How to configure Form based Authentication For AD users in a MOSS intranet application?

Posted on 2009-12-17
Last Modified: 2012-05-08
We have Our DMS applciation configured in MOSS.
The Default and Intranet zone is being used for accessing.We have assigned an AAM also.
Our client now want to make the intranet authentication to be changed to Form Based Authentication(FBA).How can I make existing intranet with AD users autehntictaion done using Form Based mode?
When searching online I cud see links related to FBA for LDAP..But I am not sure if I shud try with LDAP method or AD membership mode?
Is there anything specific to be taken care of in web.config files regarding security?
At AD level do I need to provide any specific rights to MOSS admin account ?
Will the sceurity be compromised?if so is there anything to be entered in conenction string to take care of this?

The client want to keep FBA as primary intranet access mode..

Pls help with your valuable inputs..
Question by:jlaxmi
    LVL 6

    Assisted Solution


    Author Comment

    Thanks Captain for replying .
    But my question was specific to intranet and AD users.the link send by you speaks about FBA for extranet and non-AD users..
    Inputs regarding Intranet (AD users) would eb really helpful
    LVL 6

    Accepted Solution


    Author Comment

    Thanksa gain.
    Ok let me try this.
    I have a query:When configuring FBA for intranet users in intranet zone do I need to mention ADMembershipprovider or LDAPmembershipprovider?Are these two diff?
    or these two have different details entered in conenction string?
    LVL 6

    Assisted Solution

    You can use either. I personally would use the ADMembershipprovider

    Using AD it automatically queries your DC using the application's process identity, or you can provide your own credentials if you want to use another, however its submitted in clear text.

    LDAP you have to specify where you want it to query and can be used outside of a domain enviorment.

    This site has all the different strings that you would need if you decide to use LDAP or AD authentication it also has a link to how to encrypt the connection string if you decide to provide your own credentials.

    I hope this is what you were after.

    Author Comment


    Thanks a lot for the links..But i am stuill stuck up..
    I am trying to change my Default zone application from Windows authenticatuion to Forms.I enable Anonymous access also.Then I submit Membership provider as "ADMembershipProvider" as given in my web.config .
    I added connection strings above system.web node in both the Central Admin(CA) web.config and Sharepoint site's default application web.config(configured on port 82).
    In Central Admin web.config  Authentication  is"windows"
    in Sharepoint site  web.config  Authentication is "Forms"
    Then I added the membership provider below system node with details as in attached files..
    I am not getting even the forms page open. I get teh page as in the image..
    Attaching teh code changes in web.config for your reference..
    I am wondering why i don't even get the forms page..
    Is there any way to atleast get the forms page first and see if forms authentciation working..
    To remind the point-I dont have an extended web applciation..I want to apply forms based authentciation to my Default zone.
    Once this works fine I will test for an extended zone  with ADMembership provider..But right now I have to show my manager how will be the forms application opening into Forms Uathentciation...
    Pls help....

    Author Comment

    I Changed Autehntictaion to Windows with anaonymouse access enabled and then gave anonymous accces to Site permissions Home.I then changed to forms authentication and could get the login page for forms.When entered users authentication worked.

    Author Closing Comment

    Applied resolution on own

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    I have just recently built a new SharePoint 2007 farm on a complete Windows 2008 R2 server platform and part of my standard build procedure is to implement a warm up routine, usually in the form of a script that is scheduled every morning to launch …
    The Scenario: Let’s say you have a quote worksheet in Excel that you use to work up sales figures and such for your clients. You utilize SharePoint to manage and keep track of these documents. You would like values from your worksheet to populate Sh…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now