{"id":319,"date":"2016-05-19T01:05:57","date_gmt":"2016-05-19T05:05:57","guid":{"rendered":"http:\/\/blogs.visigo.com\/chriscoulson\/?p=319"},"modified":"2018-12-24T09:45:26","modified_gmt":"2018-12-24T14:45:26","slug":"configuring-forms-based-authentication-in-sharepoint-2016-sharepoint-2019-part-3-configuring-sharepoint","status":"publish","type":"post","link":"https:\/\/blogs.visigo.com\/chriscoulson\/configuring-forms-based-authentication-in-sharepoint-2016-sharepoint-2019-part-3-configuring-sharepoint\/","title":{"rendered":"Configuring Forms Based Authentication in SharePoint 2016 and SharePoint 2019 &#8211; Part 3 &#8211; Configuring SharePoint"},"content":{"rendered":"<p>Configuring forms based authentication (FBA) in SharePoint 2016 and SharePoint 2019 is exactly the same process as configuring it for SharePoint 2013. \u00a0I&#8217;ve recreated the <a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/configuring-forms-based-authentication-in-sharepoint-2013-part-1-creating-the-membership-database\/\">SharePoint 2013 FBA\u00a0tutorial<\/a> specifically for SharePoint 2016 and SharePoint 2019, using screenshots from SharePoint 2016 and Windows Server 2012 R2. \u00a0I have changed the tutorial to use the <a href=\"https:\/\/www.visigo.com\/products\/sharepoint-fba-pack\/\">SharePoint FBA Pack<\/a> to create the FBA users, but otherwise it remains the same and can be used interchangeably between SharePoint 2013 and SharePoint 2016\/2019.<\/p>\n<p>I\u2019ll go through all of the steps required to setup FBA for SharePoint 2016 and 2019, from start to finish. \u00a0I\u2019ve broken down the steps into 4 sections, so if you already have an existing membership database setup from a previous version of SharePoint, feel free to skip forward to\u00a0<a title=\"Configuring Forms Based Authentication in SharePoint 2013 \u2013 Part 3 \u2013 Editing the Web.Config Files\" href=\"https:\/\/blogs.visigo.com\/chriscoulson\/configuring-forms-based-authentication-in-sharepoint-2016-sharepoint-2019-part-2-editing-the-web-config-files\/\">Part 2<\/a>.<\/p>\n<p><a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/configuring-forms-based-authentication-in-sharepoint-2016-sharepoint-2019-part-1-creating-the-membership-database\/\">Part 1 &#8211; Creating the Membership Database<\/a><\/p>\n<p><a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/configuring-forms-based-authentication-in-sharepoint-2016-sharepoint-2019-part-2-editing-the-web-config-files\/\">Part 2 &#8211; Editing the Web.Config Files<\/a><\/p>\n<p><a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/configuring-forms-based-authentication-in-sharepoint-2016-sharepoint-2019-part-3-configuring-sharepoint\/\">Part 3 &#8211; \u00a0Configuring SharePoint<\/a><\/p>\n<p><a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/configuring-forms-based-authentication-in-sharepoint-2016-sharepoint-2019-part-4-adding-users-to-the-membership-database\/\">Part 4 &#8211; Adding Users to the Membership Database<\/a><\/p>\n<p>You can also watch a video of the whole process on YouTube: <a href=\"https:\/\/youtu.be\/a-oTHcWAEmA\">Configuring Forms Based Authentication in SharePoint 2016 and SharePoint 2019<\/a>.<\/p>\n<h2>Part 3\u00a0&#8211; \u00a0Configuring SharePoint<\/h2>\n<p>Now that the membership and role provider have been configured, we can configure SharePoint to use them. \u00a0For this example i&#8217;m going to edit an existing web application to use forms based authentication. The same settings can be applied when creating a new web application.<\/p>\n<ul>\n<li>Open SharePoint Central Administration -&gt; Application Management -&gt; Manage Web Applications.<\/li>\n<li>Select the web application you&#8217;d like to edit and click &#8220;Authentication providers&#8221;.<a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_1_webapplication.png\" rel=\"attachment wp-att-320\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-320\" src=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_1_webapplication-500x268.png\" alt=\"sharepoint web application authentication providers\" width=\"500\" height=\"268\" srcset=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_1_webapplication-500x268.png 500w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_1_webapplication-300x161.png 300w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_1_webapplication-768x412.png 768w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_1_webapplication.png 1498w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/li>\n<li>Select the zone of the authentication provider you&#8217;d like to edit. In this case I only have a single zone setup: &#8220;Default&#8221;. \u00a0If you like, you can add multiple zones by extending the web application. \u00a0This will allow you to select different forms of authentication to the same web application depending on the url used to access it. \u00a0For example if users hit the web application using the local server name, then it can authenticate them with windows authentication. \u00a0If they access it via an external domain name, you could have it authenticate them with FBA.\u00a0<a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_2_select_zone.png\" rel=\"attachment wp-att-321\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-321\" src=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_2_select_zone-500x267.png\" alt=\"authentication provider zone\" width=\"500\" height=\"267\" srcset=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_2_select_zone-500x267.png 500w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_2_select_zone-300x160.png 300w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_2_select_zone-768x410.png 768w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_2_select_zone.png 1497w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/li>\n<li>Check &#8220;Enable Forms Based Authentication (FBA)&#8221;. Enter the ASP.Net Membership Provider Name and ASP.NET Role Provider Name that you configured in the web.config. For this example we used &#8220;FBAMembershipProvider&#8221; and &#8220;FBARoleProvider&#8221; (Without the quotation marks). In this case we left &#8220;Enable Windows Authentication&#8221; checked. This allows us to login either via Windows Authentication or Forms Based Authentication (SharePoint will prompt you when you login for which method you&#8217;d like to use).Click &#8220;Save&#8221;.<a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_3_authenticationprovidersetup.png\" rel=\"attachment wp-att-322\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-322\" src=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_3_authenticationprovidersetup-500x314.png\" alt=\"Authentication Provider Setup\" width=\"500\" height=\"314\" srcset=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_3_authenticationprovidersetup-500x314.png 500w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_3_authenticationprovidersetup-300x189.png 300w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_3_authenticationprovidersetup-768x483.png 768w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_3_authenticationprovidersetup.png 1516w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/li>\n<li>Now when authenticating to the site collection, if you enabled both Windows Authentication and Forms Based Authentication, you&#8217;ll be prompted for which method you&#8217;d like to use to authenticate.\u00a0<a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_4_login.png\" rel=\"attachment wp-att-323\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-323\" src=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_4_login-500x265.png\" alt=\"SharePoint select login type\" width=\"500\" height=\"265\" srcset=\"https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_4_login-500x265.png 500w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_4_login-300x159.png 300w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_4_login-768x407.png 768w, https:\/\/blogs.visigo.com\/chriscoulson\/wp-content\/uploads\/2016\/05\/sharepoint2013fba_configuringsharepoint_4_login.png 1496w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/li>\n<\/ul>\n<p>At this time however, you still cannot authenticate with forms based authentication, as we haven&#8217;t created any users in the membership\u00a0database. \u00a0In <a href=\"https:\/\/blogs.visigo.com\/chriscoulson\/configuring-forms-based-authentication-in-sharepoint-2016-sharepoint-2019-part-4-adding-users-to-the-membership-database\/\">Part 4<\/a> i&#8217;ll show you how to use the <a href=\"https:\/\/www.visigo.com\/products\/sharepoint-fba-pack\/\">FBA Pack<\/a> to add users to the membership database.<\/p>\n<h3>Important &#8211; Additional Steps for enabling FBA for Office Applications<\/h3>\n<p>Thank you to <a href=\"https:\/\/sharepoint.stackexchange.com\/questions\/228085\/sharepoint-2016-with-fba-credential-prompts-when-opening-office-documents\/231296#231296\">Denis Molodtsov<\/a> for noticing that even with FBA configured in SharePoint 2016, it still won&#8217;t authenticate properly when opening a document from SharePoint with Office 2016 (Word, Excel, PowerPoint&#8230;).\u00a0 Office 2016 now uses &#8220;Modern Authentication&#8221; by default &#8211; which does not support Claims authentication.\u00a0 SharePoint 2016 releases from the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/3203432\/descriptionofthesecurityupdateforsharepointserver2016june13-2017\">June 2016 CU<\/a> and onward allow Modern Authentication to be turned off.\u00a0 To turn it off run the following in the SharePoint Management Shell:<\/p>\n<pre>$sts = Get-SPSecurityTokenServiceConfig\r\n$sts.SuppressModernAuthForOfficeClients = $True\r\n$sts.update()\r\niisreset<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Configuring forms based authentication (FBA) in SharePoint 2016 and SharePoint 2019 is exactly the same process as configuring it for SharePoint 2013. \u00a0I&#8217;ve recreated the SharePoint 2013 FBA\u00a0tutorial specifically for SharePoint 2016 and SharePoint 2019, using screenshots from SharePoint 2016 and Windows Server 2012 R2. \u00a0I have changed the tutorial to use the SharePoint FBA [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,19,5],"tags":[321,94,296,130,20,298,316,159,294,21,297,325,326,328,329,330,295,293],"class_list":["post-319","post","type-post","status-publish","format-standard","hentry","category-configuration","category-forms-based-authentication","category-sharepoint","tag-net","tag-asp-net","tag-aspnetdb","tag-central-admin","tag-fba","tag-fba-pack","tag-forms-based-authentication","tag-iis","tag-machine-config","tag-membership","tag-membership-provider","tag-sharepoint-2016","tag-sharepoint-2016-fba-pack","tag-sharepoint-2019","tag-sharepoint-2019-fba-pack","tag-sharepoint-fba-pack","tag-sqlmembershipprovider","tag-web-config"],"_links":{"self":[{"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/posts\/319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/comments?post=319"}],"version-history":[{"count":12,"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/posts\/319\/revisions"}],"predecessor-version":[{"id":431,"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/posts\/319\/revisions\/431"}],"wp:attachment":[{"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/media?parent=319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/categories?post=319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.visigo.com\/chriscoulson\/wp-json\/wp\/v2\/tags?post=319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}