Configuring Forms Based Authentication in SharePoint 2013 – Part 4 – Configuring SharePoint

Configuring forms based authentication (FBA) in SharePoint 2013 is very similar to SharePoint 2010, but there are some differences due to SharePoint 2013 using .Net 4.0. The web.config entries entries are slightly different. As well, IIS doesn’t support editing .Net 4.0 membership provider configuration through the IIS interface, so all of the configuration has to be done directly in the .config files. I’ll go through all of the steps required to setup FBA for SharePoint 2013, from start to finish.  I’ve broken down the steps into 4 sections:

Part 1 – Creating the Membership Database

Part 2 – Adding Users to the Membership Database

Part 3 – Editing the Web.Config Files

Part 4 –  Configuring SharePoint

Part 4 –  Configuring SharePoint

Now that the membership and role provider have been configured, we can configure SharePoint to use them.  For this example i’m going to create a new SharePoint web application.  The same settings can be applied to an existing web application through the Authentication Providers dialog.

  • Open SharePoint Central Administration -> Application Management -> Manage Web Applications.
  • Click “New” to create a new Web Application.sharepoint_2013_fba_web_application_1
  • Name the web application and adjust any other options to your preferences.sharepoint_2013_fba_web_application_2
  • Check “Enable Forms Based Authentication (FBA)”. Enter the ASP.Net Membership Provider Name and ASP.NET Role Provider Name that you configured in the web.config. For this example we used “FBAMembershipProvider” and “FBARoleProvider” (Without the quotation marks).Also, for this example we left “Enable Windows Authentication” checked. This allows us to login either via Windows Authentication or Forms Based Authentication (SharePoint will prompt you when you login for which method you’d like to use).Click OK.sharepoint_2013_fba_web_application_3
  • An Application Created dialog will appear. Click the “Create Site Collection” link to create the first site collection for this web application.sharepoint_2013_fba_web_application_4
  • From the Create Site Collection dialog, give the site collection a name and URL and select a template.sharepoint_2013_fba_web_application_5
  • For the Primary Site Collection administrator, i’ve left it as my Windows administrator account, so that I can login without FBA. For the Secondary Site Collection Administrator i’ve set it to ‘fbaadmin’ – the FBA account we setup in Part 2 (If you skipped Part 2 because you’re using the SharePoint 2013 FBA Pack, then you can just leave this blank for now and use your domain account to login to SharePoint and create your FBA users). You can set these to whatever is appropriate for your setup. Click OK.sharepoint_2013_fba_web_application_6
  • You’ll get the “Top-Level Site Successfully Created” dialog. You can click on the URL to visit the new site collection you just created.sharepoint_2013_fba_web_application_7
  • When authenticating to the site collection, if you enabled both Windows Authentication and Forms Based Authentication, you’ll be prompted for which method you’d like to use to authenticate. I’m going to choose to authenticate with Forms Authentication.sharepoint_2013_fba_login_1
  • You’ll be prompted for a username and password. Enter the username and password that we created in Part 2, and also set as the Secondary Site Collection Administrator.sharepoint_2013_fba_login_2
  • You’re now logged into the site as a site collection administrator.sharepoint_2013_fba_login_3

That’s it! Now you can authenticate to the site with Forms Based Authentication. You can also create and edit users using the methods discussed in Part 2. Be sure to check out the SharePoint 2013 FBA Pack, which will allow you to manage your forms based users directly within SharePoint, as well as provide methods for users to register, change their password and recover their password.

82 Responses to “Configuring Forms Based Authentication in SharePoint 2013 – Part 4 – Configuring SharePoint”

  1. Benito Deekman says:

    Hi,

    I found your blog really great and extremely helpful. But I have a small problem when I add new users via ISS my site collection can’t find them, but CA does show then. For example I can add the FBA users as a site collection administrator and works correctly but other users won’t show if I try to share the site or and then to a group. Can you point me in a direction?

    regards,

    Benito

    • Did you update the machine.config like in the example, or did you update each web.config individually? I’m guessing that there’s an issue with the .config entries for the web application you’re having issues with (either the machine.config entries didn’t inherit properly, or there’s a problem with the entries if you added them directly).

      • Benito Deekman says:

        Used machine.config. How can I check if the inherits is working ?

        • Before it was really easy, because the providers tab in IIS would show you in 2.0. With 4.0 there’s no easy way to verify that I know of. I would just check the web.config for the web application and see what the ‘membership’ section looks like. I would expect to only see a default SharePoint membership provider. If there’s a membership provider with the same name as the one in the machine.config, or a ‘clear’ directive that could be your problem. Same goes for the ‘ConnectionStrings’ and ‘RoleManager’ sections – make sure there’s no ‘Clear’ directive or matching entries from your machine.config. If that all looks good, maybe try adding the entries directly to the web application web.config just to see if that gets it to work.

  2. JLSF says:

    Hello

    What happeds with PeoplePicker?

    you use machine.config or web.config of each site?

    how did you separate users from different sites? use applilcationname=’/’? use peoplePicker?

    Thanks

    • I don’t change any settings for the PeoplePicker. With the default settings, when you are in any sites belonging to the configured web application, it will show all FBA users for the configured membership provider.

      To separate users for different sites:
      If you want COMPLETELY separate users, I do it at the Web Application level, and create an additional membership entry in the machine.config/STS web.config. I either use applicationname to separate it, or point it to a separate membership database.

      Alternatively you can follow the Active Directory model:
      All users are available on all sites/web applications. You simply define the permissions for which users can access the site.

  3. Joss_24 says:

    Hi Chris,

    Great guide mate and thanks for the 2013 FBA Pack it’s just what I’ve been looking for. I have one question for you. Having enabled FBA and NTML on my default site, to allow people picker on that zone, I want to force all users to authenticate via ntlm. I tried using custom signin page /_windows/default.aspx via central management but it throws a runtime error. Is there any way around this without having to create a custom login page in visual studio?

    Thanks

    • So for this zone you only want to connect via NTLM, but you want FBA enabled so that FBA users come up in the People Picker? If that’s the case i’d probably try just setting the default site to NTLM only and having a second zone setup with FBA. I sort of think that the FBA users would still show up in People Picker in that instance (as they do show up in the people picker in central admin, which doesn’t have it’s own configuration for FBA). The one thing you might have to do is make sure the membership provider is setup in the default site web config (or in the machine.config).

      If you really want to login with /_windows/default.aspx – I think you may be out of luck without a custom login page. The problem is that it takes a couple of parameters for which page to redirect to (You can see this with Fiddler using the default login page for an FBA + NTLM site).

      So this won’t work:
      /_windows/default.aspx

      But this will:
      /_windows/default.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F

      You can try putting the parameters in the custom signin page (if it even allows it), but I don’t think it will work as it will always redirect to the root, instead of the resource you’re trying to access.

  4. Joe Reynolds says:

    Chris,
    Thanks for the great guide. What I was curious of is what if we want to use a custom FBA provider? Do you know of any walkthroughs for 2013? I found some stuff for 2010 but not much yet on doing it for 2013. Any help would be appreciated. Thanks!

    Joe..

  5. Leo says:

    I use the user which create in the IIS to login spsite,but can not login, it show: “sorry, this site hasn’t been shared with you.” all the account I create havn’t the right to access the spsite. why?

    • You have to assign permissions to the user before they can login. Usually I assign a user as a site collection administrator (see the example above) so that that user can login. Then I login to the site with that user and assign permissions to the other users.

      • Leo says:

        I can use the created user to login the spsite now,I forget to add the users as a member of spsite(visitor,owner,or others). by the way, why can not handle user’s password changing under the freamwork 4.0 in iis, it auto generate a password when click change password button.

  6. Vince P says:

    Great series. Very helpful. Any idea how to get Visual Studio to be able to deploy reports to a Report Library.. When I try it now, I get asked for credentials, but none seem to work.

  7. Bastiaan says:

    I’ve followed your tutorial and setup my environment just like yours. When trying to reach the FBA login site, I can choose from FBA/Windows auth like I’m supposed to, however, when logging in I get this error:
    ‘File Not Found’.
    Server 2012 Datacenter edition & Sharepoint 2013 Enterprise edition.

    Any advice?

    • When do you get File Not Found? After selecting FBA or Windows Auth? If you select FBA do you at least get the FBA login page? If you select Windows Auth, does it log you in? If you get it right after making any selection, then maybe the web application creation didn’t complete properly – try creating a new web application. Maybe try creating it just for Windows Authentication first, making sure that works, and then adding on the forms based authentication.

  8. Bastiaan says:

    I get the error when going to the site and trying to log in. I get the FBA/windows auth login page, I can fill in one of the users stored in the dummy site and when trying to log in i get the error. Windows auth doesn’t work either.
    I’ve tried making a new site/new site collection, but unfortunately that didn’t work either.

    • Did you try creating a new web application, and add a new site collection to it? Make it just use windows authentication. If even that doesn’t work, and you still get the File Not Found error, then i’d say there’s something wrong with your current installation of SharePoint.

      You can try running the Product Configuration Wizard again, and see if that corrects your issues. If not though, try a clean installation – maybe even in a new environment such as a virtual machine.

      • Bastiaan says:

        A new web application with new site collection(s) works fine. I tried rebuilding the FBA environment again, but still no luck unfortunately..

        • So does just windows authentication work on the new web application and site collection? Have you tried setting up FBA on it?

          • Bastiaan says:

            I’ve made a new site collection that works with Windows Authentication on the FBA web app, also gives me 403, access denied. Starting to wonder if I’m ever going to get this to work. Also made a TechNet thread, noone there that can help me either.

  9. Bastiaan says:

    Think I’ve found something that might be looking into. Just started to remake the whole environment, right now I’m editting the MembershipConfig site.
    I switched it to v2.0, made the connection string, though after going to ‘Providers > .Net Users’, I can’t chose a type.

    Screenshot: http://postimg.org/image/58obtidfx/

    Is there any way I can get in contact with you via e-mail?

  10. Dan Gleason says:

    First off, thank-you for providing your time and effort of the blog and in providing the FBA tool. I have been trying to implement this myself over past couple days, and although close, I am just not getting there.
    I followed parts 1 to 4 and installed the tool, and on my main site I get an error that “A membership provider has not been configured correctly. Check the web.config settings for this web application.”

    Well, I did and I tried copying the machine.config settings to web.config and got same error.
    I create a new site collection and set it as fba and I do not even have the fba choices under site settings so it looks like it is not being inherited.
    I was hoping to show this at 3 PM (PST) meeting and I am running out of time. Any suggestions?

  11. There’s lots of reason’s why you could be getting an error with the membership provider. My first guess would be permissions – make sure that the application pool identity that SharePoint runs under has permissions to the aspnetdb database.

    As for the fba settings not showing up under site settings, you need to be logged in as a site collection administrator to see them (and the feature has to be enabled under Site Collection features, if it isn’t already).

    • Dan Gleason says:

      Good call Chris. In fact I had multiple identities used for Central admin, STS, and main Site collection and I only gave permissions to aspnetdb to one of them. I went into SQL and gave permissions to all three and now on my test site I see the FBA Pack options under site settings.
      But I now have new error. But thanks for getting the first one nailed.

  12. Tony says:

    Thanks for the Article..

    We have configured FBA in our SharePoint Server with your article help.
    I have a doubt,Currently we are adding FB users using IIS, Is there any way to add .Net Users in to our Membershipconfig site using a web application or a web page.

      • Tony says:

        Thanks Chris You saved my ass..
        I was searching for this solution 2 days, But today only I reached the correct place. any way big thanks :)

      • Tony says:

        I have one more doubt. Its not related with FormBA

        Its related with workflow task form.

        We need to edit the page approval task form which is coming from my page approval workflow. We have opened our project in SharePoint Designer so we can see the two .xsn files which is inheriting in our workflow and using Infopath 2013 we will be able to edit that file,but before publishing it we need to save it into some location and on publish button click we are getting this error. “An Unknown error has occured. The form template has been published to server,but it can only be opened in Infopath Filler” We are stuck on this error Any Help will be appreciated thanks in advance !!

  13. Clayton says:

    Hey Chris,

    I followed this through to the end, but when I try to add “FBAAdmin” as a secondary admin and do a user search to find this user (or any user I’ve created using this process), they show up twice. Once, in this example, as FBAAdmin, and the other as fbaadmin. In the database, there’s only one record for this user, though.

    Also, when searching for a user to make the secondary site collection admin, typing “fbaadmin”, it groups the users found into categories (all users, active directory, forms auth, and organizations). Aside from finding 2 fbaadmins, it lists them under the “Organizations” category instead of “Forms Auth”, where I expected they would be. Is that what’s supposed to happen?

    Any thoughts on either would be greatly appreciated.

    Thanks!

    • Nope – that’s not supposed to happen. I’m guessing that you have multiple membership provider entries pointing to the same membership database. Check your machine.config and your central admin web.config for all membership provider entries (since the central admin web.config will inherit from the machine.config). Make sure there’s no entries that point to the same database (and even though they point to different db connection names – those different db connection entries could point to the same db).

      • Clayton says:

        Hey Chris,

        My config files all look okay, if I understand you correctly. Side note – I tried to do the machine.config solution and couldn’t get that working, so I switched to editing all 3 config files separately, which is probably how we’ll have to do this in production due to the environment we’re working with.

        Here are the membership provider sections of each one:

        Machine.config:

        Central Admin web.config:

        My SharePoint site’s web.config:

        Am I missing something? I also did a reboot, in case there was some odd thing cached, but it’s still listing each user twice (proper-cased and lowercased), and they’re still showing up under “Organizations” instead of “Forms Auth”.

        Many thanks for your help!

        • Clayton says:

          Sadly, I can’t post the parts of my config files. This site strips them out.

          So, to summarize, my machine.config only has one entry, which points to my local SQL server, which isn’t my FBA one.

          My Central Admin one only has one, which is the name=”FBAMembershipProvider” one you detail.

          My SharePoint site has 2 entries, but they point to different places. This has a default provider called “i”, which I didn’t put there but came as part of the generated file. The type is “Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”.

          Then the one I added as part of your example, with the name of “FBAMembershipProvider”, which points to FBADB.

          • Clayton says:

            And my Security Token Service web.config also has only one entry and points to the name=”FBAMembershipProvider” as well.

            Do I have that in too many places?

            (Sorry for so many replies today)

          • From what you’ve explained, everything is setup properly. The “i” provider is put there (and is required) by SharePoint – this is normal.

            My only other thought is that maybe your PeoplePickerWildcards section has been changed from the default configuration. I don’t have my SharePoint 2013 environment available at this moment to check the default value, but in 2010 it is this (plus some tags I removed to be able to post it) (and I expect 2013 to be the same):

            PeoplePickerWildcards>
            clear />
            add key=”AspNetSqlMembershipProvider” value=”%” />
            PeoplePickerWildcards>

            If you log into a site collection (instead of central admin) and search for fba users there, do you get duplicates there as well?

      • Clayton says:

        My PeoplePickerWildcards look fine, I think. Central Admin and my FBA test site have that section in the web.config. First a “clear” line, then the one you mention in both.

        Logging into a site and searching for FBA users, I only see them listed once.

        • If the search works fine within the site, but has dups in Central Admin – then somewhere in the central admin web.config you have an extra membership provider pointing to that same membership database. The extra entry might not even be in the central admin web config, but in a web.config it inherits from.

          I’d check the differences between the membership providers in the central admin web config and the site web.config. The only difference should be the ‘i’ provider in the site web config.

  14. virendhar says:

    Hi.,
    I want Create Custom User Registration Page & Login Page in Sharepoint 2013 Using Form Based Authentication.
    The User Deatil Will Be Stored on Sql Server DB.
    How to Do?

    • I usually use the built in SharePoint login page as a base and modify it.

      As for the registration page, I use the FBA Pack registration web part as a base and add the extra controls that I need to it.

      I usually store the registration values in the SharePoint user’s profile, but it you want to store them in the membership database you can use the profile provider.

  15. Jian says:

    Hi Chris,
    Thanks for the very clean and clear explanation of steps! I have followed your steps, skipped step 2 and used your FBA package downloaded from codeplex, and everything works just fine. However, when logging out, regardless of whether the loging was with NTLM or FBA, I get an error page instead of going to the login page again. The error page is generic “Sorry something went wrong … .” I was wondering if you might know why and direct me toward a solution?
    Many thanks!

  16. Jian says:

    I should update my post: if I loging using only the FBA, it always properly signs out and redirects to the sing in page. But if I login using the Windows NTLM, upon signing out it gives the errors page. After this, even if I loging using the FBA, upon signing out I get the same error message and it no more redirects to the longin page. I thought this might help.

    • I get that too occasionally. You’re right, it only seems to happen after logging in with windows authentication and then logging out. It doesn’t happen every time for me though – it seems to be random.

      If I remember correctly, it is pretty easy to get rid of the error and login again – either by navigating directly to the root instead of the page signing out directs you to, or maybe by starting a new browser session (can’t remember).

      I think it’s a SharePoint bug, as it has happened to me on a clean SharePoint server – the only changes being having FBA setup and allowing FBA + windows login on the same zone.

  17. I have configured everything (I think) as you have done in the 4 posts. Things are working pretty well. I can request a registration and then log on using that user using Forms Based Authentication. I have created a Role for the users, and I would like to add this Role to a Group. When I go to Site Settings->People and Groups and select “Add User to Group”, I am unable to see the Role that I created in the People Picker. I am, however, able to find the fba user. I would think that I would also be able to see the Role. Have I done something wrong?

    • It should work just as you describe. One thing I find for SharePoint 2013 though is that you have to type in the full name of the group exactly, or it won’t come up in the people picker.

      As long as you can create a role on the ‘FBA Role Management’ page, I would think that everything is setup correctly.

  18. Kaleem says:

    Fellow;
    I am a newbie to SharePoint. I followed all of the instructions provided with the SharePoint 2013 FBA Pack. Everything is working fine except when I go to the site and choose Form-Based Authentication; I get the default login page. My understanding is that the SharePoint 2013 FBA Pack included a webpart for the login, access request, password reset and more. Also when I go to the site collection where I had deployed this package, I only see default webparts there. What am I missing?
    Any help in this matter is appreciated.

    • There is actually no login web part, as SharePoint does provide an FBA Login page. There are web parts for Change Password, Password Recovery and Membership Request (Register). There are also management pages for fba users. You should see the FBA management pages in the site collection’s Site Settings page, as long as you are logged in as a site collection administrator. You should also see the FBA web parts when adding a web part to the page. If you’re not seeing any of this, make the Forms Based Authentication Management feature is activated in the Site Collection Features (Site Settings).

  19. Kaleem says:

    Ok, I found my answer. There is no custom login webpart provided in the pack.
    So first of all thank you for providing this pack. It makes is so much easier to deploy FBA.
    Does anyone have a custom login page webpart that is easy to customize. I really don’t want to customize the default login page.
    Thank you.

  20. Kaleem says:

    I didn’t see your response Chris before I posted my follow up. Thank you for a quick reply.

  21. Sorin says:

    Great article, Chris! This is what I was looking for.
    Works great. Thanks.
    Sorin

  22. rkennedy says:

    Many thanks for this excellent write up and the work you’ve done on the FBA pack, truly appreciated!

    I have a quick question:

    My current project uses what should be a common SP configuration: a publishing site with anonymous and FBA enabled on one zone and only NTLM on the other. I’ve created (as I’ve done on previous versions of SharePoint) the web application enabling anonymous and FBA on the Default zone, then extended it with an Intranet zone which uses only NTLM.

    This way round has always worked well for me before but with SP2013 I’m seeing some problems (such as on occasion the claims default provider entries reappear in the anon web.config!).

    My noddy question is: is there a recommended way round to set this up? Is it 1) create a web app, configure the default zone for anonymous & FBA and extend the web app to an Intranet zone which uses NTLM or 2) create a web app and configure the default zone for NTLM and extend web app to an Internet zone for anonymous and FBA. I’m struggling to find any guidance.

    Thanks in advance…

    • I would do 2 – configure the default zone for NTLM and extend an internet zone for anonymous and FBA. The reason for this is that search will crawl the default zone, and needs windows authentication on it to authenticate. No windows authentication on the default zone = no search.

  23. johns says:

    Is it possible for FBA users to edit their own email address if needed?

    • The email address for an FBA user is no different than that of a standard user, so they can use any built in SharePoint methods for editing their email address (My Settings for SharePoint 2013 foundation, My Site for Standard/Enterprise).

  24. Lurch says:

    Two things:

    1. I had to set my application pool to .NET 4.0 before I saw the .Net Roles, .NET Users and providers to appear. When I had my application pool set to .NET 2.0 I did not have this option. This is confusing and contradictory to what you said. I am using Windows Server 2012 with SQL server 2012 running Share point 2013. Has something changed in these versions to reverse what you were describing?

    2. I have followed your instructions to the letter. However, when I try to log in with any account I create, using the IIS method (I can’t get the FBA plug in to work), I get the error: “The server could not sign you in. Make sure your user name and password are correct, and then try again.”. I have tried various accounts with and without passwords, tweaked the permission settings and tried various database settings, but I can’t get my log in to work.

    Can you please send detains on how I can find out what is failing? Is there a Share point log I can access?

    • Lurch says:

      An update to my last post. I have tried a number of things to fix the issue, but keep getting the following errors, cropping up in my ULS logs.

      SharePoint Foundation
      Claims Authentication
      fo1t
      Monitorable
      STS Call: Failed to issue new security token. Exception: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).

      SharePoint Foundation
      Claims Authentication
      fsq7
      High
      SPSecurityContext: Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated. at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)

      SharePoint Foundation
      Claims Authentication
      8306
      Critical
      An exception occurred when trying to issue security token: The security token username and password could not be validated..

      How on earth do I fix this??!!

    • Yes, unfortunately Windows Server 2012 reversed things, and now .Net Users and Roles in IIS only works with .Net 4.0. I’ve added a note to the blog post.

      As for the errors you’re experiencing, there’s definitely an error somewhere in your configuration. A couple of things to check:

      Permissions from the app pool to the database.

      Ensuring that the web.config for the SecurityTokenService has been modified according to the instructions.

  25. Veronica Mejia says:

    Hola! Muchas gracias por la ayuda con la creación de este manual!!, mi pegunta es: Ya me quedo el sitio pero en mi usuario al subir algún archivo y en mi inicio de sesión aparece 0#.f|policiaturisticamembership|VeronicaMejia, mi pregunta es como puedo editarlo de moso que solo aparezca mi nombre??
    Muchas Gracias

  26. Veronica Mejia says:

    Hello! ! Thank you very much for the help with the creation of this manual

    My site works fine but my user appears well
    “. 0 # f | policiaturisticamembership | VeronicaMejia”

    as I can edit so that only my name appears? and You can change the email that is sent to users?

    Many Thanks and regards

    Many Thanks and regards

  27. Veronica Mejia says:

    Create the site now forms in sharepoint 2010, I want to install the package you suggested 2010, but it applies in your web application if you put the url of where I want to apply, I can do?

    thank you very much

    • The FBA Pack will always be deployed to all web applications, but will not be activated automatically.

      If you add a url as a parameter on the command line, it will activate the FBA pack on that site collection.

      You can go to Site Collection Features to activate the FBA Pack on other site collections.

  28. Veronica Mejia says:

    I could already apply but do not let me change the sharepoint web parts tells me they are not safe, that is done in this case?

  29. Veronica Mejia says:

    Files were installed but did not appear in the section “users and permissions” configurations for FBA.
    I appear to change web parts PASSWORD and two but I will not let others that have installed certificate.

    • If the menu items do not appear in the Users and Permissions section, then the feature needs to be activated. Activate the Forms Based Authentication Management feature on the Site Collection Features page.

      I also wouldn’t be surprised if this is what’s causing your web part problems.

  30. Nima says:

    Hi dear Chris

    Thanks for your very good posts on sharepoint 2013.

    I recently install SP 2013 and when I want to see every site (that has been create using it) I get this prompt to enter Username and Password for Windows Authentication(like this):

    http://i.stack.imgur.com/rqsp6.png

    Is there any way to show login page instead of this prompt without need to configure FBA?

    thanks

    • Unfortunately if you want an actual login page with a username and password, you’ll have to configure FBA.

      Most SharePoint installations don’t have to worry about the Windows Authentication prompt, since it’s usually hosted on the company LAN, and the user is automatically logged in with their windows credentials.

      If you want to access the page externally (or you’re not logged in to the same windows network that SharePoint is hosted on), you can either enter your windows credentials when prompted (most browsers will cache the credentials so you only have to do it once per visit to the site), or setup FBA so the user gets a login page.

      If the SharePoint users are from outside your windows network (anonymous internet users etc….) they you’ll probably want to setup FBA with the SQL Membership provider as described in these blog posts – which will keep their usernames out of your Active Directory.

      If the SharePoint users have local windows network accounts, then you’d set up FBA using an Active Directory/LDAP membership provider (not described here, but very similar process) – so the users can use their windows usernames and passwords to login.

  31. Veronica Mejia says:

    Hello, good day

    My question is

    How I can remove the words “warning this page is not encrypted …..”? that appears when the user authenticates

    Thank you very much or your help

    • The best way is to run the site (or at least the login page) under SSL. Otherwise the password you enter is sent in clear text over the network. If the login page is running on ssl, the message will disappear.

  32. kc says:

    I tried the machine.config approach. I’m not sure what’s going on but if I do a search for “fba” nothing shows up unless I specifically put “fbaadmin” even then I get two entries in the Organizations group when I believe it should in the Forms Auth group. This is what I see: http://i.imgur.com/qeKuw3X.png

    I made the entry (pretty sure it’s correct) in machine.config and I made the entry required in web.config for the SecurityTokenServiceApplication.

    I’m not sure what I did wrong.

    • I think something is wrong – but i’m not sure what. I don’t even have an ‘Organizations’ section in my people picker. When I search for a user, they do show up under ‘Forms Auth’.

      As for searching by partial names though – unfortunately the people picker will only find users by full words/email addresses. However, the select users box will recognize partial usernames – so i’ll usually just type the names directly in there and not use the people picker.
      http://imgur.com/d3i8iBf

      You may want to try installing the FBA Pack to further check your setup. The user management page for the FBA Pack generally won’t work if the FBA configuration is incorrect.

      • kc says:

        Hi Chris,

        Thanks for the response. I did manage to install the FBA Pack 2013 and it seems to work fine. All the names show up in the user manager settings. However, it’s when I try to set permissions that the names don’t show up unless fully typed out. I just noticed though that if I type in an FBA user’s full name and select them. The instant search results will remember them the next time I start typing their name. Is this normal behavior, does the account need to be cached for the search to pick up them?

        • In the dialog that you posted, yes the usernames have to be fully typed out. But in the dialog that I posted, it recognizes them for me if it’s only partially typed out. And I don’t have to have typed the name in before for it to work.

          If everything shows up though in the user manager settings, your FBA settings should be fine.

  33. Aaron says:

    Hey Chris,
    This is an amazingly good article. Do you know of any more articles that are written as well that do the exact same thing but with AD LDS?
    Thanks.

  34. Sergio says:

    I have followed your guide, steps 1, 3 and 4 (as ive also used the FBA2013 pack so I skipped step 2), when I try and connect I get the login page asking if I want to use windows or forms based authentication, if I choose windows, then I get a Runtime Error and the page wont load.

    As i followed each of your steps (I updated the machine.config and the and web services web.config files) and didn’t change any of the settings, any idea what ive not done?

    • My guess is that you’ve made a typo in a web.config/machine.config. Double check your entries. Also make sure they were put in the right location. A missing or misplaced bracket can make the whole file useless.

  35. Martin says:

    Great series. Very helpful. Any idea how to get Visual Studio to be able to deploy reports to a Report Library? When I try it now, I get asked for credentials, but none seem to work

Leave a Response

Current day month ye@r *

Trackbacks