Setting up Forms based authentication for SharePoint 2010 Foundation

This looks straight forward if you follow this Technet article http://technet.microsoft.com/en-us/library/ee806882.aspx

Which uses the following assembly

Microsoft.Office.Foundation.Security.LdapMembershipProvider

However it is all a LIE!  There is no such assembly for SharePoint 2010 Foundation and therefor you need to use the following instead.

System.Web.Security.ActiveDirectoryMembershipProvider 

After creating your Claims-Based Authentication Web Application follow the steps below to create FBA for SharePoint 2010 Foundation

Step 1 – Configure Central Adminisrtation web.config

Start IIS Manager by typing INETMGR at a command prompt.

Go to the SharePoint Central Administration site in IIS.

Right-click SharePoint Central Administration and then click Explore.

Open the Web.Config file.

outside of the </sharepoint></system.web> paste the following

*remember to change the name and connectionstring to conform to your settings.


<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>

within <system.web><membership></system.web>


<membership defaultProvider="LDAPMembers">
<providers>
<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="sAMAccountname" />
</providers>
</membership>

Step 2 – Configure Secure Token Service web.config 

Start IIS Manager by typing INETMGR at a command prompt.

Go to the SharePoint Web Services site.

Go to the SecurityTokenServiceAppliction sub-site.

Right-click SecurityTokenServiceAppliction and then click Explore.

Open the Web.Config file.

Update the web.config above the </configuration> </system.net> right at the end of the file.

*remember to change the name and connectionstring to conform to your settings.

</system.net>
<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>
<system.web>
<membership defaultProvider="LDAPMembers">
<providers>
<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="samaccountname" />
</providers>
</membership>
</system.web>
</configuration>

Step 3 – Configure Web Application web.config

Start IIS Manager by typing INETMGR at a command prompt.

Go to the Claims Forms site.

Right-click Claims Forms and then click Explore.

Open the Web.Config file.

Update the web.config outside of the </sharepoint></system.web>

*remember to change the name and connectionstring to conform to your settings.


<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>

Add the below configuration under <add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />


<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="samaccountname" />

Step 4 – Configure Claims-based web application

Central Administration > Manage Web Application > Select the web application > Authentication Providers > Default

  • Check Enable Forms Based Authentication (FBA)
  • Add “LDAPMembers” to ASP.NET Membership Provider name

Post to Twitter

7 comments

  1. Amit says:

    Hi,
    I tried this. It worked fine except that People picker is not showing user when I search for it. I tried with user name, logon name etc.

    Amit

  2. mounika says:

    Hi Brad,

    I am trying SharePoint Foundation 2010 integration with Oracle Directory Server. after checking many blogs, I came to know that LDAPMembershipProvider is not available out of the box with SPF. So, we need to write Customer Membership and Role Providers.
    As per this blog, you are saying we can use “ActiveDirectoryMembershipProvider”. My question is, does this work for any LDAP?
    And Dont we need to change Rolemember configuration?

    Rgds,
    Mounika

    • Brad says:

      Hi,

      I apologise for only getting back to you now.

      Yes the provider does work with LDAP and you do not need to create a custom membership provider. I would guess that by now you figured that out though.

  3. Dean says:

    Hi Brad,

    I’m hoping you could help me ….. I’m trying to setup a claim base Sharepoint Web application . I’ve follow multiple forms and I just can’t seem to get this to work with our Openldap server using SSL.

    I guess my questions is …. can this be configured to work with an OpenLdap? If so would the connect

    IF so were would I place the USername and Password to Authencate

    Any help would be great

    Deab

  4. Naveed says:

    Thanks for this post. i had wasted couple of days trying to configure FBA on SPF 2010 using FALSE Technet article. You saved me 🙂

    Please dont you get mad at me for following question.

    I do get two authentication options on my FBA site. Windows and Forms Authentication. Please guide me, where and how, i need to add FBA users.

Leave a Reply