Configure authentication for EPM/Office SharePoint Server 2007 extranet users

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2010-02-24

Microsoft Office Project Server 2007 supports both Windows authentication and ASP.NET 2.0 forms-based authentication. In ASP.NET forms-based authentication, users are authenticated through a supported third-party membership provider, such as a Lightweight Directory Access Protocol (LDAP) data store or Microsoft SQL Server.

Forms-based authentication is ideally suited for Office Project Server 2007 extranet users. Forms-based authentication resembles the Project Server authentication mechanism provided in Microsoft Office Project Server 2003 in that a user enters a user name and password to access the Microsoft Office Project Web Access site. The main difference is that the forms-based authentication user names and their passwords are stored in membership stores instead of in the Office Project Server 2007 database. Examples of these stores include the Active Directory directory service, a SQL Server database, and an LDAP store. Access to a membership store is enabled through a membership provider, and there are specific providers for each kind of membership store. The two kinds of forms-based authentication described in this article are as follows:

  • Configuring forms-based authentication against and LDAP data store

  • Configuring forms-based authentication against a SQL membership provider

LDAP data stores

The Lightweight Directory Access Protocol (LDAP) is a directory service protocol designed to allow for fast and efficient access to an existing directory. Directory services that support LDAP version 2 or 3 can be used for Office Project Server 2007 forms-based authentication.

The primary advantages of using forms-based authentication against an LDAP data store are as follows:

  • It supports authentication against credentials stored in the Active Directory directory service on a Windows domain controller.

  • It supports authentication against LDAP data stores that do not run on the Windows operating system, such as Novell eDirectory, Novell Directory Services (NDS), or Sun ONE. Because Office Project Server 2007 is built on ASP.NET 2.0, it supports the ASP.NET 2.0 pluggable authentication provider model. This model enables you to store user credentials in a data store other than Active Directory. Novell, Linux, and Sun networks all have LDAP-supported directory services that can be used with Office Project Server 2007.

  • It lets you manage non-employee accounts (for example, consultants or contractors) apart from Active Directory. This can be done through an external LDAP directory service, such as Active Directory Application Mode (ADAM). For more information about ADAM, see Create your LDAP data store with the Active Directory Application Mode (ADAM) directory service.

For more information, see Configure Kerberos authentication in an EPM/Office SharePoint Server 2007 extranet environment.

SQL Membership Provider

Forms-based authentication can also use the SQL Membership Provider to store user account information to access a Project Web Access extranet site. This method lets you manage your accounts on a SQL Membership Provider database. Office Project Server 2007 includes the PjFormsAuthUpgrade.exe tool to add accounts to the SQL Membership Provider database. For more information, see Configure access to Analysis Server cubes over HTTP in an EPM/Office SharePoint Server 2007 extranet environment.