Forms Based Authentication in SharePoint Part 2

Friday, July 27, 2007

In the first post I said that there are a lot of good instructions for setting up Forms Based Authentication in SharePoint. I’m still not going to rehash those instructions, because for the most part they are easy. Setup the database, add a user or two, configure SharePoint for forms authentication and let it know the DB info. Simple right?

So let’s complicate it a bit. If you follow the instructions and hit your SharePoint site you’ll get a SharePoint looking login page. I want my own login page. Simple enough right? Set up a virtual directory in IIS pointing to a directory that will contain our application. Then set up your login page. There’s an important thing to know. When setting up forms authentication in the web.config file, be sure to use the default cookie name, “.ASPXAUTH”. If you don’t then SharePoint won’t think you are authenticated. Trust me, I went around and around trying to figure out why I was authenticated in my user management application but not in SharePoint.

My user management application is fairly simple right now, I have a login page, a default page that shows what user you are currently logged in as and some links to: a create user page and a change password page.

This is now working the way I want, but there are still two features that have been requested. First, the client wants to have a login box on their home page and have that authenticate the user in SharePoint. Out of the box SharePoint requires the post back from the asp.net page in order to perform the login. So sending the username and password to the /login.aspx page is not possible. I have my own login page though so I added code to it to listen for this form and authenticate the user.

After this authentication the user is left in User Management and not in SharePoint. The easy solution would be to set the defaultUrl in web.config to the SharePoint home page like this, “../".

The real twist here is that in the application that I’m setting up, the clients logging in don’t have access to the root of SharePoint. They each have their own site buried in the /projects/ site. So I added a profile property called HomeUrl. When creating a user you set the appropriate home page for the user and when they login the login page reads this property and redirects the user to that page.

Easy right? Well no. In the third installment of this series I’ll go over the problems I had with profiles in asp.net.

SharePointJavaScriptForms Auth

Forms Based Authentication in SharePoint

Tim Sneath's 50 Silverlight Applications