Form Based Authentication (FBA) is one of the authentication modes supported by SharePoint, that allows us to implement our own authentication mechanism and helps to extend a SharePoint Site for Non-Active Directory (AD) Users.
While SharePoint default installation employs Active Directory to query user profiles and to authenticate the users using Windows Authentication, FBA uses a custom database hosted in conjunction with AD to store user’s credentials; and the authentication, in this case, takes place using database query to the FBA Custom Database for FBA User Profiles.
FBA becomes really important when it comes to the requirements where we need to expose SharePoint to the outer world. For example: Sharing documents with your clients and vendors etc.
In this article, we will see all the steps involved in implementing FBA with SharePoint. We can depict the process as per the Process Diagram given below -
Process Diagram
Step 1 - Provision Web Application
In order to start with implementing FBA, we need a Web application and Site Collection hosted inside it. I have created both, Web application and a Site Collection, using SharePoint UI.
Step 2 - Provision Membership Database
In order to provision Membership Database for storing user credentials, Microsoft has provided with a utility “aspnet_regsql.exe”.
In order to execute this utility, we need to follow the below steps.
- Launch SharePoint 2016 Management Shell
- Run the following commands,
CD \Windows\Microsoft.Net\Framework64\v4.0.30319
.\aspnet_regsql
Once we execute the commands, the above Database Configuration wizard comes up.
- Click "Next" on Welcome Screen.
- Choose “Configure SQL Server for application services” on the "Setup Option" screen.
- Click "Next".
- Enter database details on "Server and Database Selection" screen
- Enter SQL Database Server Name
You can specify the database name or leave it as default which will create a database by the name “aspnetdb”.
- On the "Confirmation Page", you can see the Database Server Name and Database Name, as well, that is going to be provisioned.
- Click "Next".
This will provision the Membership Database to SQL Server
- Click "Finish" on the completion screen.
Now, in order to verify if Membership Database has been created successfully or not, allow requirement permissions for SharePoint Admin account.
Note
Granting permission explicitly on “aspnetdb” is necessary for SharePoint Admin Account as this is just an SQL Server Database with SharePoint having no knowledge of it. So by default, SharePoint Admin Account won’t be allowed to get access to this database.
- Log into SQL 2014 Management Studio.
- Expand the Database node and see for “aspnetdb” database.
In order to grant permissions to the SharePoint Farm Account which is “Prashant\Administrator” in here, follow the steps below:
- Expand the Security node
- Expand the Logins node
- Locate the account you want to grant permissions
- Right click it
- Select "Properties"
- On the Account Properties screen, select “User Mapping”.
- Select the “aspnetdb” Database
- Select “db_owner” Role
- Click OK to save the changes to SQL Server.
With this, we are all done for this demo.
In this article, we have covered steps 1 & 2. We will look for steps 3 & 4 in upcoming article on configuring FBA for SharePoint.
Stay tuned.