"Access Denied" error after setting up Form Based Authentication for SharePoint site using Active Directory as a datastore
Recently I faced very interesting scenario where I have configured everything as mentioned in this article https://blogs.msdn.com/echarran/archive/2006/09/11/749707.aspx for the Forms Authentication using Active Directory Membership Provider. After doing so, whenever I tried to login I was getting “Access Denied” error and was not able to login via any user. To check the configuration validity in Web.Config of my web application I did the following:
1. Opened Central Administration Web site.
2. Clicked on the Application Management tab, and then clicked on Policy for Web application.
3. Ensured that the correct Web application is selected; it is displayed in the upper-right corner. Clicked Add Users.
4. In the Zones list, clicked the appropriate zone for which I was setting up the FBA.
5. On the Add Users page, clicked the address book icon to open the People Picker dialog box
6. In the People Picker dialog box, typed the username (user from membership datastore) in the Find box, and then clicked the search button.
7. I was not getting any user in the result which meant that there is some problem in web.config file.
I looked at the Authentication Provider page carefully and here is what I figured out which was missing in my configuration:
Above screen says that you need to do the same configuration in Central Admin site’s web.config as well. That was the missing part. I did the same modification in the Central Admin’s web.config which I did it for my web application.
I followed the steps 1 – 7 listed above and this time was I was seeing the users. You should also notice that the account name is displayed in the format that SharePoint uses internally to keep track of it: MembershipProviderName:accountName. In this scenario, that means the account name for username is ADProvider:username.
Then I did few additional steps:
1. Double-clicked username to add it to the Add box, and then clicked OK.
2. Selected Full Control
3. Click Finish to save the changes.
Logged-in back to my web application using the FBA and with the same user, this time I was able to login without any error.
Hope this will be useful to someone who is also facing similar issue.
Cheers !!!!
Comments
Anonymous
January 27, 2010
You saved my day.Incidentally I was struggling with this too for the past few days.Anonymous
July 19, 2010
Thanks for your post. I'll going to do the web.config administration site modify. I know so it works. But it's a nosense workaround: so we can configure one only type of form authentication per central administration. How we can resolve if we have more sites, with more zones and more different provider? I don't know. Thanks.Anonymous
July 27, 2010
What do you think is going on if I still get access denied for the rest of the users that had not been added thru central adiministration -> policy for web application? I mean I had my authenticated users on the sharepoint groups already set up and with windows auth I didnt have a problem, no that I change that to forms, do I have to add all users thru Central Admin? that seems akward Any comments appreciatedAnonymous
December 05, 2010
Thanks a lot for the post...Great Work!!!:)Anonymous
December 14, 2011
I did exactly what you did but still get same error message. Is there anything else I can do? Please help! Thanks, Dan