MOSS Forms-Based Authentication-Basic Configuration Steps
Forms-based authentication requires user to key in the details i.e. user name and password to a logon form . The authentication happens based on validation of credential input from a logon form. Ideally we have seen people having their FBA <Forms-based authentication> sites for their web application facing internet. There are many great references and configuration steps for FBA and MOSS that has some great info. A few of them I like are listed below
Microsoft SharePoint Team Blog:Configuring Multiple Authentication Providers for SharePoint 2007
Forms Based Authentication in MOSS
What I want to put across in this posting of mine is some basic configuration steps required for configuring Forms Based Authentication along with some print screen from a test environment which I used to configure for a demo.
Now one very basic question ….What is FBA
FBA…Forms Based Authentication is web browser based logon mechanism commonly used besides regular Integrated, Basic authentication mechanism used for login to SharePoint environments .FBA is preferred option for companies running SharePoint 2007 because it is easiest way via which you can give external clients access to your SharePoint sites without having to give them a full blown Windows domain account. Unless you have customized your login screen a typical out of box FBA login page would be quite similar like the image below
Now what are a few basic steps we require to configure FBA
Create and Extend web application to the NTLM one which you would be using for FBA.
Add Membership Provider and Role Manager to web.config files
Set FBA authentication for extended web application through Central Administration
Add users to Policy for web application
In the sample configuration below I would share with you prints screen from my test environment along with the step by step configuration . My NTLM site is say https://portal.mossadmin.com
Now is the next task of extending the site . we navigate to Central Administration>>> Application Management>>Create or Extend Web Application. Choose the option Extend An existing Web Application
Now from the list of web application choose the web application that you want to extend and map. In my case the same is portal.mossadmin.com. You can either choose to create a new website in IIS or use one if already present . The remaining information is quite easy to key in and I would not detail it out.
If you navigate to IIS manager you will be now be able to see the web application you just extended
Now comes the most important part of modifying the web.config files. <Important> Ensure that you have a working copy of the web.config handy before you make any changes . If the changes made to the web config does not work you can easily revert back the default one. So a quick question How to Locate web.config file. Lets look at the one for central administration .Navigate to IIS manager on the server hosting the same and click on the web application SharePoint Central Administration V3 . On the right hand side you will be able to see the web.config
Now once you locate the web config on the server we need to add the membership provider . I have attached a copy of the web.config file as a screenshot below . Also this same step needs to be followed for the web config for the web application to be set with FBA as well that is the extended web application.
Sample Web.config for Central Administration
Sample Web.config for Web Application
Next comes the task of changing the Authentication Method for Extended Site . Browse to central administration> Application management >Authentication providers> Choose the correct web application from the web application drop down and mention the membership and the role providers.
I have chosen “Client Integration” as No however if you want client integration to work then its recommend you have SP2 installed on the farm. Check out article for more information
Now we are done with the configuration and your FBA site will be accessible If you now browse to the web application extended earlier you will see a login screen as below . I will continue with the login mechanism with an user called fbauser
Once you successfully login you will be able to add additional users by browsing to people and groups and search for users as well. A print screen of a sample user is below
That brings us to a end of the basic configuration steps required to configure a Forms based authentication site for MOSS. I am planning to set up a similar post with some basic configuration steps required for SQL ASP.Net membership provider.
Disclaimer : This posting is provided "AS IS" with no warranties, and confers no rights.