For FBA to take effect, the next step is to set membership Provider in SharePoint, a membership Provider is an interface from the program to the certificate store (credential store). This allows the same program to work in a variety of different storage certifications. For example, you can use Ldapmembership to authenticate on Active Directory or SqlMembershipProvider on SQL Server. This example uses the SQL Server
Multiple sites on SharePoint, Central Administration, Security Token Service, and all created Web application. Every web application has to know membership provider. One way to do this is to set up each Web. config, and another way is to configure Machine.config. When the Machine.config is modified, the Web. config application created each time inherits from Machine.config, so that you do not have to modify the Web. config every time you create a website Applicaiton.
Before modifying any. config file, back up.
Go to the directory "C:\Windows\Microsoft.Net\Framework64\v4.0.30319\Config", back up and then open machine.config.
In the <ConnectionString> section, add a row and the server needs to be changed to the actual server name.
<connectionString= "server=win-h472cerv001;database=aspnetdb;integrated security= True " name=" fbadb "/>
In the <membership><providers> section, add a bit of configuration
<Addname= "Fbamembershipprovider"type= "System.Web.Security.SqlMembershipProvider, system.web, version=4.0.0.0, Culture=neutral, publickeytoken= B03F5F7F11D50A3A "connectionStringName= "FBADB"enablePasswordRetrieval= "false"enablePasswordReset= "true"requiresQuestionAndAnswer= "false"ApplicationName="/"requiresUniqueEmail= "true"Passwordformat= "Hashed"maxinvalidpasswordattempts= "5"minRequiredPasswordLength= "7"minRequiredNonalphanumericCharacters= "1"passwordAttemptWindow= "Ten"passwordstrengthregularexpression="" />
Each option can be customized, and most importantly, if multiple MembershipProvider use the same database, they must be configured identically. Otherwise, there are a variety of issues, which are configured when the user is created and different configurations when the user logs on.
Option |
Description |
connectionStringName |
The name of the database connection to the ASPNETDB database. |
enablePasswordRetrieval |
True/false. Whether the user ' s password can be retrieved. I suggest setting this to false for security purposes. |
enablePasswordReset |
True/false. Whether the user can reset their password. I suggest setting this to true. |
requiresQuestionAndAnswer |
True/false. Whether accounts also has a question and answer associated with them. The answer must is provided when resetting the password. I suggest setting this to false, as setting it to true prevents a administrator from resetting the user ' s password. |
ApplicationName |
Setting The application name allows you-share a single membership database with multiple different applications, with E Ach has their own distinct set of users. The default applicationname is/. |
requiresUniqueEmail |
True/false. Determines if multiple users can share the same email address. I suggest setting this to false, in case you ever want to implement a login by email system. |
passwordformat |
Clear, Hashed or Encrypted. Clear stores the password in the database as plain text, so anybody with access to the database can read the user ' s PASSWO Rd. Encrypted encrypts the user's password, so although the password is ' t human readable in the database, it can still is Decrypted and the user ' s actual password retrieved. Hashed stores a one-out-of-the-password. when a user authenticates, the password they enter is hashed as well and matched against the stored hashed value. Using the This method, the user's password can never be retrieved (even if your database are stolen), only reset. i always recommend using "Hashed" as it is, the most secure, the storing the user ' s password. |
maxInvalidPasswordAttempts |
The number of times in a row that a user can enter an invalid password, within the passwordAttemptWindow, before the user ' s account was locked out. Defaults to 5. |
passwordAttemptWindow |
The number of minutes before the invalid password counter is reset. Defaults to 10. |
minRequiredPasswordLength |
The minimum password length. Defaults to 7. |
minRequiredNonalphanumericCharacters |
The minimum number of non-alphanumeric characters required in the password. Defaults to 1. |
passwordStrengthRegularExpression |
A regular expression that can is used to validate the complexity of the password. |
In the <roleManager><providers> section:
<name= "Fbaroleprovider" connectionstringname= "fbadb" ApplicationName= "/" type= "System.Web.Security.SqlRoleProvider, system.web, version= 4.0.0.0, Culture=neutral, publickeytoken=b03f5f7f11d50a3a "/>
Sharepoint 2016 Configuration FBA (ii) Edit Web,config file