Click here to monitor SSC
  • Av rating:
  • Total votes: 192
  • Total comments: 72
Damon Armstrong

Configuring Forms Authentication in SharePoint 2007

08 May 2007

SharePoint 2007 is the latest release of Microsoft's enterprise collaboration suite, which tightly integrates with the Microsoft Office Suite and allows organizations to establish well-managed corporate knowledge from the darkest depths of informational chaos. At least that's Microsoft unbiased opinion. In my experience, SharePoint 2007 is a major improvement over its predecessor, but it still takes a bit of know-how to make it work.

The latest rendition of SharePoint is built on top of ASP.NET 2.0, so ASP.NET developers should feel right at home developing against, and customizing, SharePoint 2007. In fact, some of the "latest technologies" in SharePoint, like Master Pages and Forms Authentication, are "not-quite-the-latest technologies" from ASP.NET. In this article, I'll cover some of the quirks to Forms Authentication that you will doubtless encounter when trying to set it up in SharePoint.

A step-by-step guide to configuring Forms authentication in SharePoint 2007

Following is a checklist for setting up Forms Authentication in SharePoint 2007

  1. Setup the membership data store
  2. Add a new user to the membership data store
  3. Configure SharePoint Central Administration web.config
  4. Configure the SharePoint site's web.config
  5. Enable Forms authentication on the SharePoint site
  6. Authorize the Forms-based user to access the site
  7. Login

In this article, we will be using the SQL Server membership provider to authenticate users, but you can use any membership provider that you so choose. The steps involved will be about same, but the specifics of those steps may change depending on your provider. I'm also assuming that you've already installed SharePoint and created the SharePoint site on which you're trying to enable forms authentication.

Step 1: Setup the membership data store

Before you can use the SQL Server membership provider, you have to set up the database that the provider uses to store member and role information. Microsoft ships a handy tool named the ASP.NET SQL Server Setup Wizard along with the .NET Framework, which will guide you through the process of creating the table structure and stored procedures required for the provider. You can launch the wizard by running aspnet_regsql.exe from the .NET Framework folder, which is normally found in the following location:

<WindowsDirectory>\Microsoft.NET\Framework\<version>\aspnet_regsql.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

When you launch the wizard, the "Welcome" screen appears and tells you all sorts of useful things about what the wizard does and the command line parameters you can use to get more options. It makes for great reading. When you've satisfied your literary pallet, click the Next button to display the "Select a Setup Option" screen (Figure 1).

Figure 1 – ASP.NET SQL Server Setup Wizard – Select a Setup Option screen

From the "Select a Setup Option" screen, choose the "Configure SQL Server for application services" option button. This lets the wizard know you want to add new tables and stored procedures to a membership database. You can also use the wizard to remove the table structure and delete all data in the database, but we don't need to deal with that right now. If you accidentally add the structure to the wrong dataset, you may have to deal with it later. Click "Next" to move to the "Select the Server and Database" screen (Figure 2).

Figure 2 – ASP.NET SQL Server Setup Wizard – Select the Server and Database screen

Enter the name of your database server in the Server textbox to let the wizard know which SQL Server it needs to access. Then enter or select a database name in the Database combo box. The combo box displays a drop down containing a list of existing databases. If you want to add the tables and stored procedures for the provider to an existing database, select the database from the list. If you want to create a new database, then just type the name of the new database directly in the combo box and the wizard will create the database automatically. You may also need to enter SQL Server authentication credentials if you connect to the database using SQL Server authentication instead of Windows authentication. These credentials are not used outside of the wizard, so it won't affect your SharePoint configuration one way or the other. Click the Next button to continue to the "Confirm Your Settings" screen.

The "Confirm Your Settings" screen displays a summary of the epoch-defining choices you've made thus far in the wizard. In other words, the server and database name. If you're feeling hesitant about either, then this is your chance to back out. When you've got your courage built up, click the Next button.

In about a second, or about one and half seconds if you're using a Virtual PC image (like me), the wizard creates all of the tables and stored procedures required by the membership provider. If it takes longer than that, you've entered a setting incorrectly and the wizard is waiting to time out (or you have a really slow machine). The wizard then displays a final status screen indicating success or failure. If the wizard fails, it details the reasons why so you can fix the problem. There are only six settings in the entire wizard (if you count option buttons as "settings") so you should have a sporting chance at troubleshooting the problem. The success screen just tells you that everything worked and to click the Finish button.

At this point, the database you selected is populated with the proper table structure and stored procedures required by the provider, so now you can add a user to the membership database.

Step 2: Add a user to the membership data store

In IIS 7.0, there is a convenient "Add User" feature that uses the membership provider configured for the website to create a user. Unfortunately, IIS 7.0 isn't available for Windows Server 2003 so, in a production environment, you're probably stuck with IIS 6.0, which doesn't have a comparable add user feature. This makes adding users a bit tedious, but here's how you do it.

  1. Create a new ASP.NET web application
  2. Configure the new application for Forms authentication and point it at your newly-created membership database
  3. Copy the machine key element from your SharePoint site's Web.config into to your new web application
  4. Add users and roles using the ASP.NET Web Site Administration Tool (if you have Visual Studio 2005 handy) or create users via the CreateUserWizard ASP.NET control.

I'm assuming you know how to create a new web site, so I'm not delving into any of the specifics of step 1. Once you have the website created, add a new Web.config to the application root and add the following configuration setting to the file:

Listing 01 – Web.config for the User Creation Website

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
   <connectionStrings>
      <add name="MembershipDatabaseCNX" connectionString="SERVER=localhost;
DATABASE=MembershipDatabase; TRUSTED_CONNECTION=true;"/>

   </connectionStrings>
   <system.web>
      <machineKey
         validationKey="8E074B186056F889587355255B167DA297AD837E43FD9850"
         decryptionKey="991D4DEB57A2263855C31AA1D3FF4F1AD508A53D2A94658F"
validation="SHA1"
      />

      <authentication mode="Forms"/>
      <membership defaultProvider="DemoMembershipProvider">
         <providers>
            <add
               name="DemoMembershipProvider"
               type="System.Web.Security.SqlMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
               connectionStringName="MembershipDatabaseCNX"
               enablePasswordRetrieval="false"
               enablePasswordReset="true"
               requiresQuestionAndAnswer="true"
               applicationName="/"
               requiresUniqueEmail="false"
               passwordFormat="Hashed"
               maxInvalidPasswordAttempts="5"
               minRequiredPasswordLength="7"
               minRequiredNonalphanumericCharacters="1"
               passwordAttemptWindow="10"
               passwordStrengthRegularExpression=""
            />
         </providers>
      </membership>
      <roleManager enabled="true" defaultProvider="DemoRoleProvider">
         <providers>
            <add
               name="DemoRoleProvider"
               connectionStringName="MembershipDatabaseCNX"
               applicationName="/"
               type="System.Web.Security.SqlRoleProvider, System.Web,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
            />
         </providers>
      </roleManager>
   </system.web>
</configuration>

I've bolded a few areas of Listing 01 because you will need to modify them to work on your system:

  1. Replace the machineKey element from the listing with the machine key element in the Web.config from your SharePoint site. The machine key from the listing is the machineKey from my SharePoint site (on a VPC local to my box, so calm down you crazy Hax0rs) so it won't do you much good. The machineKey element changes from site to site, so make sure you get it from the site you want to configure for Forms authentication and not another site, or the SharePoint Central Administration site. You need matching machineKeys in the web application and the SharePoint site because user passwords are hashed (one way encrypted) and the hash routine uses the machine key value as part of the hashing algorithm.
  2. Make sure your connection string points at the appropriate server that houses the membership database you just created. Also make sure the appropriate credentials are supplied to the connection string.
  3. You can name your connection string anything you want, just make sure you use the same name later on in the connectionStrngName parameter for the membership and roleManager provider configurations.
  4. Make sure your applicationName parameters match in both the membership and roleManager provider configurations. The SqlMembershipProvider allows multiple applications to use the same membership database, so a mismatched name makes the provider think there are two applications instead of one and your members and roles won't associate correctly.
  5. Feel free to configure the password settings of the membership provider as you see fit.

Once you have the configuration settings in place for your web application, you need a way to add users. If you are using Visual Studio 2005, you can use the built-in Web Site Administration Tool:

  1. Click the Website menu and choose the ASP.NET Configuration menu item. This launches a new web browser window that displays the Web Site Administration Tool.
  2. Click on the Security tab or link.
  3. Click on the Create User link and create a new user. Remember the login information because you'll be needing it later.

If you do not have Visual Studio 2005, then you can use the CreateUserWizard control to add a new user to the membership database. It's not as nice as the Web Site Administration Tool interface, but it does get the job done. Create a new page named CreateUser.aspx and add the following markup to the file:

Listing 02 – CreateUser.aspx

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Create User Wizard</title>
</head>
<body>
    <form id="form1" runat="server">
        <asp:CreateUserWizard ID="CreateUserWizard1"
runat="server"></asp:CreateUserWizard>
    </form>
</body>
</html>

Once you save the file, navigate to the CreateUser.aspx page using your browser and create a new user. One way or another, you should have a user in the membership database at this point.

Step 3: Configure SharePoint Central Administration Web.config

Now that you have a user in the membership database, you've got to let SharePoint know that the user exists and grant the user access to your SharePoint site, which means configuring your site to use Forms authentication. You configure authentication through the SharePoint Central Administration web interface, but Central Administration needs to know about your membership and roleManager providers before that configuration can take place. That means you have to add the appropriate <connectionString>, <membership>, and <roleManager> configuration elements to the Central Administration Web.config. The configuration for Central Administration is almost identical to Listing 01, but this time around you do NOT set the defaultProvider attribute on the <membership> and <roleManager> elements, and do not set the enabled attribute on the <roleManager> element. Also, the Web.config for Central Administration already contains a great deal of configuration data, so make sure you do not accidentally remove or modify any existing settings.

Open the Central Administration's Web.config. If you do not know where this is located, use the IIS Manager to determine the home directory for Central Administration and open the Web.config from that directory.

Add the following configuration elements to the Central Administration's Web.config. Please note that some element, like <membership>, <connectionStrings>, and <roleManager>, may already exist in the Web.config. If they do, add the child elements to the existing item.

Listing 03 – Additions to the Central Administration Web.config

<?xml version="1.0"?>
<configuration xmlns=
"http://schemas.microsoft.com/.NetConfiguration/v2.0">
   ...
   <connectionStrings> <!-- element may already exist -->
      <add name="MembershipDatabaseCNX"
connectionString="SERVER=localhost;
DATABASE=MembershipDatabase;
TRUSTED_CONNECTION=true;"/>
   </connectionStrings>
   ...
   <system.web>
      ...
      <membership> <!-- element may already exist -->
         <providers> <!-- element may already exist -->
            <add
               name="DemoMembershipProvider"
               type="System.Web.Security.SqlMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
               connectionStringName="MembershipDatabaseCNX"
               enablePasswordRetrieval="false"
               enablePasswordReset="true"
               requiresQuestionAndAnswer="true"
               applicationName="/"
               requiresUniqueEmail="false"
               passwordFormat="Hashed"
               maxInvalidPasswordAttempts="5"
               minRequiredPasswordLength="7"
               minRequiredNonalphanumericCharacters="1"
               passwordAttemptWindow="10"
               passwordStrengthRegularExpression=""
            />
         </providers>
      </membership>
      <roleManager> <!-- element may already exist -->
         <providers> <!-- element may already exist -->
            <add
               name="DemoRoleProvider"
               connectionStringName="MembershipDatabaseCNX"
               applicationName="/"
               type="System.Web.Security.SqlRoleProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
            />
         </providers>
      </roleManager>
      ...
   </system.web>
   ...
</configuration>

Now the Central Administration knows about your provider configurations. You would think that having the information in the "SharePoint Central Administration" would be enough, but no. You've got to add it to the Web.config in your SharePoint site as well.

NOTE: Notice that Listing 03 never refers to the machineKey. Not even once. This is because you should not mess with the machineKey in SharePoint Central Administration. Leave it alone. Do not change it. Do not delete it. Your provider does not do any encrypting or hashing from the Central Administration, so you don't have to synchronize the machineKey between the two sites. If you change the machineKey in Central Administration, bad things could happen.

Step 4: Configure SharePoint Site Web.config

At this point, you should be tired of messing with configuration settings, but the end is near. Go ahead and open the Web.config in the root directory of your SharePoint site, and make the same changes that you made to the SharePoint Central Administration's Web.config. Use Listing 03 as your guide. When you are finished, you need to set the defaultProvider attributes in the <membership> and <roleManager> elements, and the enabled attribute in the <roleManager> element, as shown in Listing 04.

Listing 04 – Attributes that appear in the SharePoint site Web.config (but not in the Central Administration Web.config)

<?xml version="1.0"?>
<configuration xmlns=
"http://schemas.microsoft.com/.NetConfiguration/v2.0">
   ...
   <system.web>
      ...
      <membership defaultProvider="DemoMembershipProvider">
         ...

      </membership>
      <roleManager enabled="true" defaultProvider="DemoRoleProvider">

         ...
      </roleManager>
      ...
   </system.web>
   ...
</configuration>

Once you've entered the configuration settings, SharePoint Central Administration and your SharePoint site have the settings required to enable Forms authentication. Time to jump back to the SharePoint Central Administration site.

Step 5: Enable Forms Authentication on the SharePoint site

You enable Forms Authentication for SharePoint sites using SharePoint Central Administration. Navigate to the Central Admin site using your browser. You can normally find a shortcut to the site in the Start menu:

Programs > Office Server 2007 > SharePoint 3.0 Central Administration 

Once the Central Administration Home page is loaded, click on the Application Management link on the left hand navigation bar. You are taken to the Application Management page, which displays a variety of administration links. Click on the Authentication Providers link under the Application Security section on the right hand column of the page. The Authentication Providers page loads, as shown in Figure 3.

Figure 3 – Authentication Providers screen

When working in SharePoint Central Administration website, make sure the correct Web Application is selected when you are about to change configuration settings; otherwise you'll be applying changes to the wrong site. There's a small light-blue bar in the content pane of the page that displays the current Web Application URL. Make sure it's the web application on which you want to enable Forms authentication. If it's not, click the little down-arrow next to the URL and choose "Change Web Application" from the drop down list. SharePoint then displays a popup window with a list of web application from which you may choose.

Once you have the right web application selected, the Authentication Providers page displays a list of the zones in that application. Click on the name of the zone in which you want to enable Forms authentication. The Edit Authentication page displays (Figure 4).

Figure 4 – Edit Authentication Page

In the Edit Authentication page, choose the "Forms" option for Authentication Type. The page refreshes and displays the Membership provider and Role manager sections. Enter DemoMembershipProvider in the Membership provider name textbox, and DemoRoleProvider in the Role manager name textbox, then click the Save button. You are taken back to the Authentication Providers screen, but your zone should now say DemoMembershipProvider under the Membership Provider Name column. Forms authentication is now enabled on the site.

Step 6: Authorize the Forms-based user to access the site

Now that Forms authentication is enabled on the site, you can hit the site and see the login form (Figure 6). Microsoft spared no expense making this the blandest form you'll ever see. You will probably want to customize it so it looks a lot nicer. Maybe include some text about how the user should enter their username and password. Nobody will read it, but it definitely makes a login form look like a login form. Anyway, if you enter your username and password, you will be successfully authenticated and then promptly denied access because you have no authorization to be in the site. So, how do you get authorization? You have to use the Site Collection Administrator account.

You may remember setting up a Site Collection Administrator when you first created the site a while back, and it was almost certainly a Windows user account. If you extended the site and have both a Windows zone and a Forms authentication zone, then you can login to the Windows zone and setup the Forms user in Site Settings as you would any other user.

If you have not extended the site, then you've only got one zone and its using Forms authentication. As such, the Windows account associated with the site collection administrator is effectively useless and you need to change the site collection administrator over to a Forms based account. To do this, open SharePoint Central Administration and click on the Application Management link in the left navigation menu. When the Application Management page displays, click the Site Collection Administrators link under the SharePoint Site Management section in the left-hand column of the page. The Site Collection Administrators page displays (Figure 5).

Figure 5 – Site Collection Administrators Page

On the Site Collection Administrators page, make sure that correct site collection is selected. Then, enter the username of the user you created back in Step 2 in the Primary Site Collection Administrator textbox. Click on the Check Names icon (the little red guy with a check mark) next to the textbox. It may take a few seconds, but the page should underline the text in the textbox indicating that the username is valid. If the username is not valid, the page puts a red squiggly line under the username and informs you that the user was not found. If the user is not found, make sure you typed the name correctly. If the issue persists, go back and check your configuration settings to ensure the connection string is valid and there are no typos.

Click on the OK button to save the changes. Your Forms authentication account is now a Site Collection Administrator who has authorization to visit the site. You can use that account to get into the site and setup additional Forms authentication users in Site Settings.

Step 7: Login

When you access the site, you are presented with the previously-mentioned default SharePoint login page (Figure 6). Enter your username and password, and then click the Sign In button. You should be authenticated and authorized, and the site should display as you would expect.

Figure 6 – SharePoint Forms Authentication Login Page

Forms Authentication and the search crawler

If you are planning on using the searching capabilities of SharePoint, then you need to know one major obstacle with Forms authentication. The search crawler can only access zones configured for Windows authentication. If your crawler is pointed at the default zone, and then you change the default zone to use Forms authentication, then your search is going to break. To get around this issue, extend your web application and create a zone that uses Windows authentication, then point the crawler at the new zone. Even though the search is hitting a different zone, the search findings will be available in your Forms authentication zone.

Conclusion

Once you know how to do it, getting Forms authentication up and running on a SharePoint site is fairly easy. You still have a bit of work to do getting your security planned out and adding users and roles to the site, but that's the case with almost any SharePoint project. I would also highly recommend customizing the Forms login page since it's not much better looking out of the box than the browser based password dialog you're trying to avoid in the first place.

Damon Armstrong

Author profile:

Damon Armstrong is a Senior Engineering Team Lead with GimmalSoft in Dallas, Texas, and author of Pro ASP.NET 2.0 Website Programming. He specializes in Microsoft technologies with a focus on SharePoint and ASP.NET. When not staying up all night coding, he can be found playing disc golf, softball, working on something for Carrollton Young Life, or recovering from staying up all night coding.

Search for other articles by Damon Armstrong

Rate this article:   Avg rating: from a total of 192 votes.


Poor

OK

Good

Great

Must read
Have Your Say
Do you have an opinion on this article? Then add your comment below:
You must be logged in to post to this forum

Click here to log in.


Subject: Permissions on Membership database and other issues
Posted by: Anonymous (not signed in)
Posted on: Wednesday, May 16, 2007 at 5:25 AM
Message: Hi Damon,
compliment for the article and thank you for sharing your knowledge with others!
According to my recent experience with configuring SQLProviderMembership on MOSS 2007, I send a few note:
in web.config of Central Administration web application the default RoleProvider should be AspNetWindowsTokenRoleProvider, as Steve Peschka suggests in his blog (http://blogs.msdn.com/sharepoint/archive/2006/08/16/configuring-multiple-authentication-providers-for-sharepoint-2007.aspx).
Either the membership database is hosted on a local or on a remote SQL instance, the permission (logins and users) must be configured properly on SQL, to let the web application access the db. The users account used by the application pools for the web applications (Central Admin and custom ones) must have access to the db. It's no so obvious that a custom application pool has automatically access on a db, especially if it resides on a separate server.
Great job Damon and happy Sharepoint 2007!


Subject: Using Sharepoint 2007 Document Libary with existing ASP.NET 2.0 Site
Posted by: Anonymous (not signed in)
Posted on: Wednesday, May 16, 2007 at 11:29 AM
Message: I have a large ASP.NET 2.0 site that uses SQLMembership provider, etc. It's sitting on a dedicated server. I would love to use a Sharepoint 2007 document library inside that application and use the same users/roles, etc. Is there a way to integrate the two?

Subject: SharePoint List Based Custom Authentication Provider
Posted by: tyrant (view profile)
Posted on: Wednesday, May 16, 2007 at 11:05 PM
Message: This can be done. For the details, check out:
http://sharepointsearch.blogspot.com/


Subject: RE: Permissions on Membership database and other issues
Posted by: Damon (view profile)
Posted on: Thursday, May 17, 2007 at 12:36 PM
Message: Definately. Thanks for pointing that out!

Subject: Testing
Posted by: Anonymous (not signed in)
Posted on: Sunday, May 20, 2007 at 5:32 AM
Message: Hellorbn - this is just a testing, don't worry about it

Subject: Custom Login Page
Posted by: Anonymous (not signed in)
Posted on: Monday, May 21, 2007 at 3:55 PM
Message: This is a great article. It's well-organized. I found several sites that talk about the forms authentication but I think your article is most well summarized. Thanks for sharing the information.

I'm also trying to customize Sharepoint default login page but couldn't find any information even after hours of googling it. Anyone has some step-by-step instruction as to how to replace a login page with a customized one?

Thanks.

Subject: RE: Custom Login Page
Posted by: Damon (view profile)
Posted on: Friday, May 25, 2007 at 6:18 PM
Message: I'm writing about customizing the login page right now. Should be published here shortly.

Subject: Excelent article
Posted by: Richard (view profile)
Posted on: Friday, June 01, 2007 at 6:30 PM
Message: Please, excuse my bad english.
I see in the manager of IIS, two sites for Sharepoint Central Administration and both have web.config files. I dont know which of them I should modify. When modified one of them (only insert three blanks lines) Central Administration didnt work more. I think that i should modify the other, it is correct?
Thank you for your article.

Subject: Extremely good article
Posted by: Stephen (view profile)
Posted on: Wednesday, June 06, 2007 at 11:35 AM
Message: Very good level of detail and screenshots definitely help. Thanks.

I did have two questions:
1) How about changing user passwords for the inevitable time when users will forget their passwords? Do you have a change password ASP.NET page you can post the code to?
2) When using Forms Authentication, are there any security parameters (i.e. password length, complexity) for the password? I'm guessing the answer is no since it is being stored in a SQL database compared to Windows authentication. Is there a way to enforce any of these security parameters on the password?


Subject: Intergrated with form authorization
Posted by: Anonymous (not signed in)
Posted on: Thursday, June 07, 2007 at 1:26 PM
Message: Hi guys,

First of all, thanks so much for very useful article.
Right now, i could configuration form authentication in my MOSS, but how can we integrated with office 2003/2007?
I use users in MS SQL Database, but i wonder if we have some way to mapping between Database' user with Windows's users?

please help me
thanks so much

Subject: 403 Error
Posted by: ben_harwood (view profile)
Posted on: Wednesday, June 20, 2007 at 5:14 PM
Message: I followed your instructions and was able to get all the way to the end and change the site collection administrator to the username that i created in the sql database. however when i login with the site collection admin acct i get a 403 error. what did i do wrong??

Ben

Subject: Access Denied
Posted by: Marcus (view profile)
Posted on: Monday, June 25, 2007 at 11:14 AM
Message: This is a great article...very easy to follow!

I was able to get all the way through the steps to where I added the site collection administrator logins and I was able to add the two users from the SQL database, but when I try to access the site (http://servername:80/), I get an "Access Denied. You do not have permission to perform this action or access this resource."

I do not get the sharepoint login screen at all.

It seems like Sharepoint or IIS is not allowing me to even access the site collection at all?

Any further help would be greatly appreciated...

-Marcus (marcus.greenwood@kineticsware.com)

Subject: thanx man it help me so much
Posted by: lior kock (not signed in)
Posted on: Thursday, June 28, 2007 at 6:50 AM
Message: that is the best artical on the subject
only thing is that you dont have to change
so much in the site's web.config and in the
sca's web.config
adding the connection string is enough you can
modify the rest using the share point central administration tools..

Subject: FBA & AD
Posted by: Anonymous (not signed in)
Posted on: Thursday, July 05, 2007 at 1:28 PM
Message: How do we tie fba to using ad if i don't want any anonymous access to the site?

Subject: Moss NOT Logging Me In
Posted by: Anonymous (not signed in)
Posted on: Monday, July 16, 2007 at 6:10 AM
Message: Hey i configured all steps..i used LDAP Membership provider for forms authentication and put required configural changes in web.config files on both application as well as central administration.

Enable forms authentication via Authentication Provider.

Add User in Policy For Web Application as well as changed User in "Site Collection Administrator".

Now Opened Web Application It Redirected to Login Page. I put my user Name whatever there on "site Collection administrator" user and password.

But it not logging me in .. shows user name or password incorrect.

Same user is site collection administrator.

I am wondering why it not logging me in.

Please Help....

Subject: Works
Posted by: md3 (not signed in)
Posted on: Thursday, August 09, 2007 at 2:57 PM
Message: This works out great! The image examples could be a little clearer. Like indicate in the image in bold that we disable Roles etc...

Anyway, What do you mean by asking if a site is extended? What does this mean? Can a provider support both Windows and Forms authentication?

Can a single site under the root sharepoint site be configured to have forms authentication alone?

Subject: Permissions on Membership database and other issues
Posted by: Anonymous (not signed in)
Posted on: Sunday, August 12, 2007 at 9:48 AM
Message: thank u very much for the wonderful article...

Subject: Central Administration Site
Posted by: Ryan (view profile)
Posted on: Friday, September 14, 2007 at 2:01 PM
Message: I everything goes fine for me until I go to the central administration site and try and get into the application management.

It is asking me again to log in, but its not accepting any of my users, nor is it accepting my domain users.

Any idea on what can be causing this?

Subject: Sorry
Posted by: Ryan (view profile)
Posted on: Friday, September 14, 2007 at 2:07 PM
Message: Sorry for the triple post also :(

Not having a good week

Subject: Forms Authentication
Posted by: Neel (not signed in)
Posted on: Thursday, October 04, 2007 at 3:26 PM
Message: Damon,

It is very good article, I am trying to do Forms Based Authentication where the login details of a user are stored in the backend SQL Server

I do not want add my 12000 users again in ASPNET SQL membership.

Please help me out asap

Neel

Subject: Continous Pop for login
Posted by: vicky (not signed in)
Posted on: Friday, October 05, 2007 at 6:21 AM
Message: Each time i navigate to other site in a Site collection(MOSS 2007).It is asking for username and password .I am using windows authentication in MOSS Site.

Could any suggest me possible solution to avoid this.

Thanks

Subject: custom authentication using Iprincipal
Posted by: Anonymous (not signed in)
Posted on: Monday, October 15, 2007 at 2:04 AM
Message: i am unable to authenticate a user using custom principal. in sharepoint.2007

plz help me

Subject: Sharepoint Server can not see FBA Users
Posted by: Nagesh (not signed in)
Posted on: Tuesday, December 11, 2007 at 9:46 AM
Message: Need your help!

We're trying to extend an existing web application in MOSS 07 so we can have both AD and forms authentication in the same content.

We then extended the "Portal" application to port 8888 for forms authentication. We created users and roles via the ASP.net security settings and confirmed that these users are in the database via Enterprise Manager. The SQL 2000 database sits in a separate box running Windows 2000 srvr. Sharepoint does not see all the users in the SQL database. Seems that Sharepoint only sees 3 users which were created at the very beginning of the installation. We have created and deleted users in the DB but they do not show up in Sharepoint's list of FBA users.
The forms authentication is working though, for one of the first users created that Sharepoint can see.

Running MOSS 07 on 2003 server sp2.

Any help is appreciated.

Subject: Getting error after follow the above
Posted by: Anonymous (not signed in)
Posted on: Tuesday, December 18, 2007 at 3:55 AM
Message: I have done exactly what was written above. But inspite of that i am getting the following error
<You are not authorized to view this page>
when i am trying to acces the sharepoint site.
Plz help

Subject: continous pop for login plz help me
Posted by: Anonymous (not signed in)
Posted on: Friday, December 28, 2007 at 5:48 AM
Message: im not able to proceed further steps.
plz help me.

my mail id is arunthath@gmail.com

Subject: how to create new user
Posted by: santhosh (view profile)
Posted on: Wednesday, January 09, 2008 at 12:29 AM
Message: It is very good article, I am trying to do Forms Based Authentication.

How to add new user...

Subject: LDAP groups authentication
Posted by: SharepointMad (not signed in)
Posted on: Wednesday, January 09, 2008 at 3:04 AM
Message: Hi all;

I have a web application with forms authentication against LDAP. I
configured the web config files (Admin site and my site). I go to the
Sharepoint permissions page, and I can add users and groups from the LDAP.
When I try to access the site, I can login using users from the LDAP that I
added directly to the permissions pages, but I can't login if I added groups
from the LDAP.

Example: I go to the permissions page and add the LDAP user LDAP:admin that
belongs to the LDAP group LDAP:Administrators. Then I can go to the site and
login in with the LDAP:admin account. I have no problems with this process.
The problem comes when I remove the LDAP:admin user from the permissions
page and add the LDAP group LDAP:Administrators (LDAP:admin belongs to this
group). Then I go to the site but I can't login in using LDAP:admin account
("Access Denied"). It seems that Sharepoint doesn't know that LDAP:admin
belongs to LDAP:Administrator (the group has permissions to access the site)

Do you know how to sort the problem?
It's a big problem, because it's forcing me to add each LDAP user to the
permissions page. I think should be possible to add only LDAP groups to the
permissions page, because if I have 20,000 users I can't add them manually to
the permissions page (It will be madness)

Thanks a lot

Subject: Good One
Posted by: Anonymous (not signed in)
Posted on: Monday, January 14, 2008 at 12:34 AM
Message: Really good one but have a doubt like how can we add user using the CreateUserWizard ASP.NET control
What will be the connection string that we need to use here. How many tables we need to update to add user in sql server for this FBA using CREATEUSERWIZARD asp.net control

Subject: Form Authentication Using Oracle Data Store
Posted by: Binu Raj Vengattu (not signed in)
Posted on: Wednesday, January 16, 2008 at 3:03 AM
Message: How can I do Form authentication in MOSS 2007 using Oracle as data store instead of SQL Server.

Subject: Fantastic!
Posted by: Ben Joyce (not signed in)
Posted on: Wednesday, January 16, 2008 at 10:12 AM
Message: Damon, thanks a lot for this article. I have realyl struggled with getting this to work... I'd never Sharepoint OR Forms Auth in ASP.NET before... this was a BIG help and the only article I had seen that full explains the process.

Previously I was setting the defaultProvider in the Central Admin site - ooops!

In response to the post above from Binu Raj Vengattu, I guess this could be easily achieved by using a different connection string providing the database was setup correctly.

Ben

Subject: Big help
Posted by: Walter Castillo (not signed in)
Posted on: Tuesday, January 22, 2008 at 2:26 PM
Message: thanks a lot, really is a good work for our help and the use of this tool.
It works, easy and fast.

Thanks

Subject: SQLExpress
Posted by: Mark Stokes (not signed in)
Posted on: Thursday, January 24, 2008 at 6:50 PM
Message: I am a little stuck on creating the Membership database. I am using SQLExpress and the SharePoint Internal Database.

I found a way of connecting to the database with Management Studio Express here:
http://www.mcpblog.net/Lists/Posts/Post.aspx?List=6f9cf91d%2D59f3%2D429b%2Dae48%2D75aa4c4d13c4&ID=10

Which basically says to use:
\\.\pipe\mssql$microsoft##ssee\sql\query
as the connection string. I can now connect, but still get errors when the SQL scripts try to configure the database. It gets created, but not configured...

Mark

Subject: SQL Express
Posted by: Mark Stokes (not signed in)
Posted on: Thursday, January 24, 2008 at 7:02 PM
Message: Ok, It appears that the internal database shipped with WSS3 is a more limited version than SQLExpress 2005.

I am just uninstalling WSS3, will install SQLExpress, then perform a front end install of WSS pointing it at that Database.

I will let you know how I get on.

Subject: Almost working
Posted by: Mark Stokes (not signed in)
Posted on: Saturday, January 26, 2008 at 12:15 PM
Message: Ok, it is almost working.

Forms Auth is all set up and I get redirected to the /_layouts/login.aspx page.

The trouble is that when I click the Log In button it just postsback the page and doesn't log me in. It also doesn't report when a username / password is incorrect, so I assume it isn't running the login code.

I tried it in a normal .net web app and it logs me in fine.. I even created a complete new login page, the same as in my web app and that doesn't work. Also the configuration files are exactly the same, so that isn't the problem.

Does anyone have any ideas of what might be causing this?

Thanks

Subject: Mixed access from the same page
Posted by: Anonymous (not signed in)
Posted on: Monday, January 28, 2008 at 10:54 AM
Message: Hi Damon,
thanks for the grate article, i've configure my authentication form only with this, so thanks a lot.
I've another problem and maybe you can help me, i wont to grant access to sharepoint site using both authentication method, form and wondows, i've done that extending the application but now i've two site, i't possible to use both authentication on a single site/page

Subject: Login Problem
Posted by: Pankaj J (not signed in)
Posted on: Friday, February 01, 2008 at 3:22 AM
Message: Hi Damon,
I am also facing the same problem as Mark Stokes facing. Inspite of providing correct login credentials the login page does not log me in. But I also want to include that when I am accessing the same form authentication based site on my development server it is working fine. Overall, I am unable to logged in from any other machine except that of my server.

Subject: 2 Updates - db access and web.config settings
Posted by: Suresh (view profile)
Posted on: Saturday, February 09, 2008 at 8:44 PM
Message: Nice walkthrough..
#1
I was getting web.config Section error as per the config settings given here..
I'd to move the <connectionStrings> element after <configSections> to resolve this

#2 As somebody has pointed earlier, the SharePoint Central Admin (Farm Account) must be given db access ( I gave dbadmin and securityadmin) access and it worked.. if the account does not have proper access, Central Admin Site Collection Admin page doesnt allow you to add the Forms User as Site Collection Administrator

Thanks,
Suresh V

Subject: LDAP groups authentication
Posted by: Raphael Davis (not signed in)
Posted on: Tuesday, February 12, 2008 at 4:38 PM
Message: This is in response to the post on 1/18. I have experienced the same issue you have. I would attribute your problems to the fickle nature of the LDAP documentation. In the role provider section I had to add the userContainer section as I had in the membership provider. This may still not solve your problem because SharePoint does not support LDAP daynamic groups.

Just my .02.

Subject: Can't create new document when login through FBA
Posted by: Vuthy (not signed in)
Posted on: Thursday, February 14, 2008 at 3:18 AM
Message: Thanks a lot Damon for your great article!

I can log into my SharePoint site using both Form and Windows based authentication. But through FBA, I don't see "Create New Document" from all document libraries I have. I only see "Create New Folder". So I can't create documents at all. With Windows based authentication, it works fine.

Could anyone help?

Subject: Re:Can't create new document when login through FBA
Posted by: Vuthy (not signed in)
Posted on: Sunday, February 17, 2008 at 4:38 AM
Message: I've just found out the solution. I need to enble "Client Integration" feature in "Authentication Provider" section. So now I could create "New Document/Form" from all of my libraries and lists while using FBA.

Just curious: in "Authentication Provider" configuration section, it's said that:

"Some authentication mechanisms (such as Forms) don't work well with client applications. In this configuration, users will have to work on documents locally and upload their changes."

This sounds like, the feature will not function well if I enable it. So what sould be the solution since I need to use FBA and let users create new form/documents at their local machines?


Subject: Add new Fields to database ?
Posted by: Thomas Walz (not signed in)
Posted on: Wednesday, March 05, 2008 at 9:33 AM
Message: Hi, we get forms authentication to work (yeah :) but we need to display in WSS for example name and surname. we added this fields in the aspnet database, but i dont know how to "map" these to sharepoint. any suggestions ?

Thanx

Subject: Continuous Pop up for login page
Posted by: pbj_pbj (view profile)
Posted on: Wednesday, March 05, 2008 at 3:38 PM
Message: I am getting continous pop for the login page even though i typed correct username and password.
parveen_bj@yahoo.com

Subject: Central Administration Site
Posted by: Jack (view profile)
Posted on: Friday, April 04, 2008 at 2:07 AM
Message: Hey Damon, really good article :),but i have a little problem with it.

I had the same issue like Ryan
I changed the central administration web.config,
but when i'm trying to get into the application management its asking me again to log in, but its not accepting any of the AD users nor the DB users.

Any idea why this is happening and it can be solved?
Thanks

Subject: The machine key problem
Posted by: jecoso (view profile)
Posted on: Sunday, May 04, 2008 at 1:49 AM
Message: As you saying ,"You need matching machineKeys in the web application and the SharePoint site because user passwords are hashed (one way encrypted) and the hash routine uses the machine key value as part of the hashing algorithm.
".

However,the problem is , while I want to move my web site to another web site after I have added all users,how to modify the target web site's machine key.

Any hints?

Thank you very much.

Subject: Login page is not redirecting except Mozilla
Posted by: Saurabh (not signed in)
Posted on: Wednesday, May 28, 2008 at 6:25 AM
Message: Hi to all,

I have configured form authentication in WSS 3.0, it's working fine in Mozilla. But when i open and login website with Internet explorer, netscape, safari browsers, it postbacks but shows same login page and doesn't redirected to Home Page of Website like it does in Mozilla. If i am trying with wrong username and password all browsers shows that username or password is wrong.

I have configured all steps for form authentication in My Sharepoint site.
I could not understand, why My Site is not redirected from login page to Home Page(default.aspx) in all browsers except Mozilla .


Please Help me in this context if you can,

Thank you so much,
Saurabh

Subject: Hi
Posted by: Srujana Paladugu (not signed in)
Posted on: Thursday, June 19, 2008 at 5:50 AM
Message: I have implemented your article exactly as described in the steps.When I try to open the extended web application (Configured for FBA) i get "You are not authorized to view this page".
Can you please help?

Subject: thank tou
Posted by: Anonymous (not signed in)
Posted on: Monday, June 30, 2008 at 4:06 PM
Message: great help,thank you!!!

Subject: Superb
Posted by: Nilesh (view profile)
Posted on: Friday, July 11, 2008 at 5:23 AM
Message: Hi Damon,
Very good article.
Hoping for your help for customized form authentication for sharepoint

Thank You

Subject: Shortcut give me wrong URL's
Posted by: Ricardo (not signed in)
Posted on: Wednesday, July 23, 2008 at 10:36 AM
Message: Hi Damon,


Nice work with the article.
Hi have a problem with my FBA access.
My PWA working with FBA (SQL server DB) is not working properly. The user can access to the page of PWA normally, but when they try to use the shortcuts for folder or workspaces it redirect the user for an internal page, using the AD and logically they don't have access and gives them a blank page.

Do you have any idea of what could be the problem?

Thank you very much.

Subject: FBA Login Issue
Posted by: Anonymous (not signed in)
Posted on: Saturday, July 26, 2008 at 9:17 AM
Message: I followed the instructions and seem to almost have things working. My problem is I cannot login to the FBA site. I can use the people picker in the default and central admin sites to find users in my FBA provider, but cannot login with any of those users. Also, if I run a trace on the SQL server, I do not see any activity when trying to login to the FBA site, but do when using the people picker on the other two sites. Do you have any ideas as to what might be the problem? It seems strange to me -- I keep checking the obvious connection strings etc but find no difference.

Subject: people picker not resolving the aspnetdb user
Posted by: Anonymous (not signed in)
Posted on: Monday, August 04, 2008 at 7:49 AM
Message: HI,
I followed all the above mentioned steps. When I am trying to add the site collection administrator the user i added in the aspnetdb is not resolving the people picker. i get no exact match found error. Please help. also once i enable the annonymous access to the site by selecting forms authentication i am getting "you are not authorised error".

Thanks in advance

Subject: people picker not resolving the aspnetdb user
Posted by: Anonymous (not signed in)
Posted on: Monday, August 04, 2008 at 8:00 AM
Message: HI,
I followed all the above mentioned steps. When I am trying to add the site collection administrator the user i added in the aspnetdb is not resolving the people picker. i get no exact match found error. Please help. also once i enable the annonymous access to the site by selecting forms authentication i am getting "you are not authorised error".

Thanks in advance

Subject: SharePoint test
Posted by: WFB (view profile)
Posted on: Wednesday, September 10, 2008 at 3:56 PM
Message: Basic test on procedure I am doing with SharePoint ( involving a subset of simple steps ):
a-Using Central Administration, define an extranet extension of default site at port 80.
Extension is an extranet with host header of, say, “Extranet”, or www.testextension.com, also on port 80.
b-After creating this extension, I should be able to enter http://Extranet” or www.testextension.com.com and
get the default SharePoint startup site, yes?

Subject: AD Groups and LDAP membership provider
Posted by: DanA (view profile)
Posted on: Thursday, September 18, 2008 at 5:53 PM
Message: Hello all
I have recently extended an internal site so that we have an internet
zone for external users.
Initially I configured it to use FBA via the ADMembershipProvider and this all worked well until I discovered that you apparently cannot use AD groups to grant access to the site via the web application policy because there is no associated role provider.
So I'm now trying to use the LDAPMembershipProvider. If I add myself
to the web application policy my username is listed appended to the name of the ldap provider and I can subsequently access the site via the login form.

If I remove myself and add an AD group of which I am a member the group is now resolved which is good, but having entered my credentials I then get the Sharepoint 'access denied' page which is not good.

Does anyone have any ideas why this is? The only fix I have come across - to add the <userContainer> tag from the membership provider
to the role provider hasn't made any difference.

Any pointers would be much appreciated - thanks in advance

Dan


Subject: Could not share authentication ticket why?
Posted by: lax4u (view profile)
Posted on: Friday, October 17, 2008 at 9:56 AM
Message: I have sharepoint site and one asp.net web application. Both have forms authentication and SAME MACHINE key. Both applications are running on same server but different web site and application pool. I can log in to sharepoint and asp.net application individually. So that prooves my form authentication is working. But when i redirect from one application to other application it ask me to login again. It doesn't retian FormAuthentication ticket.

Subject: Could not share authentication ticket why?
Posted by: lax4u (view profile)
Posted on: Friday, October 17, 2008 at 11:23 AM
Message: anyway i got it fixed. It was HostHeader causing problem. When i created sharepoint site i set host header. But my asp.net site was still running under localhost. so i just the host header for asp.net and now it works

Subject: life saver!
Posted by: feelbot (view profile)
Posted on: Thursday, January 15, 2009 at 3:08 PM
Message: Thank you so much, Now I will go home happily. It's 19.7pm.

Subject: Custom Authentication Database
Posted by: Gaurav (view profile)
Posted on: Wednesday, February 11, 2009 at 7:24 AM
Message:

Hi All,

I want to use FBA for MOSS 2007 using a custom credential database (with simple username /password).I don't want to use ASPNET db as i already have user database in SQL Server.

As I set Authentication as Form in Central Admin,it asks for Authentication provider.

Do I need to create Custom Membership provider ?  or we can do without it? Is there any other way?

Thanks and regards,


Subject: Excellent Article....
Posted by: srmellac (view profile)
Posted on: Wednesday, March 18, 2009 at 7:10 AM
Message: HI Damon,

That was excellent... It saved my whole lot of time....

I would like to share the same to all of my colleagues here in my company as a document.
For that I need permission from you, as we dont want to get into any IP issues..

Can I do so..
TO which mail id should i send seeking for permission.

Please provide me that..

Thanks,
M.Srikanth

Subject: Excellent Article....
Posted by: srmellac (view profile)
Posted on: Thursday, March 19, 2009 at 12:16 AM
Message: HI Damon,

That was excellent... It saved my whole lot of time....

I would like to share the same to all of my colleagues here in my company as a document.
For that I need permission from you, as we dont want to get into any IP issues..

Can I do so..
TO which mail id should i send seeking for permission.

Please provide me that..

Thanks,
M.Srikanth

Subject: Dont underestimate the persmissions!
Posted by: kayCool (view profile)
Posted on: Saturday, July 11, 2009 at 4:04 AM
Message: Well said Mr Anonymous when you wrote this comment - "Permissions on Membership database and other issues"
Excellent article and I must thank the personm who pointed out the permissions thing
I tried very hard but this did not work for me, then I examined the eventvwr where it promptly showed my a sqlserver login event!
So I enabled permissions in my Sql 2008 database and it worked like a dream.

Thank you

Subject: More detail on CA Role Provider
Posted by: rholloway (view profile)
Posted on: Friday, August 28, 2009 at 2:07 PM
Message: In step 3 you mention:

this time around you do NOT set the defaultProvider attribute on the <membership> and <roleManager> elements, and do not set the enabled attribute on the <roleManager> element.

We have the defaultProvider included and do not see any issues. Does anyone know what problems adding the defaultprovider causes?

Subject: More detail on CA Role Provider
Posted by: rholloway (view profile)
Posted on: Friday, August 28, 2009 at 3:27 PM
Message: In step 3 you mention:

this time around you do NOT set the defaultProvider attribute on the <membership> and <roleManager> elements, and do not set the enabled attribute on the <roleManager> element.

We have the defaultProvider included and do not see any issues. Does anyone know what problems adding the defaultprovider causes?

Subject: HTTP 403 Error for extranet site sharepoint
Posted by: vivek (view profile)
Posted on: Friday, September 04, 2009 at 12:53 AM
Message: I followed the article.. but when i completed i get the HTTP 403 Error for my extranet site.

The method above works for IIS 6.0 i have tried that.

But in IIS 7.0 + Vista
I get the HTTP 403 error for extranet site - Forms authentication.

Subject: Need solution for my problem
Posted by: vivek (view profile)
Posted on: Friday, September 04, 2009 at 12:54 AM
Message: Thanks in advance.

Subject: Only working fine with Fixefox
Posted by: datsoft (view profile)
Posted on: Friday, November 27, 2009 at 3:21 AM
Message: I have a problem with Form Authentication when using
IE 7.0.
After configuring, It only login successfully with Firefox, when using IE, it can't login and no message displayed
Is there anyone facing with this problem, pls. help

Subject: in IE its cant work
Posted by: vijay_w (view profile)
Posted on: Saturday, January 23, 2010 at 11:36 AM
Message: Forms Auth is all set up and I get redirected to the /_layouts/login.aspx page.

The trouble is that when I click the Log In button it just postsback the page and doesn't log me in. It also doesn't report when a username / password is incorrect,and when i type wrong password its shows password is incorrect

but in fire fox it working fine

Does anyone have any ideas of what might be causing this?

Subject: Active Directory Membership Provider - Acces Denied
Posted by: j03n (view profile)
Posted on: Monday, March 29, 2010 at 5:23 AM
Message: I tried to configure WSS3.0 with forms authentication and Active Directory. When a user tries to login under Windows-authentication, there is no problem. When the same user tries to login with Forms-authentication, he gets the message 'Access denied'.

What have I already done:
Adjusted the web.config
<connectionStrings>
<add name="ADService" connectionString="LDAP://dev-esalsa.int/DC=dev-esalsa,DC=int" />
</connectionStrings>
<system.web>
<membership defaultProvider="ADProvider">
<providers>
<add name="ADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName" connectionProtection="Secure" enableSearchMethods="true" connectionUsername="dev-esalsa\someUser" connectionPassword="******" />
</providers>
</membership>


The in the Central Administration, I enabled 'Forms Authentication', turned off 'anonymous access' and entered under 'Membership Provider Name' : 'ADService' (from my web.config)


Does anyone have any idea how to solve this??

Subject: Active Directory Membership Provider - Acces Denied
Posted by: j03n (view profile)
Posted on: Monday, March 29, 2010 at 5:50 AM
Message: I tried to configure WSS3.0 with forms authentication and Active Directory. When a user tries to login under Windows-authentication, there is no problem. When the same user tries to login with Forms-authentication, he gets the message 'Access denied'.

What have I already done:
Adjusted the web.config
<connectionStrings>
<add name="ADService" connectionString="LDAP://dev-esalsa.int/DC=dev-esalsa,DC=int" />
</connectionStrings>
<system.web>
<membership defaultProvider="ADProvider">
<providers>
<add name="ADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName" connectionProtection="Secure" enableSearchMethods="true" connectionUsername="dev-esalsa\someUser" connectionPassword="******" />
</providers>
</membership>


The in the Central Administration, I enabled 'Forms Authentication', turned off 'anonymous access' and entered under 'Membership Provider Name' : 'ADService' (from my web.config)


Does anyone have any idea how to solve this??

Subject: Logging
Posted by: awalker (view profile)
Posted on: Tuesday, January 18, 2011 at 10:25 AM
Message: I have setup FA and everything seems to be working fine on my end but ... here it comes... my users I create can not log in from outside of our domain.
They keep getting prompted for other credentials I guess from our local AD.

Any ideas on what is going on and how to fix it?

Subject: Logging
Posted by: awalker (view profile)
Posted on: Tuesday, January 18, 2011 at 12:41 PM
Message: I have setup FA and everything seems to be working fine on my end but ... here it comes... my users I create can not log in from outside of our domain.
They keep getting prompted for other credentials I guess from our local AD.

Any ideas on what is going on and how to fix it?

Subject: Logging
Posted by: awalker (view profile)
Posted on: Thursday, January 20, 2011 at 8:28 AM
Message: And to add to the above post, Do I need to add something into AAM?

 

Top Rated

Acceptance Testing with FitNesse: Multiplicities and Comparisons
 FitNesse is one of the most popular tools for unit testing since it is designed with a Wiki-style... Read more...

Acceptance Testing with FitNesse: Symbols, Variables and Code-behind Styles
 Although FitNesse can be used as a generic automated testing tool for both applications and databases,... Read more...

Acceptance Testing with FitNesse: Documentation and Infrastructure
 FitNesse is a popular general-purpose wiki-based framework for writing acceptance tests for software... Read more...

TortoiseSVN and Subversion Cookbook Part 11: Subversion and Oracle
 It is only recently that the tools have existed to make source-control easy for database developers.... Read more...

TortoiseSVN and Subversion Cookbook Part 10: Extending the reach of Subversion
 Subversion provides a good way of source-controlling a database, but many operations are best done from... Read more...

Most Viewed

A Complete URL Rewriting Solution for ASP.NET 2.0
 Ever wondered whether it's possible to create neater URLS, free of bulky Query String parameters?... Read more...

Visual Studio Setup - projects and custom actions
 This article describes the kinds of custom actions that can be used in your Visual Studio setup project. Read more...

.NET Application Architecture: the Data Access Layer
 Find out how to design a robust data access layer for your .NET applications. Read more...

Calling Cross Domain Web Services in AJAX
 The latest craze for mashups involves making cross-domain calls to Web Services from APIs made publicly... Read more...

Web Parts in ASP.NET 2.0
 Most Web Parts implementations allow users to create a single portal page where they can personalize... Read more...

Why Join

Over 400,000 Microsoft professionals subscribe to the Simple-Talk technical journal. Join today, it's fast, simple, free and secure.