Share via


SharePoint 2013: Form based Authentication (FBA)

What is Form-based Authentication (FBA)?

Form Based Authentication (FBA) provides your own authentication method using a web form. More and more companies are using FBA as a way of extending a site for non-Active Directory (AD) users.

SharePoint standard installation uses as default AD to query the Domain Controller and to check user credentials through Windows Authentication. FBA uses a custom database created separately from AD to store user credentials. Authentication using FBA is executed by a SQL DB query. When FBA is used to extend SharePoint sites, external users (non AD users) have access to SharePoint.

Why would you allow access to external users?

A practical reason for extending a SharePoint site through FBA is collaboration on documents with your clients or vendors.

How to achieve FBA in SharePoint 2013?

There is lot of guides are there on the Internet to explain farm based authentication in SharePoint 2013. But here I hope simple steps through which we can easily achieve the Farm-Based Authentication in SharePoint 2013.

Below are the 13 simple steps to achieve FBA.

  1. Create aspnetdb using aspnet_regsql
  2. Assign SharePoint administrator as a db_owner in aspnetdb using SQL Management Studio
  3. Create connection string in IIS Global
  4. Add Providers in.Net Roles and.Net User .
  5. Do step 4 in SecurityTokenServiceApplication
  6. Create a Web Application with claim based authentication
  7.  Create Site Collection with windows authentication
  8. Modification in the webConfig file in Web Application & Central Admin
  9.  Change your web application to FBA
  10. Select your web application in IIS and add .net Users, if error changes the default provider in .net Roles and   .net Users.
  11. Add the .net user in IIS.
  12. Open the web application with windows authentication and share your site with FBA users.
  13. Now login with FBA account.

Step 1. Create aspnetdb using aspnet_regsql in Command Prompt

Open command prompt as run as administrator. Then move the directory to C:Windows\Microsoft.NET\Framework64\v4.0.30319 , Type aspnet_reqsql and click enter.

 

Then the following window will open. Follow the steps one by one.

Then Click Finish. Now Database has been created in SQL server

Step 2. Assign SharePoint administrator as a db_owner in aspnetdb using SQL Management Studio

Open SQL Server Management Studio and check for aspnetdb is available under database

We need to give access to farmadmin to access this database. Below are the steps to give dbowner rights to farmadmin.

Expand security in the left panel, and then expand Logins, check for farmadmin name in logins. If not add it. Else right click on the user name and open the Properties.

Properties Popup will open, in that select User Mapping and select the DB name in right Panel. In database, roles membership select the tick mark for db_owner &

 click ok.

Now step 2 completed. The farm admin has access to aspnetdb.

Step 3. Create connection string in IIS Global

We need to add the connection string in our SharePoint application to access the created DB

Open IIS in your server, and click o connection strings in the home page.

Click add button at right side.

Below pop up will come for adding a new connection string. Give Connections string name, SQL server name, database name correctly as like below fig.

Step 4. Add Providers in.Net Roles and.Net User.

Now add roles and membership in providers. Click providers in the home page.

Select.Net Roles in Features drop down and click add to add new roles.

Select SqlRoleProvider as the type, and give role name and make a note on that Role Name. because we need that name at a time of changing our web application to FBA.

Select the connection string we going to use. And type**”/”**  in application control to affect fab in Whole web application and click ok.

As like creating Roles Provider, we need to create the Membership provider. In provider Page Select .Net Users in Features. And click add the link to add new membership provider.

Select SQL Membership Provider as the type & Give Membership Name. we need this name at a time of changing our web application to FBA.

Select Connection string & make true on RequiresUniqueEmail , StorepasswordInSercuredManner.

Step 5. Do step 4 in SecurityTokenServiceApplication

Select your SharePoint  SecurityTokenServiceApplication under SharePoint Web Services. And create the Roles and Membership providers for this SecurityTokenServiceApplication as like in step 4.

Step 6. Create a Web Application with claim based authentication

Create the new application with normal claim Based authentication as like below image. Don’t select  Enable FAB .

Step 7. Create Site Collection with windows authentication

Create the site collection to create a web application and give farmadmin as site collection administration.

Step 8. Modification in webconfig file in Web Application & Central Admin

Open webCconfig file of Central admin & Web application and Find the name “ PeoplePickerWildCards”.  And change the Key name to our Membership Provider name that we created in IIS.

Step 9. Change your web application to FBA

Now Change your Web application in FAB by flowing steps. Give the Membership provider name & Roles Provider name correctly in this step.

Step 10. Select your web application in IIS and add .net Users, if error changes the default provider in .net Roles and   .net Users.

Change the default provider as our membership provider and roles providers in .Nets Users & .Net Roles respectively.

Step 11. Add the .net user in IIS.

Now add new users to this membership by click .Net Users and Click Add Users.

Step 12. Open the web application with windows authentication and share your site with FBA users.

Open web application with windows authentication(farmadmin account) and give the site access to FBA user that we created.

Step 13. Now login with FBA account.

Great, Now we can sign in with a different user and we can open our site with Farm Authentication.