How to implement Forms-based authentication for Office SharePoint Server 2007 and Windows SharePoint Services 3.0 by using SQL Server

Article translations Article translations
Article ID: 952170 - View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

This article describes how to implement Forms-based authentication for Microsoft Office SharePoint Server 2007 and Microsoft Windows SharePoint Services 3.0 by using Microsoft SQL Server when SQL Server is installed on the same computer.

More information

To implement Forms-based authentication for Office SharePoint Server 2007 and Windows SharePoint Services 3.0 by using an instance of SQL Server that is installed on the same computer, follow these steps:
  1. Create an Aspnetdb database to use for storing membership and role information. To do this, follow these steps:
    1. At a command prompt, change to the .NET Framework directory. Typically, the .NET Framework directory is located at C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727.
    2. Create a database on the local SQL server. To do this, type the following command, and then press ENTER:
      Aspnet_regsql -A all –E
      Note To create a database on a different server computer, use the following command to determine the appropriate switch to use:
      aspnet_regsql /?
      If you are creating the SQL Server provider database for the first time, you must also create one or more users and, optionally, one or more roles. The users and roles are the security principals that you add to the policy settings for the extranet Web programs and for the SharePoint Site Groups. There are multiple ways to create security principals. Typically, a complete install of Microsoft Visual Studio 2005 is used together with the ASP.NET 2.0 Administration tool to create users and roles. If you experience issues with Visual Studio 2005, contact Microsoft Customer Support Services.
  2. Create a Windows SharePoint Web application, and enable Windows authentication for the main Web site for internal users to access the site.
  3. Create another SharePoint Web application, extend the Web application, and then map the new Web application to the main Web site.
  4. You must enable the Forms authentication type for the extended Web application. To enable Forms-based authentication, you must configure the Membership providers and the Role managers in the Web.config file for the SharePoint central administration site and in the Web.config file for the extended Web application. To do this, follow these steps:
    1. In Notepad, open the Web.config file for the SharePoint central administration site.

      Note Typically the Web.config file is located under C:\Inetpub\Wwwroot\Wss\VirtualDirectories.
    2. Paste the following lines of code at the end of the Web.config file under the </SharePoint> tag.

      Note In the following command, replace the Database Server Name placeholder with the database server name, and replace the Database Name placeholder with the name of the database.
      <connectionStrings>
      <add name="AspNetSqlProvider" connectionString="Data Source=< Database 
      Server Name >;Initial Catalog=< Database Name >;Integrated Security=True" 
      providerName="System.Data.SqlClient" />
      </connectionStrings>
      
    3.  Copy and paste the following lines of code inside <System.web> just over the </System.web> tag: 
      <membership defaultProvider="AspNetSqlMembershipProvider">
      
      <providers>
      
      <remove name="AspNetSqlMembershipProvider" />
      
      <add connectionStringName="AspNetSqlProvider" passwordAttemptWindow="10" 
      enablePasswordRetrieval="false" enablePasswordReset="true" 
      requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" 
      passwordFormat="Hashed" description="Stores and retrieves membership data 
      from the Microsoft SQL Server database" name="AspNetSqlMembershipProvider" 
      type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, 
      
      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      
      </providers>
      
      </membership>
      
      
      
      <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      
      <providers>
      
      <remove name="AspNetSqlRoleProvider" />
      
      <add connectionStringName="AspNetSqlProvider" applicationName="/" 
      description="Stores and retrieves roles data from the local Microsoft SQL Server 
      
      database" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, 
      System.Web, Version=2.0.3600.0, Culture=neutral, 
      PublicKeyToken=b03f5f7f11d50a3a" />
      
      </providers>
      
      </roleManager>
      
    4. Save the Web.config file.
    5. In Notepad, open the Web.config file for the extended Web application.
    6.  Copy and paste the following lines of code inside <System.web> just over the </System.web> tag: 
      <membership defaultProvider="AspNetSqlMembershipProvider">
      
      <providers>
      
      <remove name="AspNetSqlMembershipProvider" />
      
      <add connectionStringName="AspNetSqlProvider" passwordAttemptWindow="10" 
      enablePasswordRetrieval="false" enablePasswordReset="true" 
      requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" 
      passwordFormat="Hashed" description="Stores and retrieves membership data 
      from the Microsoft SQL Server database" name="AspNetSqlMembershipProvider" 
      type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, 
      
      Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      
      </providers>
      
      </membership>
      
      
      
      <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
      
      <providers>
      
      <remove name="AspNetSqlRoleProvider" />
      
      <add connectionStringName="AspNetSqlProvider" applicationName="/" 
      description="Stores and retrieves roles data from the local Microsoft SQL Server 
      
      database" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, 
      System.Web, Version=2.0.3600.0, Culture=neutral, 
      PublicKeyToken=b03f5f7f11d50a3a" />
      
      </providers>
      
      </roleManager>
      
      Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
    7. Save the Web.config file.
  5. Reset Internet Information Services (IIS). To do this, click Start, click Run, type iisreset, and then click OK.
  6. On the SharePoint Central Administration Web page, click Application Management.
  7. Under Application Security, click Authentication providers.
  8. On the Authentication Providers page, click the name of the Web application for which you want to enable Forms-based authentication.
  9. On the Edit Authentication page, click Forms under Authentication Type.
  10. In the Membership provider name box, type AspNetSqlMembershipProvider.
  11. In the Role manager name box, type AspNetSqlRoleProvider, and then click Save.
  12. Restart the computer.
  13. On the SharePoint Central Administration Web page, click Application Management.
  14. Under Application Security, click Policy for Web application.
  15. Click Add users.
  16. On the Add Users page, make sure that the Web application for which you want to enable forms-based authentication is displayed in the Web Application box.
  17. In the Zones list, click Default, and then click Next.
  18. In the Users box, enter the credentials for one user whom you want to make the administrator of this Web application. This user should be present in the database that was created in step 1. For example, type Name of the membership provider\username, or type AspNetSqlMembershipProvider\username.
  19. Under Permissions, select Full control – Has full control, and then click Finish.

References

For more information about forms authentication in SharePoint products and technologies, visit the following Microsoft Web sites.

Introduction (Part 1)
http://msdn2.microsoft.com/en-us/library/bb975136.aspx
Membership and Role Provider Samples (Part 2)
http://msdn2.microsoft.com/en-us/library/bb975135.aspx
Forms Authentication vs. Windows Authentication (Part 3)
http://msdn2.microsoft.com/en-us/library/bb977430.aspx

Properties

Article ID: 952170 - Last Review: December 19, 2012 - Revision: 4.0
Applies to
  • Microsoft Office SharePoint Server 2007
  • Microsoft Windows SharePoint Services 3.0
Keywords: 
kbinfo kbcode kbexpertiseadvanced kbhowto KB952170

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com