In the first post I said that there are a lot of good instructions for setting up Forms Based Authentication in SharePoint. I'm still not going to rehash those instructions, because for the most part they are easy. Setup the database, add a user or two, configure SharePoint for forms authentication and let it know the DB info. Simple right?
So let's complicate it a bit. If you follow the instructions and hit your SharePoint site you'll get a SharePoint looking login page. I want my own login page. Simple enough right? Set up a virtual directory in IIS pointing to a directory that will contain our application. Then set up your login page. There's an important thing to know. When setting up forms authentication in the web.config file, be sure to use the default cookie name, ".ASPXAUTH". If you don't then SharePoint won't think you are authenticated. Trust me, I went around and around trying to figure out why I was authenticated in my user management application but not in SharePoint.
My user management application is fairly simple right now, I have a login page, a default page that shows what user you are currently logged in as and some links to: a create user page and a change password page.
This is now working the way I want, but there are still two features that have been requested. First, the client wants to have a login box on their home page and have that authenticate the user in SharePoint. Out of the box SharePoint requires the post back from the asp.net page in order to perform the login. So sending the username and password to the /login.aspx page is not possible. I have my own login page though so I added code to it to listen for this form and authenticate the user.
After this authentication the user is left in User Management and not in SharePoint. The easy solution would be to set the defaultUrl in web.config to the SharePoint home page like this, "../".
The real twist here is that in the application that I'm setting up, the clients logging in don't have access to the root of SharePoint. They each have their own site buried in the /projects/ site. So I added a profile property called HomeUrl. When creating a user you set the appropriate home page for the user and when they login the login page reads this property and redirects the user to that page.
Easy right? Well no. In the third installment of this series I'll go over the problems I had with profiles in asp.net.
Posted: 25 July 2007 by Todd Anthony Spatafore
If you search the Internet you will find some very good instructions for setting up forms based authentication (FBA) in both Windows SharePoint Services v3 (WSS) and Microsoft Office SharePoint Server 2007 (MOSS2007). I won't rehash all those instructions here. However I do want to make a couple of observations. One person actually posted about a missing step which involves ensuring that the user account that your SharePoint Application Pool runs under has permission in your SQL Server. I think they assume you are just going to give that user owner rights on your aspnetdb database. I don't like giving that much permission to a limited user account.
The documentation from Microsoft states give that user read and write permissions on that database, but unknown errors kept occurring. What I ended up doing was adding the run time user to certain roles that aspnet_regsql.exe had set up in the aspnetdb database. Those roles were:
- aspnet_Membership_FullAccess
- aspnet_Personalization_FullAccess
- aspnet_Profile_FullAccess
- aspnet_Roles_FullAccess
I added these in addition to data reader and data writer. There was an additional role called aspnet_WebEvent_FullAccess. I don't know what that is for so I didn't set it. I'm sure I'll run across it in the future.
How did I know that I needed to set those? Well this leads me to my second tip. Some instructions for setting up FBA tell you to only use Visual Studio's Web Configuration tool to do the initial configuration and set up the user accounts. However, if you create a login page and try to log in using this login page you'll get some error messages that lead directly to the realization that the user account doesn't have the right perms.
This login page could be a whole application for user management. Read my next post when I explain why I set up the custom login page to begin with.
Posted: 25 July 2007 by Todd Anthony Spatafore
It's time for me to get ramped up on MCMS again as a big client wants their site written using that tool. I always get asked pretty much the same questions so I'm going to try to centralize all of the links to the answers. For the most part, the Microsoft public newsgroup is an amazing resource. Stefan Gossner from Microsoft answers so many questions, so fast, that I'm amazed that MVP's even exist for MCMS. I recommend his book and he has a new book coming out soon.
Anyway,
Question 1) How do I revert to a previous version of a post?
Answer 1) http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=5801E02F-AF3A-413F-8985-A773336D84D8
Posted: 06 October 2005 by Todd Anthony Spatafore