WSS 3.0 - Using different authentication methods to access a site
You can configure Web applications in Windows SharePoint Services 3.0 to be accessed by up to five different authentication methods or identity management systems. Let’s imagine a partner application that is configured to be accessed by users from two different identity management systems. Internal employees are authenticated by using one of the standard Windows authentication methods. External collaborators are authenticated against another identity management system.
To configure a Web application to be accessed by two or more different authentication systems, you must configure additional zones for the Web application. Zones represent different logical paths of gaining access to the same physical application. With a typical partner application, employees of a partner company access the application through the Internet, while internal employees access the application directly through the intranet.
To create a new zone, extend the Web application. On the Extend Web Application to Another IIS Web Site page, in the Load Balanced URL section, specify the URL and zone type. The zone type is simply a category name applied to the zone and does not affect the configuration of the zone.
“Forms” authentication method configuration:
- Create a database for the authentication.
- Run aspnet_regsql.exe - A all -E. This would create the aspnetdb in your default instance, using Windows Authentication. This utility is located at C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
- Set permissions to the aspnetdb database.
-
- Configure authentication method of a Web application.
a. Go to Central Administration -> Application Management -> Application Security -> Authentication providers, click the zone to open the Edit Authentication page.
b. Change the Authentication Type from “Windows” to "Forms", type in “AspNetSqlMembershipProvider” as the Membership provider name, type in “AspNetSqlRoleProvider” as the Role manager name. Save it.
4. Register the membership and role provider in the Web.config file for the SharePoint Web application.
a. Include this lines inside <configuration> tag:
<connectionStrings>
<add name="AspNetSqlProvider" connectionString="server=SQLSERVERMACHINE; database=aspnetdb; Trusted_Connection=True" />
</connectionStrings>
<system.web>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add connectionStringName="AspNetSqlProvider" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
<providers>
<remove name="AspNetSqlRoleProvider" />
<add connectionStringName="AspNetSqlProvider" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
</system.web>
b. Substitute SQLSERVERMACHINE for the name of the Sql Server machine.
5. Register the membership provider in the Web.config file for the Central Administration site.
a. Include this lines inside <configuration> tag:
<connectionStrings>
<add name="AspNetSqlProvider" connectionString="server=SQLSERVERMACHINE; database=aspnetdb; Trusted_Connection=True" />
</connectionStrings>
<system.web>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add connectionStringName="AspNetSqlProvider" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider=" AspNetWindowsTokenRoleProvider">
<providers>
<remove name="AspNetSqlRoleProvider" />
<add connectionStringName="AspNetSqlProvider" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
</system.web>
b. Attention to the <roleManager> tag. The defaultProvider must be AspNetWindowsTokenRoleProvider.
c. Substitute SQLSERVERMACHINE for the name of the Sql Server machine.
6. Add custom users to the aspnetdb database.
a.
7. Set the Site Collections administrators
a. Go to Central Administration -> Application Management -> SharePoint Site Management -> Site collection administrators, select the right Site Collection.
b. Type in a valid custom user as the Primary site collection administrator.
References
· Plan authentication methods (Windows SharePoint Services)
o http://technet2.microsoft.com/windowsserver/WSS/en/library/b6bc8fec-c11c-4ed7-a78d-3ad61c7ef6c01033.mspx?mfr=true
· Sharepoint 2007 - Enabling Custom Authentication using a Custom Membership Provider
o http://blah.winsmarts.com/2006/05/19/sharepoint-2007--enabling-custom-authentication-using-a-custom-membership-provider.aspx
· How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
o http://msdn2.microsoft.com/en-us/library/ms998317.aspx
· Customizing and Branding Web Content Management-Enabled SharePoint Sites (Part 3 of 3): Creating and Configuring WCM-Enabled Sites
o http://msdn2.microsoft.com/en-us/library/aa830817.aspx
· Microsoft SharePoint Products and Technologies Team Blog
o http://blogs.msdn.com/sharepoint/archive/2006/08/16/702010.aspx
