Forms Based Authentication (FBA)
Forms Based Authentication is an identity management system based on ASP.NET membership and role provider authentication. Forms Based Authentication in SharePoint 2013 is a claims-based authentication method. In the normal scenario we authenticate to SharePoint
using AD, but here we are using a separate SQL DB for authentication.
Authentication types and methods in SharePoint 2013
- Windows authentication
- Forms-based authentication
- SAML token-based authentication
Create a separate database
- Open the path as in the following:
- C:\Windows\Microsoft.NET\Framework\v4.0.30319 and run the exe aspnet_regsql.exe
- Otherwise we can run this exe using a Visual Studio command prompt.
- Click on the Next button.
- Here select the first option Configure SQL Server for application services.
- Enter the server name and database name. If you do not specify the dB name then it creates the dB with the name aspnetdb.
- Click on the next button.
- Click on Finish, now the dB is created.
Our database creation has been completed and next we need to add users to the same db. For this we can use Visual Studio or IIS.
- Add a new website in IIS.
- Click on the Connection string.
- Enter the connection name, server name and database name here.
- Enable the Forms Authentication.
- Click on the providers.
- Create a .Net Role here.
- Create a .Net User.
- Click on the Finish button. Now a user is created in the database.
Add users using Visual Studio
- Create a website and edit the webconfig and click on the Website tab.
- Click on the ASP.NET Configuration.
- Here we have the option to create a new user and roles.
- The next step is to make some changes in Central Admin, Security Token Services.
- For this we need to directly change some options through IIS or we can edit the values in the webconfig.
Create a SQL connection for SharePoint Central Admin site as in the following:
- Create the Membership provider and Role provider.
- The same things need to be done in the Security Token Service Application website.
- Create the connection string, memberprovider and role provider.
- The next step is to create a new web application.
- Open Central Admin tehn select Application Management => Manage web Application.
- Click on the New button.
- Here we have the changes from a normal web application only in the Authentication part.
Check the Enable Forms Based Authentication and enter the Membership and Role provider name. After this we need to create a site collection. Now our new web application and site are created and we need to add a connection string and provider name for the new web application. Edit the web config for New Web Application, Central admin and Security Token Services Application site.
Now open the site. It shows two options for logging.
Now we are logged in using Windows Authentication. Set the permission for the newly created user.
Go to Site Settings => Site permission
Here we will get the users both AD and forms authentication. Here it's showing one of my AD accounts and an other from the database.
Next we are logging with Forms Authentication.