Configuring Forms Based Authentication in SharePoint 2016 – Part 4 – Adding Users to the Membership Database

Configuring forms based authentication (FBA) in SharePoint 2016 is exactly the same process as configuring it for SharePoint 2013.  I’ve recreated the SharePoint 2013 FBA tutorial specifically for SharePoint 2016, using screenshots from SharePoint 2016 and Windows Server 2012 R2.  I have changed the tutorial to use the SharePoint FBA Pack to create the FBA users, but otherwise it remains the same and can be used interchangeably between SharePoint 2013 and SharePoint 2016. I’ll go through all of the steps required to setup FBA for SharePoint 2016, from start to finish.  I’ve broken down the steps into 4 sections:

Part 1 – Creating the Membership Database

Part 2 – Editing the Web.Config Files

Part 3 –  Configuring SharePoint

Part 4 – Adding Users to the Membership Database

You can also watch a video of the whole process on YouTube: Configuring Forms Based Authentication in SharePoint 2016.

Part 4 – Adding Users to the Membership Database

At this point SharePoint has been completely been setup for forms based authentication. Unfortunately people still can’t login with FBA, as no users have been added to the membership database.

There are a few ways to add users to the membership database.  You can manage the users in the membership database using IIS. I prefer to manage the users in SharePoint using the SharePoint 2016 FBA Pack. I’m going to show you how to install the FBA Pack and use it to add users to your membership database.

  • You can find downloads and documentation for the SharePoint 2016 FBA Pack at https://sharepoint2016fba.codeplex.com.SharePoint 2016 FBA Pack
  • Download the FBA Pack and unzip it to a folder on your hard drive. For this example I’ve unzipped to c:\deploy.deploy folder
  • Open either PowerShell (In Administrator mode) or SharePoint Management Shell.
  • Navigate to the c:\deploy folder: “cd c:\deploy”Powershell
  • Run “.\deploy http:\\win-h472cerv00l” (without quotes and be sure to substitute the url to your site collection where you would like the FBA Pack activated).  Note you can also run “.\deploy” without any parameters – in which case you will have to manually activate the “Forms Based Authentication Management” feature in each site collection you’d like to use it.Deploy FBA Pack
  • The script will deploy the FBA Pack to the SharePoint farm and activate it on your site collection. Note that if you get an error and scripts won’t run because they are not signed, you need to run the following command to allow the script to run: “Set-ExecutionPolicy Unrestricted”. Once you’ve done that, rerun the deploy script.
  • Navigate to your site collection and login as a site collection administrator. Navigate to the Site Settings page. You will notice you now have some new options for managing FBA Users.SharePoint 2016 Site Settings
  • Select “FBA User Management”.SharePoint 2016 FBA Pack Manage Users
  • Click “New User”.SharePoint 2016 FBA Pack New User
  • Fill out the form to create your first user in the FBA database. Be sure to assign them to a SharePoint group so that they will have permissions to login to SharePoint.
  • Now you can try to login as the user you just created. Logout of SharePoint. When logging back into SharePoint, choose to login using Forms Based Authentication. Login using the username and password you created on the FBA User Management screen.SharePoint 2016 FBA Login

That’s it!  You now have Forms Based Authentication setup on SharePoint 2016, and the FBA Pack installed to manage your FBA users.  Be sure to check out the rest of the features of the SharePoint 2016 FBA Pack – on top of allowing you to manage users and roles, it also includes web parts for user registration, changing your password and recovering a forgotten password.

20 Responses to “Configuring Forms Based Authentication in SharePoint 2016 – Part 4 – Adding Users to the Membership Database”

  1. Ravi Ranjan says:

    Really really Helpful. Thanks a Ton.

  2. Justin says:

    Chris,

    I’m using FBA Pack 2013 but user review or email isn’t working. Email is working elsewhere in the farm / site collection. Any thoughts as to why review might not be working? When I test the request account web part the users go right into the users list instead of the review list. The setting is definitely enabled.

    • You will get emails for user review, so if you’re not getting them then it’s most likely an issue with your email setup. Try using an internal email address when setting up a user and see if that works. A common issue is that the SMTP server isn’t setup to relay email from the SharePoint server – so in that case internal emails will be delivered, but emails to external domains will not be. If that’s not the issue, I suggest you check the SharePoint logs, it should have an error message related to the issue.

      • Justin says:

        Thanks! I’ll do that. BTW I think I have tested that the farm will forward to external addresses for other mail. For example I can run this mail test script:

        http://jeffreypaarhuis.com/2013/02/12/send-test-email-from-sharepoint/

        with the target at my gmail address and it works. Email shows up at my gmail. Does this mean that isn’t the issue or do these methods operate in different ways that are beyond my understanding?

        • If that test works, the FBA Pack should be able to send email. Check your log file just after attempting to register using the membership request web part. There should be an error message that should give a better idea of what the problem is.

          • Justin says:

            For everyone out there our issue ended up being that port 25 was not open between our DMZ and out internal network. This is why running that powershell script worked when it was run on the App server but the WFE could not forward smtp from the WFE (DMZ) to the App Server.

            This was discovered by looking at the logs on each machine separately.

  3. Gerard says:

    Hi Chris,

    Very helpful post. The only comment I can offer if it may help someone is to add an entry in an applications web.config file if you want to set specific permissions and find a user through the people picker settings.

    The entry I added as follows which I had forgotten from the last time I setup a new server.

    <add key=”” value=”%” />
    <add key=”” value=”%” />

  4. Naser says:

    Hello Chris,

    I am try to setup an Extranet for our SharePoint 2016 site. Not sure why, but after flowing all the steps I can’t get to SP2016 internet or extranet, now!

    The website cannot display the page

    HTTP 500

    Most likely causes:
    •The website is under maintenance.
    •The website has a programming error.

    However, activation errors even with “Set-ExecutionPolicy Unrestricted” command.
    I’ll be happy to share screen shots if you want. Any help is greatly appreciated.

    Regards,
    Naser

    Get-SPFeature : Cannot find a Feature object with Path or Id: FBAManagement in scope Local farm.
    At C:\temp\deploy\Activate.ps1:3 char:13
    + $feature = Get-SPFeature $featureName
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (Microsoft.Share…mdletGetFeature:SPCmdletGetFeature) [Get-SPFeature], SPCmdletPipeBindException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletGetFeature

    Cannot find an overload for “QueryFeatures” and the argument count: “1”.
    At C:\temp\deploy\Activate.ps1:4 char:2
    + $features = [Microsoft.SharePoint.Administration.SPWebService]::ContentService. …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

    Going to enable Feature
    Enable-spfeature : The Feature is not a Farm Level Feature and is not found in a Site level defined by the Url http://ServerName/.
    At C:\temp\deploy\Activate.ps1:29 char:2
    + Enable-spfeature -identity $featureName -confirm:$false -url $url
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (Microsoft.Share…etEnableFeature:SPCmdletEnableFeature) [Enable-SPFeature], SPCmdletException

    • If everything worked before making the config file changes, my guess is that there’s a typo in one of the config files. I’d suggest reverting to the backup copy of the config file you made, make sure everything comes up again, and then attempt the changes once more.

      As for the powershell errors, my guess is that they are also because SharePoint is down and you’re getting the Http 500 errors. Try again once everything’s running again and it should work.

      • Naser says:

        Thanks for quick response. I did reinstate the backup copies and SP2016 is up again. I have done this 3 times now and getting same results! Activation of solution errors as before even the site is backup online. Any suggestion is appreciated. I’ll be happy to do a remote session or a call if you think you can help.

        Best Regards,
        Naser

        • Glad to hear it’s back up. I’d suggest really looking closely at what’s getting pasted into the config file. Maybe some characters aren’t copying properly from the web page.

          If you continue to have issues, I suggest taking a look at our support plan:
          http://www.visigo.com/#support
          I can walk through the setup with you over a GoToMeeting and get everything going.

  5. Naser says:

    Chris, how does connectionStringName=(“FBADB” ?) is defined so web.config to utilize to connect to the server and DB ?

    Thanks,
    Naser

    • I’m not exactly sure what you mean here. There’s two things you enter into the machine config:

      The connection string (with the name FBADB). This has the connection information to the database server.

      The membership provider settings. One of the settings is the connection string name, which tells it what database connection settings to use.

  6. Justin says:

    Chris,

    I’ve tried reading everywhere, but I can’t find a reference for how identity questions work with FBAPack. There are settings throughout referring to the question page. How does one enable / disable this and manage the questions, or is this just a hook for someone to custom develop their own custom question page? Thanks!

  7. Marimuthu says:

    I’ve followed all the steps, everything is working perfectly. Except I’m not able login using fba. I’m getting “The server could not sign you in. Make sure your user name and password are correct, and then try again.”

    PS: I was able to create/update user accounts successfully using site settings.

    • If everything is working perfectly except the login, check the web.config settings for the securitytokenservice. It’s this configuration that’s used for performing the actual login. You might also want to check the app pool the securitytokenservice is running under and ensure that the user account for the app pool has permissions to the membership database.

Leave a Response

Trackbacks