Setting up Forms Authentication

Posted: Monday 17 October 2011 by Khalid Ameerodien in Labels:
1

I was asked to convert a WEB application that was running classic mode authentication to Forms. Now in order to do this I had to change the web application to Claims based authentication however that was greyed out. No problem for powershell though. I done the following in powershell:

$App = get-spwebapplication “http://yoururl”

$app.useclaimsauthentication = “True”

$app.Update()

This enabled Claims authentication in the Web Application. I then edited the authentication providers and ticked the Forms based authentication box. Now the tricky bits are to follow. You will need to edit the web.config of your site as well as Central Admin and the Security Token.

 

In the Web Application web.config add the following after <providers>.

<add name="ADAuth"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Your Auth Server"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="Samaccountname"
groupNameAttribute="mail"
userContainer="DC=hi,DC=local"
userObjectClass="person"
userFilter="(&amp;(ObjectClass=*))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn,mail" />

 

Add the following under the rolemanager provider section

<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Your auth Server"
port="389"
useSSL="false"
groupContainer="DC=HI,DC=local"
groupNameAttribute="Displayname"
groupMemberAttribute="member"
groupNameAlternateSearchAttribute="mail"
userNameAttribute="mail"
dnAttribute="distinguishedName"
groupFilter="(&amp;(ObjectClass=group))"
scope="Subtree" />

 

Now we need to add the functionality to select Forms Authentication. Search the Web.config for PeoplePickerWildcards

Add the following below the tag

<add key="ADAuth" value="*" />

<add key="roleManager" value="*" />

 

Now save and close the web.config.

 

Open the web.config of your central admin application and add the following entries:

As above but add the following in under <providers>

type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Your Auth Server"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="Samaccountname"
groupNameAttribute="mail"
userContainer="DC=hi,DC=local"
userObjectClass="person"
userFilter="(&amp;(ObjectClass=*))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn,mail" />
/>

The search for the rolemanager provider and add this below

 

<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Your auth Server"
port="389"
useSSL="false"
groupContainer="DC=HI,DC=local"
groupNameAttribute="Displayname"
groupMemberAttribute="member"
groupNameAlternateSearchAttribute="mail"
userNameAttribute="mail"
dnAttribute="distinguishedName"
groupFilter="(&amp;(ObjectClass=group))"
scope="Subtree" />

 

And then add the following below the <PeoplePickerWildCards> tag

<add key="ADAuth" value="*" />

<add key="roleManager" value="*" />

Save and close the web.config

 

Now open the web.config of the security token and do the following:

Under the <providers> tag add the following

<add name="ADAuth"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Your Auth Server"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="Samaccountname"
groupNameAttribute="mail"
userContainer="DC=hi,DC=local"
userObjectClass="person"
userFilter="(&amp;(ObjectClass=*))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn,mail" />
/>

 

Search for the rolemanager provider and add this below

<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Your auth Server"
port="389"
useSSL="false"
groupContainer="DC=HI,DC=local"
groupNameAttribute="Displayname"
groupMemberAttribute="member"
groupNameAlternateSearchAttribute="mail"
userNameAttribute="mail"
dnAttribute="distinguishedName"
groupFilter="(&amp;(ObjectClass=group))"
scope="Subtree" />

 

Now Save and close the file.

 

To test go into Central Admin and try to assign a user permissions but only use the first 3 letters of their name the click the check names button. You should receive a warning that "No exact match was found. Click the item(s) that did not resolve for more options" when click the letters you should be given an option to select forms or ADAUTh

 

 

1 comments:

  1. http://bestnaturalhealthsupplements.com says:

    I get pleasure from, result in I found just what I used to be looking for. You've ended my 4 day long hunt! God Bless you man. Have a great day. Bye