I have recently had the need to work with SharePoint (actually Windows SharePoint Services – WSS 3.0) 2007 and ASP.NET Forms authentication. For something that in the end turns out to be simple to configure, I had a heck of a time locating viable information through MSDN and the blogosphere.
So, with that in mind, I thought I would create a very simple step by step guide to help those who find themselves in the same boat (although I know nobody reads this blog anyway)
Configuring SharePoint 2007 / WSS 3.0 to use Forms Auth
One disclaimer that I'll give here is that I am going to give instructions for the simplest method of configuring MOSS/WSS to use forms auth. The end-result is a global configuration and it may not be the best solution for your particular environment, nor is it a particularly smart/secure idea. With that said, you can always expand upon the ideas presented here to customize the solution for your environment.
Step by step instructions are as follows:
- Install and configure MOSS/WSS using whatever configuration you deem fit. (In my case, I needed a bare-bones default installation of WSS, but have also tested these steps with SharePoint 2007 Enterprise Edition)
- From the Windows\Microsoft.Net\Framework\v2.0.50727 folder, execute aspnet_regsql
- Choose Configure SQL Server for Application Services
- Use the default database (which will create a database called aspnetdb on whatever instance you choose in the wizard)
- Once the wizard is complete, use SQL Server Mgmt Studio to grant access to the user that will be the security principal for the IIS Application Pool that WSS/MOSS will use. (By default it will be NT AUTHORITY\NETWORK SERVICE)
- Choose Configure SQL Server for Application Services
- Open the machine.config file from Windows\Microsoft.Net\Framework\v2.0.50727\CONFIG
- Locate the <connectionStrings> element
- Replace the connectionString attribute for "LocalSqlServer" with an appropriate string that points to the database you created in step 2
- Locate the <connectionStrings> element
- In SharePoint Central Administration, create a new web application
- Use the default NTLM authentication
- Once done, ensure you restart IIS (use IISRESET /restart from a command prompt)
- Use the default NTLM authentication
- Create a new Site Collection using the web application you created in step 4
- Ensure you assign a Windows account as the site administrator (You should test the site before changing authentication types, so you'll need an account that can access the site)
- Ensure you assign a Windows account as the site administrator (You should test the site before changing authentication types, so you'll need an account that can access the site)
- Ensure the new site works by browsing to it
- Open SharePoint Central Administration Application Management
- Select Authentication Providers and ensure you select the correct web application (the one you created in step 4)
- Set the Authentication Type to "Forms"
- Set the Membership Provider to "AspNetSqlMembershipProvider" (It is imperative that you spell this correctly – you can cut/paste from machine.config <membership><providers> element if necessary)
- Once you save the configuration, restart IIS
- Select Authentication Providers and ensure you select the correct web application (the one you created in step 4)
- Test the new authentication type
- Open the site in the browser. If all is working correctly, you will be presented with SharePoint's default ASP.NET login screen
- Try to login with any user/password combination. It should fail and return you to the login screen
- Open the site in the browser. If all is working correctly, you will be presented with SharePoint's default ASP.NET login screen
- Add users to the aspnetdb database
- The easiest way to do this is through Visual Studio's ASP.NET web configuration utility
- Create a new ASP.NET website project
- Don't change anything and build the project
- From the Website menu, choose "ASP.NET Configuration"
- Once the tool loads, choose "From The Internet" in the authentication column
- Add users
- Create a new ASP.NET website project
- Test the site again
- Choose a valid username/password combination
- You should be able to login, but not access the site (SharePoint will tell you that you don't have access)
- Choose a valid username/password combination
- Open SharePoint Central Administration Application Management
- In the SharePoint Site Management section, add a user as a Primary Site Administrator (Choose a user you added in step 9)
- In the Application Security section, add any users to the Site Policy as necessary
- In the SharePoint Site Management section, add a user as a Primary Site Administrator (Choose a user you added in step 9)
Once these steps are followed, you should be able to enjoy WSS/MOSS with forms authentication.
I hope these steps have proven useful.
It's nice to see someone explain this... it isn't well documented anywhere on the web that I have found. Thanks for the info!
ReplyDelete