In previous article FBA in SharePoint 2010, i explained how to configure FBA in SP2010. Now its time to do something more with out of box login page when you try to sing in with “Forms Authentication”. While recently helping out my customer with their SharePoint 2010 FBA configuration, I came across an unsurprisingly frustrating aspect of using a custom ASP.NET form to handle the authentication.
During the development of custom login page, i came to know that most of documentation that is available on this topic, all that is required is to provide an URL to your form in Central Administration.
The question is do you think it is only possible way to do this by providing URL in Central Admin?
The answer is NO. It is possible. Lets have a cup of Tea and ready to ride on this 🙂
It would be great if things worked so easily as just hitting in an URL and the back-end wiring itself up automatically.
Lets assume you have a basic ASP.NET form and you’ve configured it thus with standard control along with assuming that you’ve already set up the ASP.NET Membership SQL database, configured the Membership and Role providers, made the necessary changes in the web application, Secure Token Service and Central Admin web.configs and gone into Central Administration to configure Forms Based authentication (FBA in SharePoint 2010),you’d find that all your efforts would have been for nix – This form would obediently validate your credentials against the Membership database and then pitilessly given you an error when the form attempted to redirect yo /_layouts/Authenticate.aspx.
Why this error comes? Reason:
A vanilla ASP.NET form inherits from System.Web.UI.Page – you are a nobody as far as Club SharePoint 2010 is concerned.
Because a ASP.NET form has no idea how to create the required claims based authentication token to pass along to SharePoint to say that you really are on “the list” and that you know this guy inside who can assure for you.
There is no API documentation on this. In this case, to set your login form page to inherit from the same class that the out-of-the-box SharePoint FBA login form implements: Microsoft.SharePoint.IdentityProvider.FormsSignInPage (you can find this page in the /_forms sub folder of any SharePoint 2010 web application that has been set for FBA – 11574 in my case).
Now everyonce knows about polymorphism, we can access all the SharePoint FBA/Claims Auth token creation goodness out-of-the-box FBA forms get for “free” using the magic of polymorphism. No need to dance 🙂
You can use your own customized master page also in which your customized user control will be integrated (I have created a master page with name “MasterForCustomLogin” which contains customized html as per my requirement).
You can create a folder also in _forms/ (Basically it requires to store images if your login page has)
By doing this, you can now adapt your pre-existing FBA login forms to conform with the claims based auth requirements for SharePoint 2010.
My Login page looks like this now (after performing above steps):
Once you enter your credentials, you will be authenticated with your membership providers and able to logged in.
During this development, I observed one thing – When you enter your sharepoint site url into address bar it looks like :
You can see “http://kirti-p:11574/_login/default.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F”. This _login folder is available in virtual directory of sharepoint site itself. When you select “Forms Authentication” from drop down this url will be changed and looks like:
It says, while you are accessing Forms Authentication option it refere different master page.
You have to change master page entry accordingly.
Thats it for custom login page. Enjoy 🙂