Wednesday, August 8, 2012

Configure Claim Based Authentication in SharePoint 2010

Introduction:
In this article we will discuss about how to configure claim based authentication in SharePoint 2010. You can also check my last article on Full trust and Code Access Security (CAS) in SharePoint 2010 here.

Details:
To configure claim based authentication in SharePoint 2010 we have to do the below steps:

1. Create the AspNet DB:

In this step we will create the ASPNETDB in SQL Server with the help of  aspnet_regsql.exe.
For this go to C:\Windows\Microsoft.NET\Framework64\v2.0.50727 and click on aspnet_regsql.exe
This will open a dialogbox "Welcome to the ASP.NET SQL Server Setup Wizard" Click Next as shown in the figure below:

In the Next screen select Configure SQL Server for application services radio button and click on Next as shown in the figure below:

Then in the next screen it will ask for the Server name and wether you want to go for Windows authentication or SQL Server authentication and the Database.
I have choosen here windows authentication and Database as as shown in the figure below.

This will create the aspnetdb in SQL Server. Now in Open SQL Server Management Studio and Click on Security -> Logins and from the list of logins double click on the particular username.

This will open the Login Properties dialogbox, Click on User Mappings and check the particular user should have access to aspnetdb and it must be a db_owner as shown in the figure below:

This finishes our 1st step.

2. Create web application:

In this step we will create the web application that will use claim bases authentication. You can also check this article on how to create a web application in SharePoint 2010.

For this:
Open SharePoint Central Administration -> Application Management and then Manage web applications then Click on New web application from the Ribbon

This will open the Create New Web Application dialog box.

Here select the options carefully. First select Authentication as: Claim Based Authentication (Radio Button).
In the Security Configuration: Allow Anonymous access to No (Default). and Use Secure Sockets Layer (SSL) select No.

And then in the Claims Authentication Types:
Here check Enable Windows Authentication and Integrated Windows authentication and select NTLM from the drop down.

And check Enable Forms Based Authentication (FBA) and give  ASP.NET Membership provider name as: AspNetSqlMembers and ASP.NET Role manager name as: AspNetSqlRoles as shown in the figure below:

And rest of the setting are as per rules to create web application and then click on OK. and this will create the web application.

This completes our 2nd step.

3. Modify in Web.Config file of SharePoint Central Administration.

Open the web.config file of the SharePoint 2010 central administration:
Find </SafeControls> and after this add line below:

 <PeoplePickerWildcards>
      <clear />  
      <add key="AspNetSqlMembers" value="%" />
    </PeoplePickerWildcards>

Now find <sessionState mode="InProc" timeout="20" cookieless="UseCookies" />
After the above line add:

<roleManager enabled="true" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="AspNetWindowsTokenRoleProvider" createPersistentCookie="false" maxCachedResults="25">
      <providers>
        <clear />
        <add connectionStringName="SqlConn" applicationName="/" name="AspNetSqlRoles" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>

    <membership defaultProvider="AspNetSqlMembers" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear />
        <add connectionStringName="SqlConn" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="AspNetSqlMembers" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
</system.web>

Now find </appSettings>
Add below the above tag:

</appSettings>
  <connectionStrings>
    <add name="SqlConn" connectionString="data source=BSAHOO3;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  </connectionStrings>

This completes our 3rd step.

4. Add users to Database through IIS Manager.

In this step we will add some users to the Database through IIS Manager.

Now open IIS Manager (Start -> Run -> inetmgr and click on OK)

This will open the IIS manager. Now select the SharePoint Central Administraion Site and click on .Net users as shown in the figure below:

This will show list of users, from the right side from Actions section click ok Add...

From the Add user screen fill the form and click on OK as shown in the figure below:

This finishes our 4th step.

5.  Modify in Web.Config file of Web Application.

In this step we will modify the web.config file of the web application that we have created in step 2.

Open the web.config file of the Web Application.

Find </SafeControls> and after this add line below:

<PeoplePickerWildcards>
      <clear />
      <add key="AspNetSqlMembershipProvider" value="%" />
      <add key="AspNetSqlMembers" value="%" />
    </PeoplePickerWildcards>

Now search for <machineKey validationKey=

And paste the code below:
 <roleManager cacheRolesInCookie="false" cookieName=".ASPXROLES" cookiePath="/" cookieProtection="All" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieTimeout="30" createPersistentCookie="false" defaultProvider="c" enabled="true" maxCachedResults="25">
      <providers>
        <clear />
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
        <add connectionStringName="SqlConn" applicationName="/" name="AspNetSqlRoles" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>

    <membership defaultProvider="i" hashAlgorithmType="" userIsOnlineTimeWindow="15">
      <providers>
        <clear />
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
        <add connectionStringName="SqlConn" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="AspNetSqlMembers" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

</system.web>

Now search for </appSettings>
After this add below code:

<connectionStrings>
    <add name="SqlConn" connectionString="data source=BSAHOO3;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  </connectionStrings>

6. Update web.config file of the STS (Secure Token Service) Application:

Now open the web.config file presented inside C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken

Search for </system.serviceModel>
And after that add the following code:

<connectionStrings>
    <add name="SqlConn" connectionString="data source=BSAHOO3;Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
  </connectionStrings>
  <system.web>
    <membership defaultProvider="AspNetSqlMembers">
      <providers>
        <add connectionStringName="SqlConn" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" requiresUniqueEmail="false" passwordFormat="Hashed" applicationName="/" name="AspNetSqlMembers" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
    <roleManager defaultProvider="AspNetSqlRoles" enabled="true">
      <providers>
        <add connectionStringName="SqlConn" applicationName="/" name="AspNetSqlRoles" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>
  </system.web>

This finishes our step 6.

7. Create Site Collection:

You can create the site collection by using the web application that we have created in step-2 by following this article.

Give the site collection administrator and secondary site collection administration the users that we have created from AspNetSqlMembers provider. and click on Ok.

Now when ever you open the site collection it will ask you claim authentication. For more information you can follow the below article.
http://ashrafhossain.wordpress.com/2011/05/25/how-to-configure-claim-based-authentication-for-sharepoint-project-server-2010/

No comments:

Post a Comment