A Practical Guide to SharePoint 2013

A Practical Guide to SharePoint 2013
A Practical Guide to SharePoint 2013 - Book by Saifullah Shafiq

Thursday, April 10, 2014

Setting Up Extranet - Part 3

1.       Add following data to the aspnet_Membership table.
Column
Value
ApplicationId
9F369FB1-9480-4D8A-BB44-7838A3C2AFAB
UserId
9F369FB1-9480-4D8A-BB44-7838A3C2AFAC
Password
Saif
PasswordSalt
wRlFK+hhgCjVkJXSxHtaYA==
MobilePIN
NULL
Email
LoweredEmail
PasswordQuestion
NULL
PasswordAnswer
NULL
IsApproved
1
IsLockedOut
0
CreateDate
2012-12-23
LastLoginDate
2012-12-23
LastPasswordChangedDate
2012-12-23
LastLockoutDate
1900-01-01
FailedPasswordAtemptCount
0
FailedPasswordAttemptWindowStart
1900-01-01
FailedPasswordAnswerAttemptCount
0
FailedPasswordAnswerAttemptWindowStart
1900-01-01
Comment
NULL

That is it! Data has been added. Next, you will create new web application.

Create a new web application that uses forms-based authentication


24.   Login to central administration site.

25.   In Application Management section, click Manage web applications link.

26.   Click New button in the ribbon.
27.   Enter site name, for example, I named it “Development” because I wanted to collaborate with external developers.
28.   Enter 80 in the Port.
29.   Enter URL in the Host Header. For example, my server’s FQDN is walisystems.com  and I wanted the extranet site to have dev.walisystems.com URL therefore I entered dev.walisystems.com in the Host Header.
30.   If you are sure that you are going to setup SSL for this web application, then set Use Secure Sockets Layer (SSL) to Yes otherwise keep it No and you can change it later if needed.
31.   Keep Enable Windows Authentication checked. Integrated Windows Authentication should also be checked. In the drop down, select NTLM. Remember, if you want the site to be used purely for external users then you don’t need to enable Windows authentication. Windows authentication will allow internal users to access the site. If it’s a collaboration site and internal users will collaborate with external users, then Windows authentication should be enabled.
32.   Check Enable Forms Based Authentication (FBA).
33.   In the ASP.NET Membership provider name, enter membership name that you will use in the configuration. It can be anything. For example, membeshipprovider or simply External, etc. I used External.
34.   In the ASP.NET Role manager name, enter role manager name that you will use in the configuration, for example, roleprovider. I used RoleManager.

35.   In the application pool, I used special account that I had created for SharePoint. This is called SharePoint service account. In the test environment, you can use your admin account.

36.   Keep other default options selected and click OK.
Web application has been created. If you want to use SSL with your application, you must setup SSL and configure Alternate Access Mappings as described in the following article:
Next step is configuring web.config files.

Configure web.config


Web.config for the extranet site and STS site has to be configured. Take backup of both config files before you make any changes. If something goes wrong you can revert back to the original file. web.config for the STS application is located in the following folder:
drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\WebServices\SecurityToken
Another way of finding correct web.config is to use IIS. If you are not sure which web.config to select, go to Internet Information Server (IIS) Manager, and open the SharePoint web services site.
In the console, right-click SecurityTokenServiceApplication, and then click Explore.
In the folder window, double-click the web.config file.

Figure: SharePoint Web Services Site
web.config for the extranet application is located in the following folder:
drive:\inetpub\wwwroot\wss\VirtualDirectories\dev.walisystems.com80
“dev.walisystems.com80” is the name of my extranet site. Yours will be different depending on what name  you gave to the application.
There are two ways to edit these files. I will explain both below. One is to use FBA Configuration Manager for SharePoint 2013 that can be downloaded from the following link:
Other way is to edit the files manually. I will explain second option (manually editing) first.
2.       Open STS web.config in the editor of your choice.
3.       Locate </system.net> tag in the file. You need to insert following snippet after this tag. Remember the following snippet will appear between </system.net> and </configuration> tags.

<system.web>
    <membership>
      <providers>
        <add connectionStringName="aspnetdb" applicationName="fba" name="External" type="System.Web.Security.SqlMembershipProvider, System.Web,&#xD;&#xA; Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
    <roleManager>
      <providers>
        <add connectionStringName="aspnetdb" applicationName="fba" name="RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web,&#xD;&#xA; Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>
  </system.web>
  <connectionStrings>
<add name="aspnetdb" connectionString="Data Source=sp2013;Initial Catalog=aspnetdb;Integrated Security=SSPI" />
  </connectionStrings>

connectionStringName can be anything, whatever you use in the connectionString. Note that we used “aspnetdb” in the <connectionStrings> </connectionStrings>, therefore, we used that name in the <providers> </providers>  tag.
applicationName is the name that you will give to your application when defining data in the database. It can be anything. I preferred “fba”.  You can name it something else.
External is MembershipProvider name that we will use when setting up web application. Similarly, RoleManager is RoleProvider name that we will use when setting up web application.
Here is the screenshot showing inserted snippet:


4.       Now open web application’s web.config file. Locate <membership defaultProvider=”I”><providers> and add following snippet after tag for provider type SPClaimsAuthMembershipProvider .

<add connectionStringName="aspnetdb" applicationName="fba" name="External" type="System.Web.Security.SqlMembershipProvider, System.Web,&#xD;&#xA; Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />


Following is the screenshot of inserted snippet:


5.       Now locate <roleManager defaultProvider=. This will be immediately under the snippet you added above. Add following snippet in the <providers> tag.

 <add connectionStringName="aspnetdb" applicationName="fba" name="RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web,&#xD;&#xA; Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />



Following is the screenshot of inserted snippet:

6.       Locate </microsoft.identityModel> tag and insert following snippet between </microsoft.identityModel> and </configuration> tags.

<connectionStrings>
    <add name="aspnetdb" connectionString="Data Source=sp2013;Initial Catalog=aspnetdb;Integrated Security=SSPI" />
  </connectionStrings>

               
Following is the screenshot of inserted snippet:

7.       Locate <add key=”AspNetSqlMembershipProvider” value=”%” /> and insert following snippet after this tag:

      <add key="Ext" value="%" />


Inserted snippet looks like the following:

 

Save both files and reset IIS. This was manual editing of web.config files. Now let me show you how you can perform same tasks using a tool.
8.       Download FBA Configuration Manager for SharePoint 2013 from the following location:
9.       Unzip the package to a location that is easily accessible, for example, C:\software. Package has three files:

Ø  FBAConfigFeature.wsp
Ø  FBAConfigMgr.exe
Ø  HowToUseIt.txt
HowToUseIt.txt contains the installation instructions. Open All Programs > Microsoft SharePoint 2013 Products > SharePoint 2013 Management Shell and run following PowerShell commands:

add-spsolution -LiteralPath "C:\software\FBAConfigFeature.wsp"

install-spsolution -Identity fbaconfigfeature.wsp -GACDeployment


10.   Run FBAConfigMgr.exe.

Figure: FBA Configuration Manager
11.   In Web Application Url, enter the web application URL. Keep Zone value set to Default unless you chose another zone (in AAM configuration) for your web application.

12.   From Sample Configurations dropdown, choose SQL Connection String. This will add a sample connection string in the Connection String box.

13.   Again, choose People Picker Wildcard from the Sample Configurations dropdown. This will add a sample entry in the People Picker Wildcard box.

14.   Next, choose SQL Member from the Sample Configurations dropdown. This will add a sample entry in the Membership Provider box.

15.   Choose SQL Role from the Sample Configurations dropdown. This will add an entry in the Role Provider box.

16.   Now, it’s time to edit the sample entries.

a.       Replace value in Connection String box with the following:
<add name=”aspnetdb” connectionString=”Data Source=sp2013;Initial Catalog=aspnetdb;Integrated Security=SSPI” />
aspnedb is the database name. connectionString points to the database server that hosts the aspnetdb database.
b.      Replace value in People Picker Wildcard with the following:
<add key=”Ext” value=”%” />
Ext is the name of the SQLMembershipProvider.
c.       Replace value in Membership Provider with the following:
<add connectionStringName="aspnetdb" applicationName="fba" name="Ext" type="System.Web.Security.SqlMembershipProvider, System.Web,&#xD;&#xA; Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
d.      Replace value in Role Provider with the following:
<add connectionStringName="aspnetdb" applicationName="fba" name="ExtRole" type="System.Web.Security.SqlRoleProvider, System.Web,&#xD;&#xA; Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
17.   Click Apply Config button to apply these changes to the web.config file. Please take back up of your web.config file before applying these changes. These changes will be applied to the appropriate web.config files on each server in the farm. If you ever need to make any changes to this configuration, you can use the Get FBA Config button to retrieve the settings from the web.config file. Make changes and click the Apply Config button to apply the changes back to the web.config files.

18.   Now, open the SharePoint site in the browser to test everything we have configured.
You will see Sign In page with a dropdown box that lets you choose an authentication method.

Figure: Sign In screen
19.   Choose Forms Authentication. It will take you to the login screen. Enter user name and password for one of the users you created above in the external database and click Sign In button.

Figure: Login screen
20.   This is how the extranet site looks with FBA configured.

Figure: Extranet site