Configuring Forms Based Authentication in SharePoint 2013 – Part 2 – Adding users to the Membership Database

Configuring forms based authentication (FBA) in SharePoint 2013 is very similar to SharePoint 2010, but there are some differences due to SharePoint 2013 using .Net 4.0. The web.config entries entries are slightly different. As well, IIS doesn’t support editing .Net 4.0 membership provider configuration through the IIS interface, so all of the configuration has to be done directly in the .config files. I’ll go through all of the steps required to setup FBA for SharePoint 2013, from start to finish.  I’ve broken down the steps into 4 sections, so if you already have an existing membership database setup from a previous version of SharePoint, feel free to skip forward to Part 3.

Part 1 – Creating the Membership Database

Part 2 – Adding Users to the Membership Database

Part 3 – Editing the Web.Config Files

Part 4 –  Configuring SharePoint

Part 2 – Adding Users to the Membership Database

Now that we’ve created an empty membership database, we need to add some users to it that can be used to login.  You have a couple of options for doing this.  If you’d like to do all of your user management in SharePoint, then you can install the SharePoint 2013 FBA Pack and skip to Part 3. If you’d like to be able to manage the users outside of SharePoint, and setup some inital users, then continue on to learn how to manage the FBA users with IIS.

To manage users in IIS, we’re going to create a dummy site just for managing users.  In SharePoint 2010 and earlier it was possible to edit the users directly from a SharePoint web application site, as long as the default membership provider was set to the membership provider you were going to edit. This is no longer possible, as previous versions of SharePoint ran against ASP.NET 2.0 (3.5), but SharePoint 2013 runs on ASP.NET 4.0.  IIS does not support editing users and roles for ASP.NET 4.0 applications. To get around this, we’ll create a dummy/blank ASP.NET 2.0 web site just for editing users. The asp.net 2.0 and 4.0 membership databases are exactly the same, which makes this possible.

NOTE: These directions were created on Windows 2008 R2.  On Windows 2012 they have reversed things and the .Net Users and .Net Roles options are only available for .Net 4.0 and are not available for .Net 2.0 – So on Windows 2012 please use .Net 4.0 where 2.0 is mentioned in the directions.

  • Open IIS.
  • Right click on Sites and select “Add Web Site…”sharepoint_2013_fba_edit_users_1
  • A configuration dialog will appear. Just give it a meaningful name, point it to an empty folder and give it a random unused port number and click OK.sharepoint_2013_fba_edit_users_2
  • Click on “Application Pools”. An application pool of the same name should have been created. The .Net Framework for that application pool should show as “2.0”.  If it doesn’t, you’ll need to modify it’s settings and change it to “2.0”.sharepoint_2013_fba_edit_users_3
  • You’ll also have to set the identity the account runs as to the same as SharePoint, so that it will have permissions to read and write to the membership database. Select the application pool and click “Advanced Settings…” in the right panel. In the dialog that comes up, click on the Identity to change it. Choose “Custom account” and enter the SharePoint service account username and password. Click OK on all of the open dialogs to close them.sharepoint_2013_fba_edit_users_4
  • The identity should now match the identity used for the SharePoint application pools.sharepoint_2013_fba_edit_users_5
  • We’re now going to create a database connection to the membership database. Select your new site and open the “Connection Strings” page from the Features view.sharepoint_2013_fba_edit_users_6
  • From the Connection Strings page, click “Add…” on the right side panel. On the Add Connection String dialog that appears, give it a name (I used “FBADB”), enter your server name and enter “aspnetdb” for your database name. Select “Use Windows Integrated Security” and click OK. We’ve now created the database connection.sharepoint_2013_fba_edit_users_7
  • We’re now going to create the membership provider, that will let us edit users in the membership database. From the site Features view, click “Providers”. (If “Providers”, “.Net Users” and “.Net Roles” is missing from the features view, then the associated application pool is configured for .Net 4.0. Go back and configure it for .Net 2.0).sharepoint_2013_fba_edit_users_8
  • From the Providers page, select “.Net Users” under Feature. Click “Add…” in the right side panel. In the dialog that appears, chose “SQLMembershipProvider” for type. Give it a name. For this example I used FBAMembershipProvider_2_0.  I added the _2_0 so as not to confuse it with the “FBAMembershipProvider” entry we will be creating when we set it up for SharePoint. Select the different options you want associated with your membership provider.  I have some more detail on the options available in the next section when we setup the membership provider for SharePoint. One thing I must stress though is that the options you pick here MUST match the options you use when you setup the membership provider for SharePoint. If they don’t, the users you create here will not work properly.For options, I chose:
    Option Value
    EnablePasswordReset True
    EnablePasswordRetrieval False
    RequiresQuestionAndAnswer False
    RequiresUniqueEmail True
    StorePasswordInSecureFormat True
    ConnectionStringName FBADB (This must match the database connection we setup earlier)
    ApplicationName /

    Click OK to close the dialog and create the membership provider.

    sharepoint_2013_fba_edit_users_9

  • We’re now going to add users to the membership database. Click “.Net Users” from the Features view.sharepoint_2013_fba_edit_users_11
  • The first thing we have to do before we can create users is configure the default membership provider. Click “Set Default Provider…” in the right side panel.  When the dialog appears, choose the membership provider we just created and click OK.sharepoint_2013_fba_edit_users_12
  • Now that the default membership provider is selected, we’re presented with an empty .Net Users page, as there are not yet any users in the database. Click “Add…” in the right side panel to add a user.sharepoint_2013_fba_edit_users_13
  • From the “Add .Net User” dialog, give the user a name, email and password. In this example i’m creating an admin user that i’m going to use as the SharePoint Site Collection administrator.The password needs to be at least 7 characters long and must contain at least 1 non-alphanumeric character. Since we set RequiresQuestionAndAnswer to false when configuring the membership provider, the Question and Answer fields can be left blank.Click OK to create the user and close the dialog.sharepoint_2013_fba_edit_users_14
  • Now the .Net Users page lists the one user you have created. You can use this page to add and edit users in the future.sharepoint_2013_fba_edit_users_15
  • If you are going to use Roles in SharePoint, you can create a Role provider from the Providers page, and then use the .Net Roles page to add roles – very similar to how we added the membership provider and added users.sharepoint_2013_fba_edit_users_10

Now that we’ve added a user to our membership database, you can continue on to Part 3 to learn how to configure the membership provider for SharePoint.

Comments

63 responses to “Configuring Forms Based Authentication in SharePoint 2013 – Part 2 – Adding users to the Membership Database”

  1. JLSF Avatar
    JLSF

    Hello

    if you follow this procedure but on windows server 2012 with IIS,
    providers for .net Users and .net Roles are not available in any case of .Net v2 or .Net v4.0

    some guide?

    Thanks

    1. Chris Coulson Avatar

      Unfortunately I don’t have Windows Server 2012 setup. It surprises me that they’d remove the feature. This article:

      http://social.technet.microsoft.com/wiki/contents/articles/11287.first-look-at-screenshots-and-what-s-new-in-iis-8.aspx

      mentions that it’s there (and even available for .Net 4.5!), and it looks like there’s an icon for ‘IIS Manage Users’ (but it’s partially covered by a dialog box). Maybe it’s something that has to be enabled, as it’s not in all screenshots.

      Please update us with what you find. Anybody know the answer to this?

      1. JLSF Avatar
        JLSF

        Sorry Chris yes it’s there but only with .net 4.0

        1. Chris Coulson Avatar

          Strange they wouldn’t include the option for doing it with .Net 2.0, since it’s there in the earlier version. Either way, setting the web application to .Net 4.0 should be fine, and then you can use it to manage your users. The only reason I specify that 2.0 needs to be used in the instructions is because IIS 7.5 only has the ability to manage users and roles if .Net 2.0 is used. The membership database is the same no matter which version you use.

  2. SNAFU Avatar
    SNAFU

    I figured out that I neded to use .NET 4.0 in order to get Providers cion to show up, but going through the option in the Add Provider Dialog, I cannot enter the connection string name that I chose earlier in the process. Any thoughts or guidance would be helpful. Thanks.

    1. Chris Coulson Avatar

      Are you choosing “SQLMembershipProvder” for the provider type?

  3. SNAFU Avatar
    SNAFU

    Yes, I was. I was able to finally enter the connection string, I had to delete the site and start over. But now I’m getting an error when I try to add users. The error message says that the system cannot find the file specified. I hit ok and set the default provider, but the Add link never shows up on the right. Clearly I missed something in the setup, but I followed your instructions and don’t see what it could possibly be.

    1. Chris Coulson Avatar

      I’m not sure – as long as the provider and db connection were successfully created, and that provider was selected as the default provider on the users page, you should be able to add users.

      One thing you might want to consider is using the FBA Pack to manage all of your FBA Users. It’s been released now for SharePoint 2013. So if you want, you can skip this step, and as long as FBA is properly configured in SharePoint (parts 3 & 4), you should be able to manage all of your users within SharePoint using the FBA Pack.

      http://sharepoint2013fba.codeplex.com/

  4. Wan Avatar
    Wan

    Hi Chris,

    Do you have solution if we want to perform user authentication using sharepoint 2010/2013 either from AD or MS SQL? Means we can have both authentication in single form. thanks.

    1. Chris Coulson Avatar

      What I have seen done before is a custom login page for forms based authentication, based on the SharePoint FBA login page. They’ve then just added a “Windows Authentication” link to the page, which redirects the user to SharePoint’s windows authentication page.

  5. Felix Zhang Avatar
    Felix Zhang

    Hi,
    I following as you said, when I choose the Application Pool to 2.0, The Providers showed, but when I acted as “add” both “.NET Roles” and “.NET Users” error occured “Could not load file or assembly ‘Microsoft.SharPoint,Version=15.0.0.0,Cultre=neurtal,PublicKeyToken=71e9bce111e9429c’The systeme cannot find the file specified”
    Do you know how to resolve it ?

    Thanks.

    1. Chris Coulson Avatar

      Are you sure you created a new blank site when you did this? I just can’t think of why a new blank site would even reference Microsoft.SharePoint in the config file (which is the only reason I would think you’d get the error).

      1. Felix Zhang Avatar
        Felix Zhang

        Yeah, you are right. I changed the Provider on the Site which created by SharePoint 2013 Central Administrator, I created it followed as “http://blogs.msdn.com/b/kaevans/archive/2010/07/09/sql-server-provider-for-claims-based-authentication-in-sharepoint-2010.aspx”, the blog is based on SharePoint 2010, my version is SharePoint 2013.
        Could you help me, I need use myself Form Authentication instead Windows Authentication.
        I thinkd if I following as the post said successfully, then I just replace the Provider with my Provider.
        I need SharePoint site not a blank site.
        Thanks

        1. Chris Coulson Avatar

          So you created your own custom membership provider? If that’s the case, it should work fine with SharePoint 2013. The one thing that you have to make sure of is that you change and recompile your membership provider to work with .Net 4.0. SharePoint will not work with .Net 3.5 components.

  6. Clayton Avatar
    Clayton

    Hey Chris,

    I’m in the Providers part of MembershipConfig. I selected .Net Users from the dropdown. I’m trying to add “FBAMembershipProvider_2_0”. However, the dropdown for type is empty, so I can’t save this and I can’t proceed. Any thoughts?

    Thanks!

    1. Chris Coulson Avatar

      Are you on Windows 2008 or 2012? If you’re on 2012, apparently the supported .net versions are reversed, and you have to create a .net 4.0 app pool.

      Otherwise, i’m not sure. I’d probably check other sites hosted in IIS and see if there are types listed in the providers section.

      If all else fails, you can continue with the SharePoint FBA setup and install the SharePoint 2013 FBA Pack to manage the users within SharePoint.

      1. Clayton Avatar
        Clayton

        Appreciate the quick response. Yeah, I’m in 2012. I’ll switch it back to 4 and keep going. Thank you very much for a great article!

  7. Colin Avatar
    Colin

    Chris

    I realised after completing all four parts of your instruction that the FBAMemberShipProvider_4_0 (had to use .NET 4.0) that was created as per above, did not have the same option values as the FBAMembershipProvider for Sharepoint (from the machine.config).
    After correcting the values for FBAMemberShipProvider_4_0 and clicking OK, an error message came up with:
    Filename: \\?\C:\innetpub\wwwroot\aspet_users\web.config
    Line number:4
    Error:Cannot add duplicate collection entry of type ‘add’ with unique key attribute ‘name’ set to ‘FBADB’

    How can I edit that entry with the correct values?
    Do I need to delete that entry and redo from scratch, if so, would the deletion affect the default membership provider that was config with that entry?

    Also the creation of the role provider in the last step, does the name of the role provider need to match anything in the web.config file or site collection group name?

    1. Chris Coulson Avatar

      It sounds like you’ve added duplicate connection strings in your web.config. Don’t forget that if you’ve added the item to the machine.config, it will be inherited by all other web.configs – so if you put the same entry in the web.config you’ll get this duplicate error.

      The role provider name doesn’t need to match anything – but you do need to set your web application to use that particular role provider, specified by name (Part 4).

  8. Steve Avatar
    Steve

    Thanks for sharing… this is very helpful. Althought I am still running into problems getting this to work.

    I don’t understand why setting up these impartant capabilities is so difficult and why Microsoft does not provide simple instructions.

    -Steve

  9. RuiCastelo Avatar
    RuiCastelo

    Hi,
    From the Providers page, select “.Net Users” under Feature. Click “Add…” in the right side panel. In the dialog that appears, chose “SQLMembershipProvider” for type.
    My pool is on 2.0 and nothing shows on the type, but when I put 4.0 it shows the SQLMenbershipProvider and others… Should I put 4.0?

    1. Chris Coulson Avatar

      Yes- I’m guessing you’re running Windows Server 2012. This article was written using Windows Server 2008 R2. On 2008 .Net Users only works with 2.0 membership providers. On 2012 they switched things around and it only works with .Net 4.0 membership providers. I need to update this in the article.

      1. RuiCastelo Avatar
        RuiCastelo

        Yeah that is right!
        Thanks, everything is running smoothly 🙂

  10. Sam Avatar
    Sam

    Thanks for the info but won’t work for me. Using Win Server 2012, all software and databases on the same machine. Followed instructions multiple times but when get to ‘add users to the membership database. Click “.Net Users”’ always get error:

    “A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 – Locating Server/Instance Specified)”

    Any ideas or should I give up on this working?
    Thanks

    1. Chris Coulson Avatar

      From the error message it looks like it can’t even connect to the configured SQL Server database. Double check your connection string, particularly the server name you’re connecting to. Also, connect to that server using SQL Server Management Studio and make sure you can connect using the same server name in the connection string.

  11. Sam Avatar
    Sam

    Hi Chris

    It was my mistake, my ASP.NET membership database was named differently and not called ‘aspnetdb’ as in your example. Everything looks ok now.

    Thanks for getting back to me!

  12. Mark Ward Avatar
    Mark Ward

    I am getting a Trust issue when I try to go back into the .net user module. Say that users cannot be retieved. Any help would be apprec.

    1. Chris Coulson Avatar

      I’m not sure what you mean by a “Trust” issue. Is there a specific error message? I’m guessing the default membership and role providers are not set to the new provider config you setup, or maybe you chose the wrong type for the provider config.

  13. Mark Ward Avatar
    Mark Ward

    when I go back to recheck the setting above. I go back into the .net user feature on the membershipconfig website. the error I get is
    ” there was a error while performing this operation. details: This feature is not supported at the configured trust level.”

    1. Chris Coulson Avatar

      My guess is that the trust level for the site is set to Minimal. I believe the SQLMembershipProvider requires a setting of ‘Low’ or better:

      http://technet.microsoft.com/en-us/library/cc753658(v=ws.10).aspx

  14. Mark Ward Avatar
    Mark Ward

    When I try to logon using forms the error is now

    talking about the provider is not trusted how do I add the provider to the global trusted provider list?

    1. Chris Coulson Avatar

      What provider are you using? SQLMembershipProvider? If so it should already be trusted. Otherwise, I believe the provider has to be registered with the GAC and needs a safecontol entry in the web.config.

  15. Kishan Avatar

    Hey,

    In the process of FBA Configuration Manager, I’m having the following error <<could not load file or assembly 'FBAConfigWriter ……

    Thanks

  16. Amanda Avatar
    Amanda

    I have gotten everything to work alright. Just a question though. We have an extranet site that another place uses. I can add users with the methods you described. Is there a way that I can assign someone from the other site to be able to do this but not have them log onto the server or have access to the site settings (FBA User Management section)?

    Also, can there be a way to bulk upload a bunch of users at once?

    1. Chris Coulson Avatar

      What you could possibly do is add a page with the FBA Pack registration web part, and allow them to add users using the web part. If you wanted to, you could modify the permissions for the page so that only they could access it.

      As for uploading a bunch of users at once, there’s nothing built in to do that. I have in the past created custom command line applications for customers that will create users from a CSV.

      1. Amanda Avatar
        Amanda

        Okay, so I added a new page, then added the Membership Request web app to the page. So I can allow someone else to get to this page and add the users. Thanks! Couple questions:

        Is there a way that if there is a membership request that it automatically is in the approved state instead of pending?
        Also, how do people know what the password is to log in the very first time?
        I noticed that when I add a name with this method, then look at the FBA User Management page, the Full Name, Modified Date, and Created date are not listed and the IsInSharePoint is No. Is this normal?

        1. Chris Coulson Avatar

          >>Is there a way that if there is a membership request that it automatically is in the approved state instead of pending?

          Yes – in the FBA Site Configuration page uncheck ‘Review Membership Requests’

          >>Also, how do people know what the password is to log in the very first time?

          If the password is auto generated, it will be emailed to the user. If the user is not receiving the email, ensure that email is setup properly in SharePoint. Also, if the emails will be going outside of your domain, you have to make sure that your smtp server allows relaying from the SharePoint server.

          If you have ‘Review Membership Requests’ turned off, you can edit the web part properties and uncheck Autogenerate Passwords. This will allow the user to pick the password themselves.

          >>I noticed that when I add a name with this method, then look at the FBA User Management page, the Full Name, Modified Date, and Created date are not listed and the IsInSharePoint is No. Is this normal?

          With ‘Review Membership Requests’ turned on, it is. The user won’t be fully added to SharePoint until you approve them in the Membership Request Management list. If you turn off Review Membership Requests, the user and all of their properties will be added immediately.

          1. Amanda Avatar
            Amanda

            You’re awesome. Thank you very much. I think I’ll be able to get it now. 🙂

          2. Amanda Avatar
            Amanda

            How do I remove the Security Question and Security Answer from FBA Pack’s user setup? Adding people through this is working fine, but the people who are setting it up do not want to have to enter those two things, but it is requiring it. How do I not require it?

          3. Chris Coulson Avatar

            The security question and answer setting is actually part of the membership provider configuration in the web.config/machine.config (See part 3).

      2. Tony Avatar
        Tony

        Hi Chris,

        can you pls share your command line tool to upload bulk users to FBA?

        many thanks
        Tony.

        1. Chris Coulson Avatar

          The one’s i’ve created in the past were specific to a customer’s setup. I’ve since created a generic version of the bulk upload tool, and I include it as part of the support plan:

          http://www.visigo.com/#support

  17. Joni Avatar
    Joni

    Hi Chris,

    Thank you for writing this article. I have followed every step and had no issues until I try to give permission in SharePoint to an FBA user. In your step 4 you are adding the FBAAdmin as a site collection administrator, but when I attempt to do that, the user can’t be found. I have been through the steps again and again and can’t see what I have missed. The SQL database has the user I created and I have everything set up under 4.0 since I am on 2012 with SharePoint 2013. Any help you could give would be greatly appreciated. Do you have any suggestions on the settings I should check? Its almost like SP isn’t realizing that the .Net USers are there but the provider roles and connection strings are there for that web app. Thank you.

    1. Chris Coulson Avatar

      I think you’ll have to check all of the settings again. If you’re not seeing a user that you created, there’s most likely a setting wrong somewhere.

      Probably the most common issue is incorrect database permissions – you have to make sure that the app pool user can access the membership database.

      Also, make sure that the web application membership provider name and role provider name match those in the .config files.

      You might want to try installing the FBA Pack to see if the user management pages can see the users.

  18. Nicolas Avatar
    Nicolas

    Hi Chris,

    Thank you for writing this article. I am using Windows Server 2012. When I tried to “Set Default Provider…” and get the following message:
    “This feature cannot be used because the default provider is not trusted…The provider has to be strongly typed and added to the GAC (Global Assembly Cache)”.
    So I modified the file administration.config located in “C:\Windows\System32\Inetsrv\Config” setting the “” tag to
    “”. Now I have the error message “The following configuration attribute was not recognized: ‘applicationName’”.
    I did set this attribute to “\” as said previously in the tutorial.

    1. Chris Coulson Avatar

      In the tutorial we never modify administration.config. It sounds like you have made a typo making .config changes. I suggest you restore the .config files to before the changes were made and retry the changes. Just putting something in the wrong area or forgetting to close a tag can break your .config files.

  19. TC Avatar
    TC

    Hello Chris. I inherited two farms with FBA configured already. The PROD farm has the FBA site in the same application pool as the external webapp. The QA farm, has the FBA site in a separate application pool. We’re having some trouble with the PROD farm and this is the only difference. So, I’d like to make PROD match QA. Can you tell me, would be just as simple as creating the additional application pool and then changing the application pool association in IIS? Or is there some other complexity that needs to be considered?
    Thank you so much for any thoughts you can offer.

  20. Jeff Avatar
    Jeff

    Hi Chris,

    Reading through all the comments on all 4 pages and cannot find an answer. First, I tried the FBA pack for SP 2013. I get the ‘A membership provider has not been configured correctly’ when trying to add users. I triple-checked the config files and permissions to SQL. After giving up, I then moved on to the manual route of creating users. Once again, followed your steps for the manual process. When I get to the .net users feature, I get the SQL 26 error of not being able to access the server or database. However, once I ok out of the error message, I am then able to set default provider and then add users. I can verify in SQL server that the users were created, too. So, then I go to Central Admin to set site collection administrator to one of my new FBA users and People Picker cannot find users from FBA. Any ideas or thoughts?

    1. Chris Coulson Avatar

      Hi Jeff,

      It sounds like there is a configuration issue somewhere. My guess would be that the sharepoint app pool doesn’t have permissions to write to the membership database. Make sure that the sharepoint app pool user has dbo permissions on that database.

      1. Jeff Avatar
        Jeff

        Hi Chris,

        It does since I was able to create users from the dummy site in IIS. However, now when I go back to the dummy site to look at the .NET Users, I get an error message stating that the entry ‘FBADB’ has already been added. Looks like the main.config connection string is conflicting with the dummy site’s connection string. So, I remove the connection string from the dummy site’s web.config file. And, now, when I go to connection strings on the dummy site, the local connection string is now gone and only the inherited one from main.config is showing. And, unable to connect to aspnetdb database.

        1. Chris Coulson Avatar

          Hi Jeff,

          Yeah, if the FBADB connection is setup in the machine.config, you won’t need it in individual web.config’s, or you will get the duplicate error. You may want to consider picking up the FBA Pack support plan:

          http://www.visigo.com/#support

          and we can have a screen sharing session and get you fixed up.

          1. Jeff Avatar
            Jeff

            Hi Chris,

            I was able to get everything working. I deleted all the machine.config and web.config edits I had made and the dummy IIS site. Installed the FBA Configuration MGR tool. Watched a few Youtube videos on it. Then, made the .config edits through the tool and then added your FBA pack. It is all working now!! Thanks for the great tool.

          2. Chris Coulson Avatar

            Glad to hear you got it working!

  21. Jeff Avatar
    Jeff

    Hi Chris,
    We have successfully been using the FBA pack for years on a single site collection. We created a new site collection under the same web app that we have been using all along but with the new site collection, it is not recognizing the names to add to the site. I can view the accounts in the FBA User Management section but the Full Name is blank and the IsInSharePoint = No. I know this is because they haven’t actually been added to the site collection. How can I add them to the site collection? The people picker won’t recognize the accounts on the new site collection. 🙁 We’d appreciate any help you can give us.
    Thank you,
    Jeff

    1. Chris Coulson Avatar

      Hi Jeff,

      Unfortunately SharePoint user profiles are stored at the site collection level, so although you can still access the usernames and authenticate to the site – all of the user profile information (full name, email address…) is private to each site collection. So the information would have to be re-entered on the new site collection. The people picker should work – but only with the usernames.

      Now, you can turn on user profile synchronization, so all site collections will share the same profile information. Unfortunately though, it takes it’s “Master” profile information from “My Sites”. So if My Sites isn’t enabled/their profile isn’t filled out on there, it will actually ERASE your existing user profile information on your original site collection. So be careful with that.

      Thanks,
      Chris

  22. Apoorva Avatar
    Apoorva

    Hi Chris,

    Thank you it is very good article.
    I have followed all the steps .I’m using publishing site template for site collection creation.
    I have deployed SharePoint 2013 FBA Pack.everything is working fine
    I am able to login , create user , change password but still new users created using the NewMembershipRequest.aspx created using webpart are not showing in Review list have checked there are users created in the FBA database and the approved flag set to 0 .

    And in my system Email setting is not done so i want manually the user to added the password how can i do

    1. Chris Coulson Avatar

      The membership request web part requires email to be working for it to work. If you want to manually add the user without email working, you’ll have to use the FBA User Management page.

      1. Apoorva Avatar
        Apoorva

        So there is no link between Site Membership Review List and Membership Request(webpart) page.

        I have added the user manually using user management page but when i try login in through FBA .I’m getting an error stating
        “The server could not sign you in. Make sure your user name and password are correct, and then try again”.

        1. Chris Coulson Avatar

          There is a link between the review list and the membership request web part – however it only works if email is setup on SharePoint. If email is not setup, you’ll see errors in your SharePoint logs when a user is added, and they will not be added to the review list.

          If the FBA User Management page works, but you can’t login, then you have an issue with the SecurityTokenService web.config. Check part 3 for details of properly setting it up.

  23. Stacy Avatar

    Hi Chris,

    I am actually getting two issues.

    When trying to navigate to:
    http://portal.domain.com/_layouts/15/FBA/Management/UserEdit.aspx?UserName=Stacy&Source=http%3A%2F%2Fportal%2Edomain%2Ecom%2F%5Flayouts%2F15%2FFBA%2FManagement%2FUsersDisp%2Easpx

    or when trying to create a new user,

    SharePoint is throwing a correlation ID.

    This seems to happen if I try to enable roles.

    Please let me know if you need any thing else? I can provide a full stack trace if needed, thanks

    1. Chris Coulson Avatar

      I think it’s a misconfiguration of your membership provider. If it only happens when you enable roles, check the roles section of the .config file specifically.

  24. Stacy Avatar

    Hi Chris,

    In my least privileged SharePoint 2016 farm, I am able to login with Windows Identity or with FBA

    When I go to FBA Site Configuration and select enable roles, and click OK, this makes the ability to edit previously created users generate a correlation ID.

    When I uncheck enable roles, then I can create users and edit users, if I check enable roles on FBA Site Configuration, then I can no longer create users or edit existing. And when I click on FBA Role Management, I’m getting a correlation id,

    turns out I had the role provider listed in the profile section in the machine config and not in the role provider.

    Thanks and sorry about the informational post.

    Stacy

Leave a Reply

Your email address will not be published. Required fields are marked *