogleComments: 2Rating: 0 / 0 Could not load file or assembly on SharePoint pageComments: 1Rating: 5 / 3 Configuring SharePoint to use Forms Authentication and SQLComments: 0Rating: 5 / 2 WARNING stsadm -o uninstall is legit!Comments: 0Rating: 4.7 / 3 Accessing User's Sharepoint Permissions in InfoPathComments: 4Rating: 4.5 / 2 Blogroll Cranky Burger Guy Five Guys Burgers &... Virgil's BBQ Salem Beer Works Cla... Clayton's SharePoint... MSDN Forums SharePoi... InfoPath 2010 – Desi... Business Connectivit... Download OPML file Month List 2010 August (1) July (1) March (1) January (1) 2009 December (3) November (3) October (1) August (4) July (4) June (3) May (2) April (2) March (3) February (1) 2008 December (1) October (2) August (3) April (1) January (1) 2007 November (1) October (2) September (2) July (1) June (2) May (2) April (2) February (2) 2006 December (1) November (1) October (4) Login

Development | Computers & Networks | Websites | Products & Services | Client Success | News

David's Ramblings on Development

SharePoint, InfoPath, .Net and more

Configuring SharePoint to use Forms Authentication and SQL

Twitter

About David Lozzi

Tag cloud

RecentPosts

Blogroll

Month List