Configuring Forms Based Authentication in SharePoint 2016 and SharePoint 2019 – Part 4 – Adding Users to the Membership Database

Configuring forms based authentication (FBA) in SharePoint 2016 and SharePoint 2019 is exactly the same process as configuring it for SharePoint 2013. I’ve recreated the SharePoint 2013 FBA tutorial specifically for SharePoint 2016 and SharePoint 2019, using screenshots from SharePoint 2016 and Windows Server 2012 R2. I have changed the tutorial to use the SharePoint FBA Pack to create the FBA users, but otherwise it remains the same and can be used interchangeably between SharePoint 2013 and SharePoint 2016/2019.

I’ll go through all of the steps required to setup FBA for SharePoint 2016 and 2019, from start to finish. I’ve broken down the steps into 4 sections, so if you already have an existing membership database setup from a previous version of SharePoint, feel free to skip forward to Part 2.

Part 1 – Creating the Membership Database

Part 2 – Editing the Web.Config Files

Part 3 – Configuring SharePoint

Part 4 – Adding Users to the Membership Database

You can also watch a video of the whole process on YouTube: Configuring Forms Based Authentication in SharePoint 2016 and SharePoint 2019.

Part 4 – Adding Users to the Membership Database

At this point SharePoint has been completely been setup for forms based authentication. Unfortunately people still can’t login with FBA, as no users have been added to the membership database.

There are a few ways to add users to the membership database. You can manage the users in the membership database using IIS. I prefer to manage the users in SharePoint using the SharePoint FBA Pack. I’m going to show you how to install the FBA Pack and use it to add users to your membership database.

You can find downloads and documentation for the SharePoint 2016 FBA Pack at https://www.visigo.com/products/sharepoint-fba-pack .
Download the FBA Pack and unzip it to a folder on your hard drive. For this example I’ve unzipped to c:\deploy.
Open either PowerShell (In Administrator mode) or SharePoint Management Shell.
Navigate to the c:\deploy folder: “cd c:\deploy”
Run “.\deploy http:\\win-h472cerv00l” (without quotes and be sure to substitute the url to your site collection where you would like the FBA Pack activated). Note you can also run “.\deploy” without any parameters – in which case you will have to manually activate the “Forms Based Authentication Management” feature in each site collection you’d like to use it.
The script will deploy the FBA Pack to the SharePoint farm and activate it on your site collection. Note that if you get an error and scripts won’t run because they are not signed, you need to run the following command to allow the script to run: “Set-ExecutionPolicy Unrestricted”. Once you’ve done that, rerun the deploy script.
Navigate to your site collection and login as a site collection administrator. Navigate to the Site Settings page. You will notice you now have some new options for managing FBA Users.
Select “FBA User Management”.
Click “New User”.
Fill out the form to create your first user in the FBA database. Be sure to assign them to a SharePoint group so that they will have permissions to login to SharePoint.
Now you can try to login as the user you just created. Logout of SharePoint. When logging back into SharePoint, choose to login using Forms Based Authentication. Login using the username and password you created on the FBA User Management screen.

That’s it! You now have Forms Based Authentication setup on SharePoint 2016, and the FBA Pack installed to manage your FBA users. Be sure to check out the rest of the features of the SharePoint FBA Pack – on top of allowing you to manage users and roles, it also includes web parts for user registration, changing your password and recovering a forgotten password.

Posted

May 19, 2016

Configuration, Forms Based Authentication, Sharepoint

Chris Coulson

Tags:

.Net, ASP.Net, aspnetdb, central admin, FBA, FBA Pack, Forms Based Authentication, IIS, machine.config, Membership, membership provider, SharePoint 2016, SharePoint 2016 FBA Pack, SharePoint 2019, SharePoint 2019 FBA Pack, SharePoint FBA Pack, sqlmembershipprovider, web.config

Comments

63 responses to “Configuring Forms Based Authentication in SharePoint 2016 and SharePoint 2019 – Part 4 – Adding Users to the Membership Database”

Configuring Forms Based Authentication in SharePoint 2016 – Part 1 – Creating the Membership Database | Chris Coulson's Developer Notes

May 19, 2016

[…] Part 4 – Adding Users to the Membership Database […]

Reply
Configuring Forms Based Authentication in SharePoint 2016 – Part 3 – Configuring SharePoint | Chris Coulson's Developer Notes

May 19, 2016

[…] Part 4 – Adding Users to the Membership Database […]

Reply
Configuring Forms Based Authentication in SharePoint 2016 – Part 2 – Editing the Web.Config Files | Chris Coulson's Developer Notes

May 20, 2016

[…] Part 4 – Adding Users to the Membership Database […]

Reply
Ravi Ranjan

July 27, 2016

Really really Helpful. Thanks a Ton.

Reply
Justin

January 27, 2017

Chris,

I’m using FBA Pack 2013 but user review or email isn’t working. Email is working elsewhere in the farm / site collection. Any thoughts as to why review might not be working? When I test the request account web part the users go right into the users list instead of the review list. The setting is definitely enabled.

Reply
1. Chris Coulson
  
  January 27, 2017
  
  You will get emails for user review, so if you’re not getting them then it’s most likely an issue with your email setup. Try using an internal email address when setting up a user and see if that works. A common issue is that the SMTP server isn’t setup to relay email from the SharePoint server – so in that case internal emails will be delivered, but emails to external domains will not be. If that’s not the issue, I suggest you check the SharePoint logs, it should have an error message related to the issue.
  
  Reply
  1. Justin
    
    January 28, 2017
    
    Thanks! I’ll do that. BTW I think I have tested that the farm will forward to external addresses for other mail. For example I can run this mail test script:
    
    http://jeffreypaarhuis.com/2013/02/12/send-test-email-from-sharepoint/
    
    with the target at my gmail address and it works. Email shows up at my gmail. Does this mean that isn’t the issue or do these methods operate in different ways that are beyond my understanding?
    
    Reply
    1. Chris Coulson
      
      January 30, 2017
      
      If that test works, the FBA Pack should be able to send email. Check your log file just after attempting to register using the membership request web part. There should be an error message that should give a better idea of what the problem is.
      
      Reply
      1. Justin
        
        February 3, 2017
        
        For everyone out there our issue ended up being that port 25 was not open between our DMZ and out internal network. This is why running that powershell script worked when it was run on the App server but the WFE could not forward smtp from the WFE (DMZ) to the App Server.
        
        This was discovered by looking at the logs on each machine separately.
Gerard

February 3, 2017

Hi Chris,

Very helpful post. The only comment I can offer if it may help someone is to add an entry in an applications web.config file if you want to set specific permissions and find a user through the people picker settings.

The entry I added as follows which I had forgotten from the last time I setup a new server.

<add key=”” value=”%” />
<add key=”” value=”%” />

Reply
Naser

February 8, 2017

Hello Chris,

I am try to setup an Extranet for our SharePoint 2016 site. Not sure why, but after flowing all the steps I can’t get to SP2016 internet or extranet, now!

The website cannot display the page

HTTP 500

Most likely causes:
•The website is under maintenance.
•The website has a programming error.

However, activation errors even with “Set-ExecutionPolicy Unrestricted” command.
I’ll be happy to share screen shots if you want. Any help is greatly appreciated.

Regards,
Naser

Get-SPFeature : Cannot find a Feature object with Path or Id: FBAManagement in scope Local farm.
At C:\temp\deploy\Activate.ps1:3 char:13
+ $feature = Get-SPFeature $featureName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share…mdletGetFeature:SPCmdletGetFeature) [Get-SPFeature], SPCmdletPipeBindException
+ FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletGetFeature

Cannot find an overload for “QueryFeatures” and the argument count: “1”.
At C:\temp\deploy\Activate.ps1:4 char:2
+ $features = [Microsoft.SharePoint.Administration.SPWebService]::ContentService. …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest

Going to enable Feature
Enable-spfeature : The Feature is not a Farm Level Feature and is not found in a Site level defined by the Url http://ServerName/.
At C:\temp\deploy\Activate.ps1:29 char:2
+ Enable-spfeature -identity $featureName -confirm:$false -url $url
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share…etEnableFeature:SPCmdletEnableFeature) [Enable-SPFeature], SPCmdletException

Reply
1. Chris Coulson
  
  February 8, 2017
  
  If everything worked before making the config file changes, my guess is that there’s a typo in one of the config files. I’d suggest reverting to the backup copy of the config file you made, make sure everything comes up again, and then attempt the changes once more.
  
  As for the powershell errors, my guess is that they are also because SharePoint is down and you’re getting the Http 500 errors. Try again once everything’s running again and it should work.
  
  Reply
  1. Naser
    
    February 8, 2017
    
    Thanks for quick response. I did reinstate the backup copies and SP2016 is up again. I have done this 3 times now and getting same results! Activation of solution errors as before even the site is backup online. Any suggestion is appreciated. I’ll be happy to do a remote session or a call if you think you can help.
    
    Best Regards,
    Naser
    
    Reply
    1. Chris Coulson
      
      February 9, 2017
      
      Glad to hear it’s back up. I’d suggest really looking closely at what’s getting pasted into the config file. Maybe some characters aren’t copying properly from the web page.
      
      If you continue to have issues, I suggest taking a look at our support plan:
      http://www.visigo.com/#support
      I can walk through the setup with you over a GoToMeeting and get everything going.
      
      Reply
Naser

February 8, 2017

Chris, how does connectionStringName=(“FBADB” ?) is defined so web.config to utilize to connect to the server and DB ?

Thanks,
Naser

Reply
1. Chris Coulson
  
  February 9, 2017
  
  I’m not exactly sure what you mean here. There’s two things you enter into the machine config:
  
  The connection string (with the name FBADB). This has the connection information to the database server.
  
  The membership provider settings. One of the settings is the connection string name, which tells it what database connection settings to use.
  
  Reply
Justin

February 17, 2017

Chris,

I’ve tried reading everywhere, but I can’t find a reference for how identity questions work with FBAPack. There are settings throughout referring to the question page. How does one enable / disable this and manage the questions, or is this just a hook for someone to custom develop their own custom question page? Thanks!

Reply
1. Chris Coulson
  
  February 17, 2017
  
  Hi Justin,
  
  The identity questions are actually tied to Microsoft’s implementation in their membership provider. See here:
  https://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
  https://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.passwordrecovery.aspx
  
  I don’t like it, and I don’t recommend people use it, as their default implementation doesn’t allow the password to be reset, even by an administrator, if the answer is not known.
  
  If you’re going to add a custom question page, unfortunately I think it’s going to be a completely custom enhancement. You could possibly build your own membership provider, inheriting from Microsoft’s, to handle your custom identity question implementation.
  
  Reply
Marimuthu

March 7, 2017

I’ve followed all the steps, everything is working perfectly. Except I’m not able login using fba. I’m getting “The server could not sign you in. Make sure your user name and password are correct, and then try again.”

PS: I was able to create/update user accounts successfully using site settings.

Reply
1. Chris Coulson
  
  March 7, 2017
  
  If everything is working perfectly except the login, check the web.config settings for the securitytokenservice. It’s this configuration that’s used for performing the actual login. You might also want to check the app pool the securitytokenservice is running under and ensure that the user account for the app pool has permissions to the membership database.
  
  Reply
Shangwu

August 7, 2017

Adding the following two parameters under the SqlMembershipProvider can prevent network brutal force attacks.
maxInvalidPasswordAttempts=”5″
passwordAttemptWindow=”30″

It sets the maxInvalidPasswordAttempts attribute to five invalid attempts and the passwordAttemptWindow to 30 minutes.
More than five failed attempts will make the account locked.

Reply
Michael

September 3, 2017

So, no matter what I do the review and approval only worked once. Now, every time the form to webpart to request membership just creates the user and a not active status. I also cannot get the captcha picture to display anything other than a broken picture icon.

Reply
1. Chris Coulson
  
  September 4, 2017
  
  It almost sounds like the solution was undeployed. Check Central Admin and make sure it’s deployed to the web application you’re using it on. If it does show as deployed, reinstall it using the deploy.ps1 script that comes with it to make sure everything is in place.
  
  Reply
Mark Wood

October 17, 2017

I followed your steps exactly and now I get the following when using windows authentication.

Server Error in ‘/’ Application.

fullName
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ArgumentException: fullName

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[ArgumentException: fullName]
Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromFullName(String fullName) +1229
Microsoft.SharePoint.SPGlobal.CreateSPRequestAndSetIdentity(SPSite site, String name, Boolean bNotGlobalAdminCode, String strUrl, Boolean bNotAddToContext, Byte[] UserToken, SPAppPrincipalToken appPrincipalToken, String userName, Boolean bIgnoreTokenTimeout, Boolean bAsAnonymous) +4181
Microsoft.SharePoint.SPWeb.InitializeSPRequest() +257
Microsoft.SharePoint.SPWeb.EnsureSPRequest() +295
Microsoft.SharePoint.SPWeb.get_Request() +27
Microsoft.SharePoint.WebControls.SPControl.EnsureSPWebRequest(SPWeb web) +237
Microsoft.SharePoint.WebControls.SPControl.SPWebEnsureSPControl(HttpContext context) +838
Microsoft.SharePoint.Utilities.SPUtility.RedirectToIsolatedDomainForAppWeb() +56
Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase.OnPreInit(EventArgs e) +210
Microsoft.SharePoint.IdentityModel.Pages.IdentityModelSignInPageBase.OnPreInit(EventArgs e) +17
System.Web.UI.Page.PerformPreInit() +37
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1145

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2106.0

Reply
1. Chris Coulson
  
  October 17, 2017
  
  This error doesn’t look familiar to me. Are you using a custom login page? If so, that could be it. If not, try disabling ‘Enable Forms Based Authentication’ in Central Admin Authentication Providers dialog and see if that does the trick. If that still doesn’t do it, revert the .config files to your backups and see if the error goes away.
  
  Reply
  1. Mark Wood
    
    October 18, 2017
    
    No there is no custom logon page and if I turn off forms everything work correctly.
    
    I have redone everything from step 1 and copy and pasted it to avoid errors and the same thing happens.
    
    Reply
    1. Chris Coulson
      
      October 18, 2017
      
      I’m thinking, because I haven’t seen that error before, that there’s probably something up with your SharePoint install or environment. Also, where do you see the error above? In the SharePoint log file? Event viewer?
      
      Reply
      1. Sohaib
        
        March 6, 2018
        
        I am also facing the same error. It generates after i selected anyone option from Windows Authentication or Forms Authentication and enter the credentials.
Adam

November 30, 2017

Mark, I encountered the same issue just now, and had to disable Client Integration to fix it.
After changing the “Enable Client Integation?” Authentication provider setting to No, forms-based and windows authentication are both working.

Reply
1. Vijay Chougule
  
  December 21, 2018
  
  You saved my day Adam, Thank you for posting your resolution. I have been banging my head around internet for a long time for this issue. Thank you again. Merry Christmas…!
  
  Reply
Denis Molodtsov

December 4, 2017

Hi Chris,

Fantastic Manual. Clear and correct. I was able to setup FBA within 30 minutes.

Here is an important question. If we have a zone that has both FBA and Claims authentication, what happens when we click on the Word document? I have a problem with Office 2016 refusing to open Office files. It just keeps prompting me for credentials.

We didn’t have this problem with SharePoint 2013.

It seems like there is a serious issue between SharePoint 2016 and Office 2016 in cases when FBA is setup. Am I the only one who’ve noticed it?

Reply
1. Denis Molodtsov
  
  December 4, 2017
  
  Turns out that for SharePoint 2016 with FBA, in order for Office to work, we should set SuppressModernAuthForOfficeClients property to true:
  
  Chris, maybe we can include this to the manual? I’ve described this problem here https://sharepoint.stackexchange.com/questions/228085/sharepoint-2016-with-fba-credential-prompts-when-opening-office-documents/231296#231296 and I could not solve this problem for more than 1 month. It had a simple solution, but I haven’t seen anyone suggesting it:
  
  $sts = Get-SPSecurityTokenServiceConfig
  $sts.SuppressModernAuthForOfficeClients = $True
  $sts.update()
  iisreset
  
  Reply
  1. Chris Coulson
    
    December 7, 2017
    
    Denis – Thank you so much for pointing this out. I can’t believe I haven’t noticed this before and that nobody else has pointed this out before now. I’ve added the steps to the end of Part 3.
    
    Reply
Sviatoslav

February 7, 2018

Hi Chris,
Is it possible for NON site collection administrators to manage FBA users using fba user management application page? (SharePoint FBA Pack)

Reply
1. Chris Coulson
  
  February 7, 2018
  
  Sorry, the management pages are set to site collection administrator only.
  
  Reply
Ben Hickok

March 12, 2018

Chris,

Thank you for this article! It has been very helpful. We had the FBA function working on a 2013 site and was able to add users etc. without issue. We migrated to 2016 and the web.config files were all updated to correspond to the new DB. Users that existed in the old system are still able to connect without issue but now when we add new users to the DB they are not available in the people picker. Also on the FBA Users the error is “A Membership Provider has not been configured correctly. Check the web.config setttings for this web application.” I’m not sure what else to look into. I have triple checked all of the config files and they are all showing correct information. Any ideas as to what might be happening?

Thanks for any help!!
Ben

Reply
1. Chris Coulson
  
  March 13, 2018
  
  Does the app pool user for the sharepoint web applications have permissions on the membership database? That would be the first thing i’d look at.
  
  If existing users can login, but fba doesn’t work when logged in, it sounds like the securitytokenservice setup is correct, but the setup for the webapplication is not correct. I’d compare the .config files between the two as well as check if the app pools run as different users, which would mean different permissions on the db.
  
  Reply
  1. Satya
    
    October 17, 2018
    
    Hi,
    I have installed FBA pack and every thing is working fine but when an users added and approved through Membership Request webpart that user is getting full access rather only restricting to visitor access even though the user is not assigned to any roles and groups.
    
    Reply
    1. Chris Coulson
      
      October 17, 2018
      
      See my answer to this question in the forums:
      
      https://forums.visigo.com/t/fba-membership-request/943/10?u=ccoulson
      
      Reply
Evan

October 18, 2018

I am setting up FBA for our Microsoft Dynamics AX 2012 R3 Vendor Portal site. It uses a special template that is version14. So, SP is 2013, but the site collection is 2010 (and cannot be upgraded). I’m guessing something about this is preventing the FBA Management options from appearing in the site collection settings after I install the solution. I’ve tried both the 2010 and the 2013 version of the solution.

My question is, how can I create/manage FBA users WITHOUT using the FBA Management pack?

Reply
1. Chris Coulson
  
  October 19, 2018
  
  Unfortunately i’m not familiar with Dynamics AX, but one thing for the FBA Management options to appear – you have to be logged in as a site collection administrator.
  
  If that doesn’t work you can use IIS – it also has tools built in to manage FBA users.
  
  Reply
Configuring Forms Based Authentication in SharePoint 2016 and SharePoint 2019 – Part 1 – Creating the Membership Database – Chris Coulson's Developer Notes Chris Coulson's Developer Notes

December 24, 2018

[…] Part 4 – Adding Users to the Membership Database […]

Reply
Configuring Forms Based Authentication in SharePoint 2016 and SharePoint 2019 – Part 3 – Configuring SharePoint – Chris Coulson's Developer Notes Chris Coulson's Developer Notes

December 24, 2018

[…] Part 4 – Adding Users to the Membership Database […]

Reply
Configuring Forms Based Authentication in SharePoint 2016 and SharePoint 2019 – Part 2 – Editing the Web.Config Files – Chris Coulson's Developer Notes Chris Coulson's Developer Notes

December 24, 2018

[…] Part 4 – Adding Users to the Membership Database […]

Reply
Marten Schulze

February 1, 2019

Hello, I need some help and I hope you can help. How can I implement the password reset or password forgot to the log in page. With login page I mean the page there the user can choose between Windows based authentication and FBA. Easy said before the sharepoint login. Thanks to you help so far and thank you for the great documentation.

Reply
1. Chris Coulson
  
  February 1, 2019
  
  You need to create a custom login page. If you’re happy with the existing SharePoint login pages, you can create a copy of them and use them as a starting point. Then you just need to add a link to an anonymous access page with the password recovery web part on it.
  
  Reply
Monica

February 7, 2019

Hi. I’m a power user, and have a question, if you may… I’m using SP 2013 on-prem FBA with SQL custom in-house provider (not using the popular FBA pack), and Office 365. Have an issue whith workflow notifications sent to mail-enabled security groups, which do not reach the users. If I just add the group name I receive the error “failed to send notification. Cannot get the full name or email address of user c:0-f|xyzrolemanager|…”. If I use the email address then I get no errors but no email. The admin said that the custom provider doesn’t support email address as a field. Do you know what can be wrong here? Thanks!

Reply
1. Chris Coulson
  
  February 7, 2019
  
  I’m not sure off the top of my head. If it’s based on Microsoft’s role provider, roles don’t have a field for email, but you may be able to update the email address stored in SharePoint for the role using PowerShell. Try the set-spuser cmdlet to see if you can update it with that. Alternatively you could use SharePoint Groups to manage groups of SharePoint users (but i’m guessing you don’t want two places to manage your groups).
  
  Reply
Alexis

February 22, 2019

Hi, I have an issue on SharePoint 2019. Everything is fine during the installation/configuration, but after the feature activation, when I try to go go “FBA User Management” (/_layouts/15/FBA/Management/UsersDisp.aspx) from the site settings, I got the error “this site isn’t shared with you” (even with site coll admin, or farm admin, or anyone else). In logs I see “Unexpected Failed to assert permission mask.”, “Acces denied” , “PermissionMask check failed for {7BC14BFC-B4EF-4C55-A87F-405FD07E58F0}. Asking for 0x08000000, have 0x00000000”, “PortalSiteMapProvider was unable to fetch root node, request URL: /_layouts/15/FBA/Management/UsersDisp.aspx”. I don’t understand why … I have to mention that my web app has 2 zones (1 default with claims, 1 internet with FBA activated) and I try to create users from defaul zone (since I have for now 0 FBA users). My site collection is in the new moder experience (don’t know if it can cause problems). Can you help me ? Thank’s in advance.

Reply
1. Chris Coulson
  
  February 22, 2019
  
  Please see my response in the question you posted to the forums:
  
  https://forums.visigo.com/t/sharepoint-2019-issues-to-access-user-creation-page/977
  
  Reply
Chris K

May 22, 2019

This was all very helpful. Thank you for the time you put in to this walk through. It saved me hours for a first time FBA – SP 2019 configuration.

Reply
Nigel

June 13, 2019

Hi Chris,

Thanks for your guide – very helpful!

I’m setting up FBA on a client’s SPS 2019 environment for an extranet. Everything has gone fine, up until I try to access the FBA User Management in Site Settings. When I follow that link, I get a message saying “A Membership Provider has not been configured correctly. Check the web.config setttings for this web application.”

I made the changes in the machine.config file (and the web.config for the Security Token Service). I’ve triple checked the Authentication provider in Central Admin for the web application, triple checked the machine.config and web.config files, triple checked the database access, and everything seems fine.

Do you have any suggestions?

Reply
1. Nigel
  
  June 13, 2019
  
  Doh. Ignore this. I completely forgot that there are 2 servers in this farm, and I had only made the config file changes to one server.
  
  If anyone else encounters this error message, make sure you configure both servers :p
  
  Chris, is it maybe worth mentioning in step 2 where the config changes are mentioned, that all servers need the change? It should be obvious, but as demonstrated by me, it’s easy to forget.
  
  Reply
  1. Chris Coulson
    
    July 2, 2019
    
    Good idea. Done.
    
    Reply
  2. Alex
    
    November 22, 2019
    
    Hi Chris,
    
    Thanks as well for your reply.
    
    I am having the same issue as Nigel. I also triple checked the machine.config, the SecurityToken’s web.config, the authentication provider in the Central Admin and the database rights. We have only one server in our DEV environment.
    
    What else may I have missed? Question: Do I maybe have to change something in the web.config of the web application as well?
    It is really strange to me that in the web application’s web config the default provider is ‘i’ and not the ones that I have added. Example my web application’s web.config:
    
    Is this correct?
    
    Thnk you in advance,
    Alex
    
    Reply
    1. Alex
      
      November 22, 2019
      
      I’m pasting here how my web application’s web.config section for the membership and roles is as it did not appeared in my latest response:
      
      Reply
      1. Alex
        
        November 22, 2019
        
        Ignore this as well. It was a typo in the connection string in the machine.config.
        Sorry for the spam.
        Chris thanks again for your great guide
      2. James
        
        June 17, 2021
        
        Hello, just for info, I had this exact same issue..
        
        I double checked my machine.config and web.config, everything was fine…
        
        But I figured it out, I forgot that I had 2 differents users for my web Apps, and they didn’t had the “db_owner” rights on the FBADB SQL Server…
        
        Good luck everyone,
        
        And thank you a lot for this perfect guide
        
        James
Mohamad Najia

October 7, 2019

great article.
However am facing an issue only with IE 11 is not able to authenticate?
All other browsers are working fine.
Any ideas?

Reply
1. Chris Coulson
  
  October 7, 2019
  
  I haven’t heard of this before. Maybe IE is setup to go through a proxy and others aren’t? Have you tried on a non-work computer with IE?
  
  Other suggestions would be to open up the IE Dev Tools (F12) to see where the errors are occurring during authetication – that might give you a hint to the problem.
  
  Reply
James

June 17, 2021

Hello, just for info, I had this exact same issue..

I double checked my machine.config and web.config, everything was fine…

But I figured it out, I forgot that I had 2 differents users for my web Apps, and they didn’t had the “db_owner” rights on the FBADB SQL Server…

Good luck everyone,

And thank you a lot for this perfect guide

James

Reply
CVP

January 20, 2022

has anyone enabled FBA user management for multiple site collections within the same web application? how do you deal with not knowing where a user was created? for example….

Root level
Site collection A
Site collection B
Site collection C

All users will show up anywhere you are accessing the FBA User Management. You will get an error if you try editing a user that was not created in the same site collect as where you are currently.

Would love to hear if others have addressed this before and how.

Thank you!

Reply
1. Chris Coulson
  
  January 20, 2022
  
  You shouldn’t get an error if you edit a user created in a separate site collection. The user’s profile is stored in each site collection though, so changes to profile fields don’t carry between site collections (This is what SharePoint’s User Profile Sync does for AD users).
  
  If you are getting errors in this situation, maybe post screenshots/more details in https://forums.visigo.com.
  
  Reply