Introduction to Forms Authentication in SharePoint
Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 contain several new features for authentication and authorization that help to make it easier for developers to develop and deploy solutions in Internet-facing—and especially extranet—environments. In earlier SharePoint versions, at some point all security principals needed to resolve to a Windows identity—either a user account or group.
Office SharePoint Server 2007 and Windows SharePoint Services 3.0 are built upon the ASP.NET 2.0 Framework, which allows you to use forms authentication to authenticate users into the system. Because SharePoint Products and Technologies are built upon the ASP.NET 2.0 pluggable authentication provider model, they can now support authentication for users stored in Active Directory, a Microsoft SQL Server database, in an LDAP directory, or in any other directory that has an ASP.NET 2.0 membership provider. Although Windows SharePoint Services 3.0 does not provide any default membership providers, Office SharePoint Server 2007 does provide a built-in LDAP V3 membership and role provider, and ASP.NET 2.0 includes a SQL Server membership and role provider. However, if you want to use a directory and cannot find a membership provider for it, you can write your own! This is a key technology enabler for heterogeneous environments.
FBA User & Role Store
(1) Database Creation
We need a place to put our users which we are going to create. The Asp.Net 2.0 Membership and Role providers include a database. The steps to install the database are as follows:
1. Open up a command prompt by clicking Start…Run, then typing cmd and pressing Enter.
2. Switch to the Asp.Net 2.0 Framework directory by typing
and pressing Enter.
3. Type aspnet_regsql to launch the ASP.NET SQL Server Setup Wizard.
4. Click Next.
5. Choose Configure SQL Server for application services (the default choice) on the Select a Setup Option screen and click Next.
6. Specify the SQL Server name (your machine name), database name to create (I used AspNetDb_FBADemo), and the credentials to use for this process (database creation). I generally prefix my Membership and Role provider databases with AspNetDb_ such that they appear together in Microsoft SQL Server Management Studio and are easily identifiable should I need to access them, such as to update Security (Step 10). Click Next.
7. Confirm your settings on the Confirm Your Settings screen and click Next.
8. The process takes a few seconds and then The database has been created or modified screen appears. Click Finish to close the wizard.
9. Open Microsoft SQL Server Management Studio and confirm that the database was successfully created.
(2) User and Role Creation
1. Create a folder on your desktop called FBA Management Site.
2. Open Microsoft Visual Studio 2005.
3. Select File…Open…Web Site.
4. In the Open Web Site dialog, choose the File System icon on the left side of the dialog, then browse to and select the FBA Management Site folder created in step 1.
5. Click Open.
6. In the Solution Explorer, right-click on the web site and select Add New Item.
7. Select Web Configuration File and click Add. There is no need to rename the file, web.config is fine.
8. Replace the empty element with the following snippet. Be sure to replace both and with their appropriate values.
<add name="YourConnectionString" connectionString="Data Source=;Initial Catalog=;Integrated Security=True” />
9. Just below the element, add the following membership and roleManager elements. Be sure to update the connectionStringName attributes of each of the two providers to the name of the connection string name you created in step 8. Also be sure to give both providers meaningful names. Remember these names, we will need them later. Save and close the web.config file
<roleManager enabled="true" defaultProvider="FBARoleProviderName">
10. Click ASP.NET Configuration under Website. The ASP.NET Web Site Administration Tool opens in a browser. If the tool does not appear, or cannot connect, verify the connection string and provider information entered above.
11. Click on the Security tab. You are presented with the following. From here we will create our users and roles.
12. Click on the Select authentication type link in the Users box on the left.
13. Select the From the internet radio button then click the Done button in the bottom right hand corner of the window.
14. Create an Administrator, Manager and Employee role. This step and the next three are intuitive enough that I am not going to spell them out.
15. Create a single Administrator user, spadmin. Be sure to assign the user to the Administrator role as you create it.
16. Create two Manager users, Manager1 and Manager2. Be sure to assign these users to the Manager role as you create them.
17. Create 4 Employee users, Employee1, Employee2, Employee3 and Employee4. Be sure to assign these users to the Employee role as you create them.
18. When you are done you should have seven users and three roles defined. This can be verified by clicking on the Security tab. Your user and role counts may differ depending on if you followed my instructions to the letter. It is not critical. What is important is that you create some roles and users and assign some users to the roles. This is what my Security screen looks like.
19. Close the ASP.NET Web Site Administration Tool.
20. Close Microsoft Visual Studio 2005.