I have already setup a website with windows authentication only. It can login succesfully.
And, I extend a web application with internet zone. and set both FBA login and windows login.
If I use default zone url, It can login fine. And When I use internet zone (extended web application) and select windows authentication with farm admin account login, it always show the message "Sorry, this site hasn't been shared with you."
But when I changed the login setting of internet zone from both FBA and Windows login to Windows login only. It can login successfully.
I've tried FBA setting before without extended web application and it worked fine before.
I referenced this video to set FBA login: https://www.youtube.com/watch?v=q3-sg_F96eQ
All the thing I set was same with the video, except the web.config of web application setting was set in extended web application.
Below is what I done about FBA setting:
(1) aspnetDB setting
(2) Set connection string, role, user of provider in IIS.
(3) Change role, user of provider in SecutiryTokenServiceApplication
(4) Change the peoplepicker setting in web.config of central administration and extended web application.
<PeoplePickerWildcards>
<clear />
<add key="SharePointMembership" value="%" />
</PeoplePickerWildcards>
Based on this situation, I cannot login with AD user in internet zone so that I can't gave permission to the FBA user.
Could anyone know why can't I login or how could I give permission to both windows user and FBA user?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 53%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
