Configuring SharePoint Form Authentication using Active Directory Provider


 

Many peoples are asking why to use Active Directory as form authentication provider. Almost people are recommended to use ASPNet Form provider with SQL Server. Why? Maybe because they are considering that it is most secure to keep separate methods for authenticating external users. But you can use a separate domain deployed in Extranet to assure users authentication.

Many other peoples are complained that Active Directory procedure is not enough documented by Microsoft.

In this sample I used Microsoft Office SharePoint 2007 64b Standard Edition configured with NTLM as default authentication system.

1. Identify Central administration web folder and open web.config file.

clip_image002

Find first system.web section and put the following code with replace corresponding code:

clip_image004

<membership defaultProvider="LdapMembership">

<providers>

<add name="LdapMembership" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="NetBIOSNameOfDomainController" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="OU=External,OU=Users,DC=company,DC=org" userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />

</providers>

</membership>

<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole">

<providers>

<add name="LdapRole" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="NetBIOSNameOfDomainController" port="389" useSSL="false" groupContainer="OU=External,OU=Users,DC=company,DC=org" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" />

</providers>

</roleManager>

2. Put this code into web.config file corresponding of your Web Application that will be configured to accept form authentication.

3. Go into SharePoint 3.0 Central Administration, Application Management

4. Access link Authentication providers from Application Security section

5. Select your web application from dedicated list and after that access zone corresponding with your form authentication section or extend your web application to create a new zone for authentication.

clip_image006

6. Verify if into web.config file if there apear this code:

<authentication mode="Forms">

<forms loginUrl="/_layouts/login.aspx" />

</authentication>

Next step it is very important

7. Access Policy for Web application from Application Security section

Ignore all configurations and press Add Users

8. Select your zone from Select the Zone (in my case Custom zone) and press Next

9 Write username by using ldap provider created in web.config file:

clip_image008

adm_sharepoint is your system administrator account. This account can be a simple Domain Users with read access into your Active Directory domain but must be member of Administrators group on your web application server.

clip_image010

10. Access your web application in browser

clip_image012

After logon it is recommended to create a new group for Extranet users and add Active Directory users as ldapmembership:<username> format.

Good luck!

Anunțuri

Lasă un răspuns

Completează mai jos detaliile tale sau dă clic pe un icon pentru a te autentifica:

Logo WordPress.com

Comentezi folosind contul tău WordPress.com. Dezautentificare / Schimbă )

Poză Twitter

Comentezi folosind contul tău Twitter. Dezautentificare / Schimbă )

Fotografie Facebook

Comentezi folosind contul tău Facebook. Dezautentificare / Schimbă )

Fotografie Google+

Comentezi folosind contul tău Google+. Dezautentificare / Schimbă )

Conectare la %s