Wednesday 31 May 2017

Disable Redirect from User Information Page (userdisp.aspx) to MySite Profile Page (Person.aspx)

If you want to quickly check SharePoint user profile properties, You can get it from user information list or by simply clicking on user name hyperlinks from metadata fields such as: Created by. Usually, user profile page points to:

  • http://sharepointsite.com/_layouts/userdisp.aspx?ID=123
When clicked on user name hyperlink, will get redirected to My Site profile page (E.g. http://mysite/person.aspx?accountname) if the user has a my site profile created.

 If the user has My site profile created, then the UserDisp.aspx page redirects to his/her My site profile page automatically.

Is there any way to get the basic version of userdisp.aspx, instead of redirecting them to the MySite profile of that person when someone clicks on such links? Well, Here is a nifty trick to stop redirecting to user's Mysite profile page and get the simple User Information.
  • Add:Force=True parameter to the above URL. So, it will be:
    http://portal.ad2012.loc/_layouts/userdisp.aspx?Force=True&ID=20

 What if You want to avoid profile redirect permanently?
Behind the scenes, there is a OOTB user control called "MySiteRedirection.ascx" User control tied to a delegate control "DelctlProfileRedirection" on userdisp.aspx page that does this re-direction. You can either replace this delegate control or you can simply disable the feature: "MySite" To avoid profile redirect.

2. Sharepoint 2007 userdisp.aspx redirect to MySite


Question :
Hi,

we encountered nice little problem after WSS&MOSS SP2 update.. userdisp.aspx is trying to redirect user to MySites and crashes. MySites are disabled.  userdisp.aspx is working when you apply &force=true to end of the URL.

userdisp.aspx  was not behaving whis way before the update. How could we customize that userdisp.aspx in the layouts-folder so it would NOT go to mysites, and would work the way it works with userdisp.aspx&force=true works? Or is there any other way to solve this?

Solution :
1.- Open in Notepad: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\userdisp.aspx

2.- Change Scope="Farm" to Scope="Web" like below....

There's another way using a feature... but this way is EZ
From
<SharePoint:DelegateControl runat="server" id="DelctlProfileRedirection" ControlId="ProfileRedirection" Scope="Farm" />

 To
<SharePoint:DelegateControl runat="server" id="DelctlProfileRedirection" ControlId="ProfileRedirection" Scope="Web" />

References:
1. Disable Redirect from User Information Page (userdisp.aspx) to MySite Profile Page (Person.aspx)
2. Sharepoint 2007 userdisp.aspx redirect to MySite
Posted by at 1 comment:

Monday 29 May 2017

Overview of SharePoint 2013’s Services

With the new version, we get new features and functionality. The following lists off the services available with SharePoint 2013 Enterprise, and briefly explains what they do.

Access Database Service 2010

Access Services 2010 is a service application that allows users to modify and publish in SharePoint Server 2013 an Access web database that was previously created in SharePoint Server 2010. http://technet.microsoft.com/en-us/library/ee748653.aspx

Access Services

Access Services enables you to create and customize Access apps for SharePoint. http://technet.microsoft.com/en-us/library/jj714714.aspx

App Management Service

App Management Service is part of the new App support within SharePoint 2013. This service, along with the Microsoft SharePoint Foundation Subscription Settings Service, have to be configured properly to support the new App model. http://technet.microsoft.com/en-us/library/fp161236.aspx#ConfigureAppServices

Business Data Connectivity Service

Business Data Connectivity Service allows you to pull in external data sources into SharePoint, and treat them much like a normal SharePoint list. This allows businesses to connect to existing line of business applications with minimal effort. http://technet.microsoft.com/en-us/library/ee681491.aspx

Central Administration

This service is what provides Central Administration on the server. Make sure at least one server in your farm has this running. I don’t know if you can stop this on all servers, I haven’t tried, and I don’t recommend it!

Claims to Windows Token Service

The Claims to Windows Token Service (c2WTS) is a feature of Windows Identity Foundation (WIF). The c2WTS extracts user principal name (UPN) claims from non-Windows security tokens, such as SAML and X.509 tokens, and generates impersonation-level Windows security tokens. This allows a relying party application to impersonate the user. This might be needed to access back-end resources, such as Microsoft SQL Servers, that are external to the computer running the relying party application. http://msdn.microsoft.com/en-us/library/ee539091.aspx

Distributed Cache

The Distributed Cache service provides caching features in SharePoint Server 2013. The microblog features and feeds rely on the Distributed Cache to store data for very fast retrieval across all entities. The Distributed Cache service is built on Windows Server AppFabric, which implements the AppFabric Caching service. Windows Server AppFabric installs with the prerequisites for SharePoint Server 2013. http://technet.microsoft.com/en-us/library/jj219700.aspx#cache http://technet.microsoft.com/en-us/library/jj219613.aspx

Document Conversions Launcher Service

This service schedules and initiates the document conversions. When SharePoint Foundation passes a document conversion request to the document conversion launcher service, the service must call the appropriate document converter. http://msdn.microsoft.com/en-us/library/aa979484(v=office.14).aspx

Document Conversions Load Balancer Service

This service balances the document conversion requests from across the server farm. When it receives a converter request from SharePoint Foundation, the document conversion load balancer service must return a URI to the appropriate document conversion launcher service. SharePoint Foundation connects to the specified launcher via .NET Remoting and requests that it convert the specified document. http://msdn.microsoft.com/en-us/library/aa979484(v=office.14).aspx

Excel Calculation Services

Excel Services is a SharePoint Server 2013 service application that allows users to share and view Excel workbooks. The service application also enables data-connected Excel workbooks and work sheets to be refreshed and updated from a variety of data sources. http://technet.microsoft.com/en-us/library/jj219698.aspx

Lotus Notes Connector

Lotus Notes Connector provides connectivity for search to crawl Lotus Notes content within a Domino database. http://technet.microsoft.com/en-us/library/jj591606.aspx

Machine Translation Service

Machine Translation Service provides automatic machine translation of files and sites. When the Machine Translation Service application processes a translation request, it forwards the request to a cloud-hosted machine translation service, where the actual translation work is performed. http://msdn.microsoft.com/en-us/library/jj163145.aspx

Managed Metadata Web Service

The managed metadata service application makes it possible to use managed metadata and share content types across site collections and web applications. A managed metadata service publishes a term store and, optionally, content types; a managed metadata connection consumes these. http://technet.microsoft.com/en-us/library/ee424403.aspx

Microsoft SharePoint Foundation Incoming E-Mail

The Incoming E-Mail service allows for users to send emails to libraries within your sites. http://technet.microsoft.com/en-us/library/cc262947.aspx

Microsoft SharePoint Foundation Sandboxed Code Service

A sandbox is a restricted execution environment that enables programs to access only certain resources and keeps problems that occur in the sandbox from affecting the rest of the server environment. Solutions that you deploy into a sandbox, which are known as sandboxed solutions, cannot use certain computer and network resources and cannot access content outside the site collection they are deployed in. Because sandboxed solutions cannot affect the whole server farm, they do not have to be deployed by a farm administrator. If sandboxed solutions have been enabled on at least one server in the farm, a site collection administrator can deploy solutions to a run in a sandbox on any server in the farm. http://technet.microsoft.com/en-us/library/ff535775(v=office.15).aspx

Microsoft SharePoint Foundation Subscription Settings Service

This service was primarily used for multi-tenency support in SharePoint 2010. In SharePoint 2013, it is also necessary for apps.  http://technet.microsoft.com/en-us/library/fp161236.aspx#ConfigureAppServices

Microsoft SharePoint Foundation Web Application

This is the core service for running your sites. It configures IIS to host the sites providing the SharePoint to end users.

Microsoft SharePoint Foundation Workflow Timer Service

This service supplements the main Timer service with configuration settings for timed workflow events.

PerformancePoint Service

PerformancePoint Services in SharePoint Server 2013 is a performance management service that you can use to monitor and analyze your business. By providing flexible, easy-to-use tools for building dashboards, scorecards, and key performance indicators (KPIs), PerformancePoint Services can help individuals across an organization make informed business decisions that align with companywide objectives and strategy. http://technet.microsoft.com/en-us/library/ee424392.aspx

PowerPoint Conversion Service

PowerPoint Conversion Service provides unattended, server-side conversion of presentations into other formats. http://msdn.microsoft.com/en-us/library/fp179894.aspx

Request Management

Request Manager is functionality in SharePoint Server 2013 that enables administrators to manage incoming requests and determine how SharePoint Server 2013 routes these requests. http://technet.microsoft.com/en-us/library/jj712708.aspx

Search Host Controller Service

This service manages the search topology components. The service is automatically started on all servers that run search topology components. http://technet.microsoft.com/en-us/library/gg502597.aspx

Search Query and Site Settings Service

This service load balances queries within the search topology. It also detects farm-level changes to the search service and puts these in the Search Admin database. The service is automatically started on all servers that run the query processing component. http://technet.microsoft.com/en-us/library/gg502597.aspx

Secure Store Service

The Secure Store Service is an authorization service that runs on an application server and provides a database that is used to store credentials. These credentials usually consist of a user identity and password, but can also contain other fields that you define http://technet.microsoft.com/en-us/library/ee806866.aspx

SharePoint Server Search

This service crawls content for the search index. This service is automatically started on all servers that run search topology components. The service cannot be stopped or started from the Services on Server page. http://technet.microsoft.com/en-us/library/gg502597.aspx

User Profile Service

The User Profile service application stores information about users in a central location. Social computing features use this information to enable productive interactions so that users can collaborate efficiently. http://technet.microsoft.com/en-us/library/ee662538.aspx

User Profile Synchronization Service

The User Profile Synchronization Service facilitates the creation of user profiles by importing data from directory services, such as Active Directory Domain Services (AD DS). You can augment user profiles by importing data from business systems, such as SAP or SQL Server. http://technet.microsoft.com/en-us/library/gg188041.aspx

Visio Graphics Service

The Visio Graphics Service allows users to share and view Visio diagrams by using Visio Services. The service application also enables data-connected Visio 2013 diagrams to be refreshed and updated from different data sources. http://technet.microsoft.com/en-us/library/ee524059.aspx

Word Automation Services

Word Automation Services enables unattended, server-side conversion of documents that are supported by Microsoft Word.http://msdn.microsoft.com/en-us/library/ee558278(v=office.14).aspx

Work Management Service


The Work Management Service automates consolidating tasks from SharePoint, Exchange and Project Server. http://technet.microsoft.com/en-us/library/jj554516.aspx

Reference:
David Lozzi's Blog (Overview of SharePoint 2013’s Services)
Posted by at No comments:

Monday 8 May 2017

JavaScript Client Code to get current user's groups for SharePoint Server 2013

1. How to hide div based on user groups (nested logic)

 2. JavaScript Client Code to get current user's groups for SharePoint Server 2013

SP.SOD.executeFunc('sp.js', 'SP.ClientContext', IsCurrentUserWithContributePerms);
function IsCurrentUserWithContributePerms() {
            IsCurrentUserMemberOfGroup("Group1", function (isCurrentUserInGroup) {
                if (isCurrentUserInGroup) {
                    document.getElementById("Ribbon1").style.display = 'none'; //
                    document.getElementById("Ribbon2").style.display = 'none';
                }
                else {
                    document.getElementById("Ribbon1").style.display = 'block';
                    document.getElementById("Ribbon2").style.display = 'block';
                    IsCurrentUserMemberOfGroup("Group2", function (isCurrentUserInGroup) {
                        if (isCurrentUserInGroup) {
                            document.getElementById("Ribbon1").style.display = 'none';
                            document.getElementById("Ribbon2").style.display = 'none';
                        }
                        else {
                            document.getElementById("Ribbon1").style.display = 'block';
                            document.getElementById("Ribbon2").style.display = 'block';
                            IsCurrentUserMemberOfGroup("Group3", function (isCurrentUserInGroup) {
                                if (isCurrentUserInGroup) {
                                    document.getElementById("Ribbon1").style.display = 'none';
                                    document.getElementById("Ribbon2").style.display = 'none';
                                }
                                else {
                                    document.getElementById("Ribbon1").style.display = 'block';
                                    document.getElementById("Ribbon2").style.display = 'block';
                                    IsCurrentUserMemberOfGroup("Group4", function (isCurrentUserInGroup) {
                                        if (isCurrentUserInGroup) {
                                            document.getElementById("Ribbon1").style.display = 'none';
                                            document.getElementById("Ribbon2").style.display = 'none';
                                        }
                                        else {
                                            document.getElementById("Ribbon1").style.display = 'block';
                                            document.getElementById("Ribbon2").style.display = 'block';

                                        }
                                    });
                                }
                            });
                        }
                    });
                }
            });
        }

Posted by at No comments:

Search processes consuming a lot of memory

1. Search processes consuming a lot of memory


2. Fix for Memory leak by Noderunner.exe 

 This however is *not* supported, and not recommended, so don't do this on production environment! If your components run out of memory they will start acting very weird and/or crash. I even have managed to kill my farm beyond repair by setting the memory limit too low, so consider yourself warned!

 3. Fix Memory Leak in SharePoint 2013 Preview (Microsoft Office 2013 Component / NodeRunner.exe)

 4. Throttling performance of your SharePoint 2013 Enterprise Search Service on your dev box

 You can change e.g. the Performance Levels for your crawls.

 Powershell Cmdlet:

 1. How to check the EnterpriseSearchService
Get-SPEnterpriseSearchService |

 2. How to set EnterpriseSearchService
Set-SPEnterpriseSearchService –PerformanceLevel "Reduced"

 For the setting to take effect do an 

 IISReset 

 or 

 Restart the Search Service in Central Admin

 To start or stop a service by using Central Administration
  1. Confirm that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
  2. On the the SharePoint Central Administration website, click System Settings.
  3. On the System Settings page, in the Servers section, click Manage services on server.
  4. To change the server on which you want to start or stop the service, on the Server menu, click Change Server, and then click the server name that you want.
  5. By default, only configurable services are displayed. To view all services, on the View menu, click All.
  6. To start or stop a service, click Start or Stop in the Action column of the relevant service.
  7. Click OK to start or stop the service.
Performance Level Explained:
Reduced:

 Total number of threads = number of processors, Max Threads/host = number of processors




PartlyReduced:

 Total number of threads = 4 times the number of processors , Max Threads/host = 16 times the number of processors

 Maximum:

 Total number of threads = 4 times the number of processors , Max Threads/host = 16 times the number of processors (threads are created at HIGH priority)

 Node Runner:

 This however is *not* supported, and not recommended, so don't do this on production environment! If your components run out of memory they will start acting very weird and/or crash. I even have managed to kill my farm beyond repair by setting the memory limit too low, so consider yourself warned!
  • Change noderunner.exe:


 You can also edit the noderunner.exe config file located at:

 C:\Program Files\Microsoft Office Servers\15.0\Search\Runtime\1.0\noderunner.exe
And set a value for <nodeRunnerSettings memoryLimitMegabytes="0" />






The zero means "unlimited" here. The only thing to do is to set to the amount of RAM you'd like to set as a limit for each noderunner.exe processes.
  • Limitations 
1. Event Logs

The Execute method of job definition Microsoft.Office.Server.Search.Administration.CustomDictionaryDeploymentJobDefinition (ID 57d6f360-07a1-4be1-b651-3fff5c8667d4) threw an exception. More information is included below.



Failed to run flow Microsoft.CustomDictionaryDeployment. Correlation Id: 8be3ef9d-61ae-40d1-ecb7-473d31e8931c.



2.

 After doing changes into your "noderunner.exe config" file and you start facing above mention errors under limitations. Kindly, change  "memoryLimitMegabytes  to 0" in noderunner.exe (config file)  and restart the "SharePoint Search Host Controller service"





NOTE: Be aware, these settings might make your crawling processes slower.
Hope this will help a little.

 References : 

 1. SharePoint 2013: Performance Issues with Search Service Application on a Development VM
2. Throttling performance of your SharePoint 2013 Enterprise Search Service on your dev box
3. Search processes consuming a lot of memory
Posted by at No comments:

Saturday 6 May 2017

Step by Step Forms-Based Authentication (FBA) on SharePoint 2010

This is an A-Z guide that helps you setup a web application with Forms-Based Authentication (FBA) in SharePoint Foundation 2010, using Claims-Based authentication. It uses MS SQL Server to store users. The SharePoint server is running in Windows Server 2008 R2. Although this guide uses SharePoint Foundation 2010, the same steps apply to SharePoint Server 2010.
In this guide, you’ll create a SQL Server database to hold users and roles, create a SharePoint Web Application that uses FBA, configure IIS and the web.config files for the Web App, Central Admin and the Security Token Service, create a test user in the database and test your setup.
Setting up the ASP.NET Membership Provider database

 Before we make any changes to SharePoint, let’s first create the database to store our users and groups.

 Log on to your SharePoint server with a SharePoint admin account. Make sure this account has the DB creator server role on the SQL server that’ll hold the FBA users DB.

 Navigate to the .NET v2 folder. The default location is: C:\Windows\Microsoft.NET\Framework\v2.0.50727

 Here, locate the file aspnet_regsql.exe and run it.

 You’ll be presented with the ASP.NET SQL Server Setup Wizard

 Click Next to continue to the Select a Setup Option step.

Select Configure SQL Server for application services. This is the default option.

 Click Next to advance to the Select the Server and Database step.
Specify the SQL Server name and instance where you want to create the database. Also specify the database name.

 Click Next to advance to the Confirm Your Settings step.

 Check if you’ve specified the correct SQL Server name and instance and DB name. 

 Click Next to create the database.

 If all went well, you’ll see the success screen displayed above. Let’s check if the database was created as intended.

 Start Microsoft SQL Server Management Studio and connect to the database server instance. If all went well, you’ll find your new database has been created, along with a bunch of tables to hold our users:

 If you’re using Integrated Security, you’ll need to provide access to the database for the following service accounts in SharePoint:
  • Service Account that’ll be used for the application pool for the SharePoint Web Application using FBA.
  • Service Account used for the Security Token Service.
  • Service Account used for the Application Pool of SharePoint Central Administration.


In this case, we’ll be using SQL Server authentication. So create a new Login on the SQL Server. From SQL Server Management Studio, use the Object Explorer to navigate to the Security → Logins folder. Right click on the Logins folder to open the context menu and choose the menu item New Login…


This will open the Login – New dialog. Here, you specify a Login name, i.e. FBAService and a SQL Server authentication password, i.e. pwd. You can set your membership provider database as the Default database. Click OK to add the user. It will now show up in the list of logins.

 To give the login access to the database, locate the database in the Object Explorer, under the Databases folder and expand the folder Security. Open the context menu from the Users folder and choose the option New User…

 This opens the Database User – New dialog.

 In this dialog, specify a name for the user and insert the login name that you created earlier (i.e. FBAService) in the Login name text field.






Assign the following Database roles to the user:
  • aspnet_Membership_FullAccess
  • aspnet_Roles_FullAccess
Click the OK button to add the user to the database. 

Creating the Web Application

Now that the DB has been created, we’ll create a new Web Application on the SharePoint 2010 server.
Open Central Administration as a SharePoint Farm administrator user.
Under Application Management, select Manage Web Applications.


You’ll see a list of current Web Applications, Click the New button in the Contribute section of the Ribbon to create a new Web Application.

 After a few seconds, you’ll see the Create New Web Application Modal window.

 First, change the authentication mode to Claims Based Authentication.
Next, Specify the Name, Port and Host Header of your new IIS web site.

Leave the Security Configuration settings as default (no anonymous and no SSL).
Under Claims Authentication Types, leave the default settings for now (Enable Windows Authentication, using Integrated Windows Authentication via NTLM). We’ll modify these settings for FBA later.
Set the remaining settings for the new Web Application as you see fit.
Click OK button to create the new Web Application. Wait a few moments until the Application Created dialog is shown, and click the OK button to close it (don’t create a site collection just yet). The new Web Application will now show up in the list of Web Applications.

Modify IIS settings

In your SharePoint 2010 Foundation server, start Internet Information Services (IIS) Manager.
Under your Web Server, navigate to the IIS site that we created in the previous step and double click on Connection Strings

You’ll see a list of Connection Strings. In the Actions Pane, click Add… This opens the Add Connection String dialog.
Here, specify a name for the connection string and give the SQL Server name and instance, and database name of the DB that we created earlier. Use the Set… button to specify the SQL Server authentication credentials for the SQL Server user that will access the database.
Click the OK button to add the connection string.
Go back to the IIS site screen and double click Providers.

Under Feature:, select .NET Users and in the Actions Pane, click Add…

 The Add Provider window opens…

Here, we’ll modify a few settings:
  • First of all, select SqlMembershipProvider from the Type dropdown listbox.
  • Next, specify a name for the Provider, i.e. “FBA”.
  • Under the Behaviour section, specify the desired behaviour for the SqlMembershipProvider.
  • Under Data, select the Connectionstring we created in an earlier step.
  • For the ApplicationName, enter “/”.
Click the OK button to add the provider. The new .NET Users provider will be visible in the list of Providers.
Now, Change the feature to .NET Roles and in the Action pane, click Add…

The Add Provider window opens…

Here, set the following items:
  • Under Type, select SqlRoleProvider
  • Specify a name for the SqlRoleProvider, i.e. “FBARoles”
  • Under Data, select the Connectionstring we created in an earlier step.
  • For the ApplicationName, enter “/”.
Click the OK button to add the provider. The new .NET Roles provider will be visible in the list of Providers.
The changes we’ve made to the IIS settings so far, have actually been made in the ASP.NET Web.Config file.
In the IIS Manager, Switch to Content View, Open the Context menu by clicking below the list of files and folders and choose Explore to open Windows Explorer.
From the new Windows Explorer window, open the web.config file in Notepad to view the changes.
The highlighted rows were added with our previous actions:
<configuration>
    [...]
    <system.web>
        [...]
        <membership defaultProvider="i">
            <providers>
                <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
                <add name="FBA" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ontw-spf2010 FBA DB" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Hashed" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" applicationName="/" />
            </providers>
        </membership>
        <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
            <providers>
                <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
                <add name="FBARoles" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ontw-spf2010 FBA DB" applicationName="/" />
            </providers>
        </roleManager>
        [...]
    </system.web>
    [...]
    <connectionStrings>
        <add connectionString="Server=ontw-sql2010\test;Database=FBA-ontw-spf2010;User ID=FBAService;Password=pwd" name="ontw-spf2010 FBA DB" />
    </connectionStrings>
    [...]
</configuration>


As you can see, there are also other providers there, named “i” and “c”. These are there by default and required for Claims Based Authentication. Be sure not to modify them!
The membershipprovider also supports additional settings, such as the minimum required password length and number of non-alphanumeric characters required in a password. For a full list of properties that can be set, see http://msdn.microsoft.com/en-us/library/9x1zytyd(v=VS.90).aspx

Add ConnectionString and Providers to STS and Central Admin.

In order for FBA to work, the ConnectionString, .NET Roles provider and .NET Users provider also need to be added to the web.config files of the Security Token Service and the web.config file of the Central Administration Web Application.
We could do this using the dialogs we used from the previous steps, but we can also make the changes in the web.config files directly.
First up: the Security Token Service.
From the IIS Manager, locate the web.config file location by following these steps:




Under the SharePoint Web Services IIS site, Select SecurityTokenServiceApplication, open the context menu by right-clicking the SecurityTokenServiceApplication node and choose Explore.
This will open a Windows Explorer dialog with the location of the STS web.config file. The default location is C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken.
Open the web.config in a text editor, like Notepad and make the following changes:
In the <configuration> section, see if there is a <connectionStrings> element present. If not, add a <connectionStrings> element. Next, add the element containing the connection string to the FBA database as highlighted in the Web App’s web.config file above, i.e.:

<connectionStrings>
    <add connectionString="Server=ontw-sql2010\test;Database=FBA-ontw-spf2010;User ID=FBAService;Password=pwd" name="ontw-spf2010 FBA DB" />
  </connectionStrings>

Next, check if there is a <system.web> element, with <membership> and <roleManager> elements present in the web.config, and add it if not, add them. Now add the membership and role manager providers, as highlighted in the Web App’s web.config snippet, i.e.


<system.web>

    <membership defaultProvider="FBA">
      <providers>
        <add name="FBA"
              type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              connectionStringName="ontw-spf2010 FBA DB"
              enablePasswordReset="true"
              enablePasswordRetrieval="false"
              passwordFormat="Hashed"
              requiresQuestionAndAnswer="false"
              requiresUniqueEmail="true"
              applicationName="/" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="FBARoles">
      <providers>
        <add name="FBARoles"
              type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              connectionStringName="ontw-spf2010 FBA DB"
              applicationName="/" />
      </providers>
    </roleManager>
  </system.web>

Save your changes to the web.config file.
Return to IIS Manager and locate the web.config file for Central Administration:
Select the SharePoint Central Administration v4 IIS site from the list of sites, open the context menu for this site and choose Explore.
From the Windows Explorer window, open the web.config file in a text editor like Notepad.

Here, also add the ConnectionString snippet to the <configuration> section and add the .NET Users and .NET Roles providers, just like you did for the STS site.
Note: the Central Admin’s web.config should already contain the <roleManager> and <membership> elements in <system.web>. Be sure not to modify any existing providers.
Important: the default provider for the roleManager must be set to “AspNetWindowsTokenRoleProvider”. (also see the highlighted row below)


<membership defaultProvider="FBA">
  <providers>
    <add name="FBA"
          type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
          connectionStringName="ontw-spf2010 FBA DB"
          enablePasswordReset="true"
          enablePasswordRetrieval="false"
          passwordFormat="Hashed"
          requiresQuestionAndAnswer="false"
          requiresUniqueEmail="true"
          applicationName="/" />
  </providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
  <providers>
    <add name="FBARoles"
          type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
          connectionStringName="ontw-spf2010 FBA DB"
          applicationName="/" />
  </providers>
</roleManager>

To enable wildcards in the people picker, locate the <PeoplePickerWildCards> element (inside the <SharePoint> element), and add a key with the name of your Membership provider and value “%”. It will look like this (the highlighted line is the key we added):


<PeoplePickerWildcards>
  <clear />
  <add key="AspNetSqlMembershipProvider" value="%" />
  <add key="FBA" value="%" />
</PeoplePickerWildcards>

Creating a test user

It’s hard to test FBA if you don’t have any users, so we’ll add a test user first. One way of doing this is via the IIS manager.
First, we add a role to assign to the users. In IIS Manager, select the Web Application that will use FBA and from the Features View, double click on .NET Roles.


You’ll receive an error message, saying the the feature cannot be used, because the default provider is not a trusted provider. The default provider is “c”, which is the SPClaimsAuthRoleProvider. Click on the OK button to close the dialog.
We’ll temporarily set the default provider to our FBARoles provider. Click Set Default Provider… from in the actions pane and select the RoleProvider you created earlier (i.e. FBARoles). Click the OK button.
Click the Add… link in the Actions pane. In the Add .NET Role dialog, enter a name for a role, i.e. FBAUsers. Click the OK button to add the role. The new role is now visible, with 0 users.
We’ll leave the default roles provider this way for now, otherwise we’d not be able to add a .NET user via IIS Manager.
Now, let’s add a user. Go back in IIS Manager to the Features View for your Web Application and double click on .NET Users.

You’ll receive a similar error message, because the default provider (“i”) is not trusted. Click the OK button to ignore.
Now click the Set Default Provider… link in the Actions pane and change the default provider to the Membership Provider you created earlier (i.e. FBA).
Click the Add… link in the actions Pane, to add a new user.

 The Add .NET User wizard appears. Enter the credentials for your test user (i.e. a User Name FBAtest). Click Next to advance to the next step.
Now assign a role to the new user by clicking the checkbox(es) for the role(s). Click Finish to add the user.
Important: Return the Default Provider for the .NET users to “i”  and for the .NET Roles to “c”.

Test in Central Administration

Now that we have the membership and roles provider set up in the Web Application, Central Admin and STS, we can test if it works.
In Central Administration, go to Application Management → Manage web applications.
Select the Web Application you created earlier by clicking on it in the list. Its row will highlight Now click the Authentication Providers button.

The Authentication Providers modal dialog will open. Click on the Default zone.
Scroll down to the Claims Authentication Types section. Here, deselect Enable Windows Authentication and select Enable Forms Based Authentication (FBA).

Fill the ASP.NET Membership provider and ASP.NET Role manager names text boxes, with the names you defined earlier (i.e. FBA and FBARoles).
Note: you can also use both Windows Authentication and FBA simultaneously, should you want to.
Leave the other settings and scroll down to click the Save button.
After a few seconds, you’ll see the Authentication Providers modal dialog again. Close the dialog. You’ll return to the Web Applications list.
With the FBA Web Application still selected, click the User Policy button in the ribbon.


The Policy for Web Application modal dialog opens. Click on the Add Users link.
The Add Users wizard opens, click Next >.
In the next page, the cursor will show up in the people picker field. Click the Browse button to open the Select People and Groups dialog.


In the select People and Groups dialog, type (a part of) the name of the FBA test user you added from IIS Manager in the Find text box and press the search button. You should find the user in the Forms Auth search results.

This verifies that the FBA membership provider works from Central Admin. As we don’t want to add this user, press the Cancel button and Close the Add Users dialog.

Create Site Collection and test

So far, we only created and configured the Web Application. To test FBA in the SharePoint site, we need to create a site collection.

In Central Administration, go to Application Management → Create site collections.

Make sure you select the right Web Application, and specify a Title and Template for the top-level site.

Select a Primary Site Collection Administrator, i.e. the FBA user you created earlier.


Click the OK button to create the site collection.

 Now navigate to the newly created Site Collection. You’ll see a login page for the FBA credentials.


Note: if you chose to use multiple authentication methods for the Web Application’s Authentication Providers, you’ll be asked to select an authentication method from a dropdown listbox first.

Sign in the the FBA user you declared as the Site Collection Administrator.



 If all went well, you’ll see the name of the FBA user in the upper right corner!

 References:

 1. FBA 2007 code
    1.1 Download
2. FBA wsp 2007
    2.1 Download
3. FBA 2010
    3.1 Download
    3.2 Download
    3.3 Download
4. FBA 2013
    4.1 Download
    4.2 Download
    4.3 Download
5. Step by Step FBA configuration

Posted by at No comments:
Subscribe to: Posts (Atom)