Forms Based Authentication with SharePoint 2007


A while back I spent a few weeks at Microsoft Campus working for a client on a MOSS 2007 proof of concept project. One of my jobs was to get FBA working alongside Windows Authentication on the same site. After reading a few excellent blog posts namely Nick Swan’s and Dan Attis and getting FBA partially working it became apparent that FBA with SharePoint is a bit of a ‘gray’ area and alot of people are struggling with it. I also sat with a Microsoft guy who specialised in SharePoint who had never even seen FBA working with the SSP profile database before.

I want to write about a couple of issues I came across when working within SharePoint and FBA, I won’t go into detail with the actual setup because the above mentioned blog posts cover most or all of what you will need to do.

The first one is this, if you use the Visual Studio’s Website configuration tool to add your Forms Based users, be careful because it modifies your web sites web.config file and adds xmlns=”http://schemas.microsoft.com/.NetConfiguration/v2.0&#8243; as an attibute to the <configuration> section. I don’t actually kow of a workaround for this but if you don’t delete this attibute your will be greeted with a File Not found error from your SharePoint site.

Another issue I came across was even though I had setup my site for FBA correctly, central admin was still not resolving my FBA users at all. After running SQL Profiler against the database I realised that the ASP.Net membership database stored procedures were being called with an application id, now this is where it gets a bit confusing. You need to run the Visual Studio Admin tool against the SharePoint 80 web site, but Central Admin runs in it’s own virtual directory therefore has a different application id. Now I’d love to know if I was doing something wrong or if there is a workaround for this, but in the end due to a tight timescale I had to hand modify the ASP.Net stored procs to not filter application id’s.

Hope this information is useful as it became apparent that FBA in SharePoint is a bit of a ‘hit or miss’ technology and is not as easy as it should be to setup out of the box.

Would be glad to hear from anyone who has had similar problems and found an easier way round it.

One thought on “Forms Based Authentication with SharePoint 2007

  1. Hi Lee.

    First: tks for the article about FBA w/ SharePoint. I am trying to do it, but i have one problem. Hope you can help me.
    I’ve successfully configured a FBA environment. I have my site:80 as winAuth and site:81 as FBA. Perfect! My problem now is that I am trying to configure the MySite for the FBA users following ur post and Dan Attis posts. My problem is that I got stuck on the part where I should add the FBA User to the SSP – Personalization services permission. I’ve changed the web.config (adding the Connection, membership, role and peoplePicker tags) for SSP and for MySites, but still i am not able to retriver FBA users on the SSP.
    Am I missing something? Do I have to extend the MySites web application and configure the authentication provider??

    Tks

    Alex

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s