Sharepoint Extranet Setup with FBA (Forms Based Authentication)

At some point in your company’s SharePoint usage, you will probably want to expand the usage of your Intranet sites to clients. Extranet deployment usually requires some additional server and license resources which can add to the expense of the Sharepoint deployment. Fortunately, SharePoint Server 2007 has the Authentication Zones feature, which allows you to setup different authentication methods for your employers and customers and minimize the additional hardware and software licenses required.

In this article we will be configuring forms based authentication with newest version of Microsoft Office SharePoint Server with Service Pack 2 on Windows Server 2008.

SharePoint authentication zones

By default, on SharePoint applications there is only one default zone configured, which corresponds to our LDAP (Active Directory) authentication mode. However, there are several other zones that can be used for authenticating site users (see screen below)

In this instance we will be configuring our Extranet zone with Forms Based Authentication, so our external users (clients/customers) would be using different credentials database. In most cases we do not want external users to have any accounts in the Active Directory as it will be a drain on resources to have an Active Directory only for these users. Therefore, in this scenario we will be using ASP .NET functionality to store user credentials in MS SQL Database.

Configure Extranet zones with users stored in a SQL Server Database

We need set the ASP .NET services engine to use a SQL Server database to store user credentials, as well as membership, profiles and the SQL Web event provider. To do this, you will need to run aspnet_regsql.exe located in the C:WindowsMicrosoft.NETFrameworkv2.0.50727 folder (or C:WindowsMicrosoft.NETFramework64v2.0.50727 for 64-bit OS’s).

After reading the application description in the first screen and clicking next, we then ensure that Configure SQL Server for application services is selected and click Next (see screenshot below).

Next, we enter our SQL Server credentials. This is a very useful feature because we can use the same SQL Server instance that is used for SharePoint to avoid the expense of purchasing an additional SQL Server license for external user authentication. Alternatively we could install the free SQL Server Express which is capable of handling Forms based credentials.

Next, confirm that the SQL Server credentials for ASP .NET services are correct, and click Next. By default, ASPNET_RegSQL.exe will be using the ‘aspnetdb’ database for storing user data.

Now we must configure the provider for membership, profiles and the role manager in SharePoint.

First we need to expand our Intranet site that is in the Default Zone (with default, Active Directory based Authentication). This is done in Central Administration / Create or Extend Web Application.

Select Extend an existing Web application and then select the web application we need to extend to external, SQL Server based users.

The most important part of the configuration forms after you select the correct application to extend, is on the screen below.

We need to enter the external host name that will be visible from every workstation, so it’s important to have a good domain for our extranet site as it will be probably used by our clients and customers. We may also need to enable anonymous authentication, but in this scenario we won’t be using that for our Extranet site.

Pages: 1 2


One Response to “Sharepoint Extranet Setup with FBA (Forms Based Authentication)”

  1. Great article! Very helpful. I actually added the aspnetdb table to the existing default OfficeServers database. However, I am wondering, what do I need to change to the web.config file? I don’t want to add the remove command since it is database as the content. But do I still need to add a connection to the aspnetdb table? Thanks in advance.