Solved

configuring sharepoint to use form based authentication

Posted on 2011-02-10
22
1,414 Views
Last Modified: 2012-05-11
Hi there

We are thinking of implementing Sharepoint 3.0 for some testing purposes.

Its all setup on a Windows 2008 R2 64 bit, its also a DC. WSS 3.0 with SP2 installed and it is running fine.

However, we need the authentication to be forms based, just like OWA.

By default the authentication is through a pop up which is Windows based GUI where you type in your username and password.

I have looked up and there are instructions in MS documentation to do that and what I have to do is change the authentication settings under sharepoint settings and change the authentication type to form based authentication.

The guys who knows about this will know what I am talking about.

I have to select forms based authentication but then also provide the name of the authentication provider or something. This is where I am stuck.

http://technet.microsoft.com/en-us/library/cc288043(office.12).aspx

Can someone help me as to what I should be putting in and if I need to configure the web.config file as mentione? If so, where exactly is the file?

Is there anything else I will need to do?
0
Comment
Question by:alex110109
  • 11
  • 9
  • 2
22 Comments
 
LVL 9

Expert Comment

by:skipper68
ID: 34867970
I believe this can be set to anything but will be required to be changed/match when you modify your web.config file.

Make sure to take a backup copy first before editing
By default, Internet Information Services (IIS) stores these files under
C:\inetpub\wwwroot\wss\VirtualDirectories\<Web Site Directory>

The root of this directory will include the web.config file which you will now edit in your editor of choice ( i.e. notepad if nothing else ) and insert the following entry just after your <system.web> node.

<membership defaultProvider="MyMembershipProviderName">
  <providers>
    <add
    name="MyMembershipProviderName"
    type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
    server="<servernamehostingMyMembershipProviderName>"
    port="60000"
    useSSL="false"
    userDNAttribute="distinguishedName"
    userNameAttribute="cn"
    userContainer= "CN=Users,CN=xxxxxx,DC=xxxxxx,DC=COM"
    userObjectClass="user"
    userFilter="(ObjectClass=user)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
</membership>
You will also need to add the below code for your People Picker to correctly pick up your AD LDS users.  
<PeoplePickerWildcards>
  <clear />
  <add key="AspNetSqlMembershipProvider" value="%" />
  <add key="MyMembershipProviderName" value="*" />
</PeoplePickerWildcards>

Save your web.config file and then run IISRESET to ensure all new settings have been applied.

If this doesn't work, revert the web.config to the copy you made.

0
 
LVL 7

Accepted Solution

by:
bradgcoza earned 500 total points
ID: 34868731
I wrote a blog that might be of assitance

http://www.bradg.co.za/?p=18
0
 

Author Comment

by:alex110109
ID: 34870036
Hi Skipper

thanks for the code for web.config file.

But what about the authentication provider name that I need to specify under share point configuration?
0
 
LVL 9

Expert Comment

by:skipper68
ID: 34874245
The name I believe can be anything.  As long as it matches what's in the web.config.
0
 

Author Comment

by:alex110109
ID: 34880433
Brad and Skipper

Both your solutions don't work unfortunately, the problem is with the code.

Brad, your code first. Here is the snapshot of the error message.

Also, I am not sure exactly where should I put the code in the web.config file.

I have attached my default web.config file. Let me know what needs to change.

Skipper, I will post the error with your code next.

     brad error msg
0
 

Author Comment

by:alex110109
ID: 34880437
here is the web.config file which is default one
web---Copy.config
0
 
LVL 7

Expert Comment

by:bradgcoza
ID: 34894919
Hi,

The error you are receiving because of my code is becuase you added the <ConnectionStrings> after <system.web> and not after </system.web>

Please try again and let me know.
0
 

Author Comment

by:alex110109
ID: 34895368
Hi brad

I am still not sure exactly where you want me to put your code, but this time, I put it between
</system.web> and </location> . The error has still remained the same.


Detailed Error Information section (just the part which is the error)
================================
Config Error:The configuration section 'connectionStrings' cannot be read because it is missing a section declaration  
=================================

==============
Config Source
==============
57:   <system.web>
58:      <connectionStrings>
59:      <add name=”ADConnectionString” connectionString=LDAP://win2k8r2demo.mydomainname.local/, CN=Users, DC=mydomainname, DC=local />

Please note that the the line 58 is marked in red so that's probably the problem or its location within the config file. See the file attached which has the code as I mentioned.

I honestly can't figure this out, I have attached my original web.config file here. Do you mind inserting your code and saving it back here. I will change the values to reflect my domain etc.
web---Copy.config
0
 
LVL 7

Expert Comment

by:bradgcoza
ID: 34895479
Simply add the following code to the very end of teh web.config before </configuration>

<connectionStrings>
<add name=”ADConnectionString” connectionString=LDAP://domaincontroller.domain.com/OU=Managed Structure,DC=domain,DC=com />
</connectionStrings>
<system.web>
<membership defaultProvider=”ADAuth”>
<providers>
<add name=”ADAuth” connectionStringName=”ADConnectionString” connectionUsername=”domain\ssoservice” connectionPassword=”P@ssw0rd” attributeMapUsername=”UserPrincipalName” type=”System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</membership>
</system.web>

Open in new window


You need to add this code to the Central Admin site web.config as well in the same way.  I have attached the file.  Dont forget to change connection username and connection password
web.config
0
 

Author Comment

by:alex110109
ID: 34895561
Hi Brad

I think we are making progress. However, now the config error is "configuration file is not well-formed xml" and below is the detailed config source which it points to. THe line 204 is in red.

203:   <connectionStrings>  
204:     <add name=”ADConnectionString” cnnectionString=LDAP://win2k8r2demo.cloudit.local/OU=Users,DC=cloudit,DC=local />  
205:   </connectionStrings>

Obviously, I am not the expert here but is the LDAP path supposed to be in that format?
Let me know if something else is wrong.
0
 
LVL 7

Expert Comment

by:bradgcoza
ID: 34895854
add " before and after your connection string

"LDAP://win2k8r2demo.cloudit.local/OU=Users,DC=cloudit,DC=local"

Open in new window

0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:alex110109
ID: 34895889
Sorry mate, now it is coming up with exact same message with the quotes before and after the LDAP string, so basically no difference.

0
 
LVL 7

Expert Comment

by:bradgcoza
ID: 34895983
Copy and paste this over what you have, notice how "cnnectionString" is spelt wrong in your example above

<connectionStrings>  
<add name=”ADConnectionString” conectionString="LDAP://win2k8r2demo.cloudit.local/OU=Users,DC=cloudit,DC=local" />  
</connectionStrings> 

Open in new window

0
 

Author Comment

by:alex110109
ID: 34896072
Hi Brad

Sorry mate, it is still the same. See the latest error message with line 204 being red.

  203:   <connectionStrings>  
  204:     <add name=”ADConnectionString” connectionString="LDAP://win2k8r2demo.cloudit.local/OU=Users,DC=cloudit,DC=local" />  
  205:   </connectionStrings>
203:   <connectionStrings>  
  204:     <add name=”ADConnectionString” connectionString="LDAP://win2k8r2demo.cloudit.local/OU=Users,DC=cloudit,DC=local" />  
  205:   </connectionStrings>

Open in new window

0
 
LVL 7

Expert Comment

by:bradgcoza
ID: 34896094
Can you please send a screenshot of the error?
0
 

Author Comment

by:alex110109
ID: 34896106
Sure, here it is.
brad-error-msg2.png
0
 
LVL 7

Expert Comment

by:bradgcoza
ID: 34896183
Send me your web.config again please.  There is a typo somewhere in that file or you have spaces that shouldnt be there.  
0
 

Author Comment

by:alex110109
ID: 34896254
ok here is the current web.config file with the latest screenshot. Also the webconfig file is in the following path

C:\inetpub\wwwroot\wss\VirtualDirectories\80


brad-error-msg3.png
web.config
0
 
LVL 7

Assisted Solution

by:bradgcoza
bradgcoza earned 500 total points
ID: 34896359
OK fixed it ... if you notice the " infront of LDAP and the one at the end are different.  I deleted them and added them again.  I also removed the spaces between the ,


web.config
0
 

Author Comment

by:alex110109
ID: 34896551
Bingo....it was the quotes....I had to change a few of them. Great work.
0
 

Author Closing Comment

by:alex110109
ID: 34896609
Great detective type work from brad!!
0
 
LVL 7

Expert Comment

by:bradgcoza
ID: 34896639
Thanks that one was getting to me a little I must admit
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

If you create your solutions on SharePoint sooner or later you will come upon a request to set  permissions of the item depending on some of the item's meta-data - the author, people assigned as approvers, divisions, categories etc. The most natu…
For SharePoint sites, particularly public-facing ones, there are times when adding JavaScript, Meta Tags, CSS Styles or other content to the page <head> section is more practical than modifying master pages.  For instance, you could add the jQuery l…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now