What is Form based Authentication (FBA)?
Form Based Authentication (FBA) provides
your own authentication method using a web form. More and more companies are
using FBA as a way of extending a site for non-Active Directory (AD) users.
SharePoint standard installation uses as
default AD to query the Domain Controller and to check user credentials through
Windows Authentication. FBA uses a custom database created separate from AD to
store user credentials. Authentication using FBA is executed by a SQL DB query.
When FBA is used to extend SharePoint sites, external users (non AD users) have
access to SharePoint.
Why would you allow access to external users?
A practical reason for extending a SharePoint site
through FBA is collaboration on documents with your clients or vendors.
How to achieve FBA in SharePoint 2013?
There are lot of guide are there in internet to
explain farm based authentication in SharePoint 2013. But here I hope simple
steps through which we can easily achieve the Farm Based Authentication in
SharePoint 2013.
Below are the 13 simple steps to achieve FBA.
Step 1. Create aspnetdb using aspnet_regsql
Step 2. Assign
SharePoint administrator as a db_owner
in aspnetdb using SQL Management Studio
Step 3. Create connection string in IIS Global
Step 4. Add
Providers in .Net Roles and .Net User .
Step 5. Do step 4
in SecurityTokenServiceApplication
Step 6. Create
Web Application with claim based authentication
Step 7. Create
Site Collection with windows authentication
Step 8. Modification
in webConfig file in Web Application
& Central Admin
Step 9. Change
your web application to FBA
Step 10. Select
your web application in IIS and add .net Users, if error change the default
provider in .net Roles and .net Users.
Step 11. Add the
.net user in IIS.
Step 12. Open the
web application with windows authentication and share your site with FBA users.
Step 13. Now
login with FBA account.
Step 1. Create aspnetdb using aspnet_regsql in Command Prompt
Open command prompt as run as administrator. Then move the
directory to C:Windows\Microsoft.NET\Framework64\v4.0.30319
, Type aspnet_reqsql and click enter.
Then the following window will open. Follow the stpes one by
one.
Then Click Finish. Now Database has been created in sql
server
Step 2. Assign SharePoint
administrator as a db_owner in aspnetdb using SQL Management Studio
Open Sql Server Management Studio and check for aspnetdb is available under database
We need to give access to farmadmin to access this database.
Below are the steps to give dbowner rights to farmadmin.
Expand security in left panel, and the exaand Logins, check
for farmadmin name in logins. If not add it. Else right click on the user name
and open the Properties.
Properties Pop up will open, in that select User
Mapping and select the DB name in right Panel. In database roles membership
select the tick mark for db_owner & click ok.
Now step 2 completed. The farm admin has access to aspnetdb.
Step 3. Create connection string in IIS Global
We need to add connection string in our SharePoint
application to access the created DB
Open IIS in your server, and click o connection strings in
home page.
Click add button at right side.
Below pop up will come for adding new connection string.
Give Connections string name, sql server name, database name correctly as like
below fig.
Step 4. Add Providers in .Net Roles and .Net User.
Now add roles and membership in providers. Click providers
in home page.
Select .Net Roles in Features drop down and click add to add
new roles.
Select SqlRoleProvider as the type, and give role name and
make a note on that Role Name. because
we need that name at a time of changing our web application to FBA.
Select the connection string the we going to use. And type”/” in application control to affect fab in Whole
web application and click ok.
As like creating Roles Provider, we need to create the
Membership provider. In provider Page Select
.Net Users in Features. And click add link to add new membership
provider.
Select SQL Membership Provider as the type & Give
Membership Name. we need this name at a time of changing our web application to
FBA.
Select Connection string & make true on RequiresUniqueEmail
, StorepasswordInSercuredManner.
Step 5. Do step 4 in SecurityTokenServiceApplication
Select your SharePoint
SecurityTokenServiceApplication
under SharePoint Web Services. And
create the Roles and Membership providers for this SecurityTokenServiceApplication as like in step 4.
Step 6. Create Web Application
with claim based authentication
Create the new application with normal claim Based
authentication as like below image. Don’t select Enable FAB .
Step 7. Create Site Collection with windows authentication
Create the site collection for create web application and
give farmadmin as site collection administration.
Step 8. Modification in webConfig file in Web Application &
Central Admin
Open webconfig file of Central admin & Web application
and Find the name “ PeoplePickerWildCards”. And change the Key name to our Membership
Provider name that we created in IIS.
Step 9. Change your web
application to FBA
Now Change your Web application in FAB by following steps.
Give the Membership provider name & Roles Provider name correctly in this
step.
Step 10. Select your web
application in IIS and add .net Users, if error change the default provider in
.net Roles and .net Users.
Change the default provider as our membership provider and
roles providers in .Nets Users & .Net Roles respectively.
Step 11. Add the .net user in
IIS.
Now add new users to this member ship by click .Net Users
and Click Add Users.
Step 12. Open the web
application with windows authentication and share your site with FBA users.
Open web application with windows authentication(farmadmin
account) and give site acces to FBA user that we created.
Step 13. Now login with FBA
account.
Great, Now we can sign in with different user and we can
open our site with Farm Authentication.
