Sharepoint Extranet Setup with FBA (Forms Based Authentication)
21. Dec, 2009 
1 Comment by Stephan Zahariev
Now we can browse to our newly created website although it still uses default authentication method (Active Directory accounts).
Keep in mind, that this is the same website, sharing the same content database. The only difference is in the IIS server, where you have two different IIS applications with two different web.config files. We’ll modify these configuration files next to setup the proper membership provider and role manager functions that our SharePoint will use, so we’ll have forms-based login, not default one.
Now open the web.config file of your Extranet Site (‘Explore’ this site via IIS if you don’t know the exact location of this site on your server). By default, all websites are stored in c:\inetpub\wwwroot\wss\virtualdirectories. Be sure to backup the web.config file before making any changes.
Find the closing </System.Web> tag and below it add:
<connectionStrings>
<remove name=”LocalSqlServer” />
<add name=”LocalSqlServer” connectionString=”Server=oursqlserver;Database=aspnetdb;uid=sa;pwd=yourpassword;” providerName=”System.Data.SqlClient” />
</connectionStrings>
After adding these sections, save the changes and do an IISReset from the command prompt with administrative rights. Keep in mind that you have to edit the lines above and type in your actual SQL credentials or the ASP .NET services (used by SharePoint) won’t be able to communicate with SQL Server and won’t read any user data from it.
You also need to add the same tag to the Central Administration web.config file, in order to setup site-administrators properly (then you will be able to login to Forms-Enabled site, and add other forms-based users to extranet portal).
After you’ve added the required web.config entries, the last step is to switch Authentication for our Extranet Zone from Default (AD) to Forms.
Go to Central Administration / Application Management / Authentication Providers (Screen below)
As you can see, we have two zones declared here – Default and Extranet, both configured for Windows Authentication. We need to switch the Extranet zone to Forms authentication, so click on Extranet to set that up.
On the screenshot above, you see we’ve changed the Authentication type to Forms, and entered the Membership Provider Name that will service our SQL Server based accounts. If you’ve decided to enable anonymous access for your extranet site, you’ll have to check the Enable Anonymous access box here as well.
Confirm changes and after a short wait, we are done! Let’s check if the configuration worked.
As you can see, we have the Forms based authentication login screen. But there’s still one thing missing – actual SQL Server users so we need to create them. The fastest way for an administrator to do this is to execute a SQL Query on the database “aspnetdb” that was configured for our forms based authentication.
The SQL Query that needs to be executed on ASP .NET database :
declare @now datetime
set @now= GETDATE()
exec aspnet_Membership_CreateUser ‘appName’,’userid‘,’password‘,
”,‘email@somewhere.com’,”,”,1,@now,@now,0,0,null
You only need to edit the fields that are marked red.
That’s all you need from an administrative point of view, to be able to host Extranet Sites which will be available from the outside your company.
Related Articles:
Great article! Very helpful. I actually added the aspnetdb table to the existing default OfficeServers database. However, I am wondering, what do I need to change to the web.config file? I don’t want to add the remove command since it is database as the content. But do I still need to add a connection to the aspnetdb table? Thanks in advance.