Site Collection Administrator on a FBA getting Access Denied

Site Collection Administrator on a FBA getting Access Denied errorsSite Collection Administrator on a FBA getting Access Denied errors

 

One of my customers was facing an issue with one of the Forms based authentication sharepoint web application where the site collection administrators were getting ACCESS DENIED errors. We spend a whole lot of time in figuring out what was the issue and for no reason were were getting a SQL Exception as below:

 

[SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)]
System.Data.SqlClient.SqlInternalConnection.OnErro r(SqlException exception, Boolean breakConnection) +4846887
System.Data.SqlClient.TdsParser.ThrowExceptionAndW arning(TdsParserStateObject stateObj) +194
System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject) +4860189
System.Data.SqlClient.SqlInternalConnectionTds.Att emptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) +90
System.Data.SqlClient.SqlInternalConnectionTds.Log inNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +376
System.Data.SqlClient.SqlInternalConnectionTds.Ope nLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +221
System.Data.SqlClient.SqlInternalConnectionTds..ct or(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +189
System.Data.SqlClient.SqlConnectionFactory.CreateC onnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +4861315
System.Data.ProviderBase.DbConnectionFactory.Creat eNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup) +29
System.Data.ProviderBase.DbConnectionFactory.GetCo nnection(DbConnection owningConnection) +4863644
System.Data.ProviderBase.DbConnectionClosed.OpenCo nnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +117
System.Data.SqlClient.SqlConnection.Open() +122
System.Web.Management.SqlServices.GetSqlConnection (String server, String user, String password, Boolean trusted, String connectionString) +82

[HttpException (0x80004005): Unable to connect to SQL Server database.]
System.Web.Management.SqlServices.GetSqlConnection (String server, String user, String password, Boolean trusted, String connectionString) +137
System.Web.Management.SqlServices.SetupApplication Services(String server, String user, String password, Boolean trusted, String connectionString, String database, String dbFileName, SqlFeatures features, Boolean install) +94
System.Web.Management.SqlServices.Install(String database, String dbFileName, String connectionString) +25
System.Web.DataAccess.SqlConnectionHelper.CreateMd fFile(String fullFileName, String dataDir, String connectionString) +395

 

In no way that we were using the out of the box ASP Net Membership provider we had built our own custom Membership Provider that doesn’t leverage SQL Server. After all that debugging finally we decide to take a look at the web.config file and VIOLA we found the issue J.

 

Basically the problem was the customer’s IT/Operations team had placed the Membership/Roleprovider entry in a incorrect system.web section of the web.config file because of which it was picking up the membership provider from the *Machine.config* (the default ASPnetMembership Provider) file.  

Machine.Config default membership provider:

  <system.web>

    <processModel autoConfig="true"/>

    <httpHandlers/>

    <membership>

      <providers>

        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>

      </providers>

    </membership>

    <profile>

      <providers>

        <add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

      </providers>

    </profile>

    <roleManager>

      <providers>

        <add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

        <add name="AspNetWindowsTokenRoleProvider" applicationName="/" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

      </providers>

    </roleManager>

  </system.web>

 

Wrong Section of the web.config :

<location path="_layouts/images">

    <system.web>

    <membership defaultProvider="ABCMembershipProvider">

      <providers>

        <add name="ABCMembershipProvider" type="ABC.Web.Security.ABCMembershipProvider,ABC.Web.Security.AuthenticationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=daf6fd1bbe0cfc20" />

      </providers>

    </membership>

    <!-- role provider -->

    <roleManager enabled="true" defaultProvider="ABCRoleProvider">

      <providers>

        <add name="ABCRoleProvider" type="ABC.Web.Security.ABCRoleProvider,ABC.Web.Security.ABCRoleProvider,Version=1.0.0.0, Culture=neutral, PublicKeyToken=daf6fd1bbe0cfc20" />

      </providers>

    </roleManager>

      <authorization>

        <allow users="*" />

      </authorization>

    </system.web>

  </location>

 

So after placing the Membership provider and Role provider entry in the correct location it started working. So Please check the web.config file properly and make sure the entries are placed in the appropriate sections.