SharePoint 2010 Configure SQL-based Forms authentication

Forwarded from: http://www.cyqdata.com/cnblogs/article-detail-5601

Forwarded from: http://www.cnblogs.com/janet/archive/2013/07/18/3199234.html

System Environment: win2008r2+ sql2008r2 +visual studio2010+sharepoint

A. If you have established a Web application such as the name: http://luoku.cn/

To enter the SharePoint Management Shell, execute the following command:

$w = get-spwebapplication "http://luoku.cn/"
$w. useclaimsauthentication = 1
$w. Update ()
$w. provisionglobally ()

Then open Central Administration-application management-manage Web Applications in SharePoint, select authentication providers on the top menu to enable forms-based authentication (FBA)

B. if the new Web Application, then directly select Enable Forms-based authentication (FBA) When you create it as shown below

First, the configuration ASP of application Service information SQL Server Database
1. Open a command prompt. Enter "CMD" in the Run to open the Windows command prompt.
2. Enter the installation directory to the. Net Framework. Enter "CD C:/windows/microsoft. net/framework/v2.0.50727".
3. Enter the command aspnet_regsql. The command pops up the ASP. NET SQL Server Setup Wizard, as shown in 1.

Note : Either the Start menu enters the Visual Studio command Prompt (2010) and the effect is the same as when you enter Aspnet_regsql carriage directly

Figure 1

4. Click the "Next" button in Figure 1. The wizard goes to the Select installation Options page, as shown in 2.

Figure 2

5. In Figure 2, select "Configure SQL Server for application services" and click "Next". The wizard goes to the Select servers and Databases page, as shown in 3.

Figure 3

6. In Figure 3, enter the name of the database server in "Server", select "Windows Authentication", in the database, select "< default >", or enter "Aspnetdb". Click "Next" and go to the "Confirm your Settings" page. As shown in 4.

Figure 4

7. In Figure 4, confirm that the wizard displays the same content as you entered, and if not, go back to the previous step to make the appropriate adjustments. No problem. Click Next, and the wizard will create or modify the ASPNETDB database. When you are finished, the wizard will show that the database has been created or modified, as shown in 5. If this step is an error, it is mostly due to database links or insufficient database permissions.

Figure 5

8. When the wizard appears in Figure 5, the "SQL Server database for configuring ASP. NET Application Service Information" has been successfully completed.

Second, create SharePoint Application
1. Open the SharePoint 2010 Admin Center, as shown in 6.

Figure 6

2. Click on the "Manage Web Application" link and go to the Web Application Management page, where you click on the "New" button on the Ribbon and the page pops up the "New Web Application" dialog box. As shown in 7.

Figure 7

3. In authentication, be sure to select claims-based authentication, because only claims-based authentication supports the way that ASP.
4. In the IIS Web site, select New IIS Web site, and the name bar keeps the system default. The port defaults to 80. The advantage of using port 80 is that you do not need to enter the port number when you enter the Web site URL because the HTTP protocol default port number is 80. The path can be maintained by default. The setting results are as shown in 7.

Figure 8

5. In security configuration, the default is OK. As shown in 8.

Figure 9

6. In Claim authentication type, if you are using mixed authentication, which enables both Windows authentication and forms validation, you can leave the Enable Windows Authentication check checked.
7. Select Enable Forms Based Authentication (FBA), in ASP. NET Membership Provider Name "Enter"fbamembershipprovider", and in the" ASP. Name "Enter"fbaroleprovider". Both provider names need to be the same as the member authentication provider names that are later modified by the Web. config file. As shown in 9.

Figure 10

8. In the "Common url", leave the default, as shown in 10.
9. In application pool, select New application pool, and in application pool name, enter SharePoint-80. It is recommended that you select configurable accounts, and the application pool process will run under this account. As shown in 10.

Figure 11

10. In database name and authentication, enter the database server name and database name, and it is recommended that the database name plus a convenient way to distinguish the prefixes of other databases, such as "Sharepoint_", so that when you install multiple SharePoint servers that share the same database server, Easy to differentiate database usage. As shown in 11.
11. "Failover Server" and "Search server" can be temporarily not configured.

Figure 12

12. In the Service Application connection, select Default. As shown in 12.
13. In the Customer Experience Improvement Program, choose according to your preference.
14. It is recommended that you check all the settings in the dialog box again and click "Confirm". SharePoint automatically creates a Web application that, when created, displays the dialog box as shown in 13.

Figure 13

15. It is recommended that you do not worry about creating a site collection, and then creating a site collection after you configure Web. config.

Third, the SharePoint The Central Administration site is configured to use SQL Membership provider

The default for SharePoint sites is ad-based authentication, and perhaps here you ask why SharePoint Central Administration is configured for form validation, and generally, when we want to access central administration, we don't need to use forms to verify how we sign in. Indeed, it is not necessary to log in to Central administration using form validation, but it is essential to configure central administration to use the SQL membership provider if we need to make certain users stored in the database as site collection administrators or other such operations.

Open IIS Manager, select SharePoint Central Administration V4, and you'll see a lot of options in the middle of the home page, where we're going to use "connection string" and "provider."

Figure 14

First open the "Connection string" and click "Add" in the Action menu on the right side of the screen to create a new connection string to connect to the database we created in the previous step to store the user's credentials, and name it fbadb.

Figure 15

Then go back to the SharePoint Central Administration V4 home page and open the provider pages where we will add the role provider and user provider for the Central Administration site. In the Feature drop-down box, select . NET role , and then click Add in the Actions panel to create a new role provider with the type set to Sqlroleprovider ", and then set the" connectionStringName "item to the name of the connection string created in the previous step.

Figure 16

Finally, you need to set the membership provider, or in the feature drop-down box, select . NET users , and then add a user provider with the type " SqlMembershipProvider ", and also set the connection string to the one we just created.

Figure 17

Now that the configuration of the central administration is complete, we can open the Web. config file in Central administration to check what is being modified. The modified Web. config will have the following content.

<roleManager>
<providers>
<add name= "Fbaroleprovider" type= "System.Web.Security.SqlRoleProvider, system.web,

version=2.0.0.0, Culture=neutral, publickeytoken=b03f5f7f11d50a3a "applicationname="/"ConnectionStringName=" FBADB "/>
</providers>
</roleManager>
<membership>
<providers>
<add name= "Fbamembershipprovider" type= "System.Web.Security.SqlMembershipProvider,

System.Web, version=2.0.0.0, culture=neutral, publickeytoken=b03f5f7f11d50a3a "applicationname="/"

Connectionstringname= "Fbadb" enablepasswordreset= "true" Enablepasswordretrieval= "false" passwordformat= "Clear"

Requiresquestionandanswer= "false" requiresuniqueemail= "false"/>
</providers>
</membership>

will be Security Store Service configured to use SQL Membership provider

Or in IIS Manager, in the connection panel on the left, select "Securitytokenserviceappliaation" under the SharePoint Web Services application. The next procedure is exactly the same as the process of configuring the Central Administration site, which is no longer duplicated.

Figure 18

After the configuration is complete, you can see the new additions in its web. config file.

<system.web>
<roleManager>
<providers>
<add name= "Fbaroleprovider" type= "System.Web.Security.SqlRoleProvider,

System.Web, version=2.0.0.0, culture=neutral, publickeytoken=b03f5f7f11d50a3a "applicationname="/" Connectionstringname= "Fbadb"/>
</providers>
</roleManager>
<membership>
<providers>
<add name= "Fbamembershipprovider" type= "System.Web.Security.SqlMembershipProvider,

System.Web, version=2.0.0.0, culture=neutral, publickeytoken=b03f5f7f11d50a3a "applicationname="/"

Connectionstringname= "Fbadb" enablepasswordreset= "true" Enablepasswordretrieval= "false" passwordformat= "Clear"

Requiresquestionandanswer= "false" requiresuniqueemail= "false"/>
</providers>
</membership>
</system.web>

Iv. Login (need to create form user in IIS)
1. After setting up the three steps above, you can now create a site collection that supports form validation for all sites under the new Web application.
2. When you open a Web site, the login page appears, as shown in 17, in the drop-down box you can select Windows Authentication or form validation.

Figure 19

3. When the form verification is selected, as shown in 18, enter the user name, password, click Login, you can log in to SharePoint. If you need to use client tools, such as Word and Excel, when you need to access site content, you need to check "automatic login" when you log in.

Figure 20

4. Configuring the SQL membership provider for the Web application

After the Web application in the previous step was created, we also configure the SQL membership provider for it, just as it did for central administration and the security Store service, but slightly differently.

The first thing to do is to create the connection string, add the role provider and the user provider, and the three steps are nothing different than just now. In fact, it is now possible to access the site collection that we have just created by means of form authentication, but there is no data in our user database, so even if forms authentication is already available, we still cannot log in. There are many ways to create a user, you can create it through some open source gadgets, or you can write a Web application to complete the registration of a new user, and in this blog we will use IIS Manager to complete the creation of a new user.

Figure 21

First, on the Web Application home page, select. NET role, click "Set Default Provider" on the right to change the default provider to the Fbaroleprovider we just created. There may not be any roles in our database at this time, click "Add" under the "Actions" panel to create a new role.

Figure 22

Then go back to the homepage and select ". NET user, set the default provider to Fbamembershipprovider, and then we can create the user in IIS Manager.

Figure 23

Upon entering. " NET role "and". NET user interface may pop up the warning message as shown, this information is ignored and does not affect our normal use.

Figure 24

There is also a problem to be aware of when we create good roles and users, we must ". NET role "and". NET user, or the following error will appear when you log in to the Web site.

Figure 25

The default ". NET role provider name is "C", ". NET user "The default provider is" I ", after changing back let's look again.

5. After logging into the system, see the homepage of the website as shown in 19. The currently logged in user is displayed in the upper-right corner of the page. To switch the current user, you can click on the user name, the pop-up menu select "Log in as a different user", the page will return to the login page.

Figure 26

SharePoint 2010 Configure SQL-based Forms authentication