Nick Swan's SharePoint Blog

a day in the life of a Sharepoint and .NET guy!

My Links

News




Post Categories

Archives

Blog Stats

Blogroll

Books

VB-tech website

VB-tech work

Xbox

Multiple SharePoint 2007 sites running off Forms Authentication

Whether this was possible had me puzzled for a little while.

The scenario is, you want to run two WSS 3.0 (or MOSS 2007) sites of Forms Authentication, but they have different set of users and roles each. This could be typical in a hosted environment I guess.

The seperate WSS 3.0 sites and web applications themselves weren't a problem because you can put seperate connection strings, roles, and aspnetdb application names in each web.config. It was how to get Central Administration to recognise 2 seperate FBA applications so you could set the site collection administrators. I've already done plenty of FBA stuff with ASP.NET so thankfully this isn't new to me like it might be many SP administrators. Here's the stuff you need to put in central admin to get it working.

<connectionStrings>
    <add name="FBA1ConnString" connectionString="server=NickServer;database=AspNetDB;uid=sa;pwd=*****;" providerName="System.Data.SqlClient" />
    <add name="FBA2ConnString" connectionString="server=NickServer;database=AspNetDB;uid=sa;pwd=*****;" providerName="System.Data.SqlClient" />
</connectionStrings>

Having just looked at this, if you were more clever than me you could in effect just have one connection string as we're looking at the same aspnetdb

<membership defaultProvider="FBA1AspNetSqlMembershipProvider">
    <providers>
        <add name="FBA1AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="FBA1ConnString"
        enablePasswordRetrieval="false"
        enablePasswordReset="true"
        requiresQuestionAndAnswer="false"
        applicationName="FBA1"
        requiresUniqueEmail="false"
        passwordFormat="Hashed"
        maxInvalidPasswordAttempts="5"
        minRequiredPasswordLength="1"
        minRequiredNonalphanumericCharacters="0"
        passwordAttemptWindow="10"
        passwordStrengthRegularExpression=""
        />

        <add name="FBA2AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="FBA2ConnString"
        enablePasswordRetrieval="false"
        enablePasswordReset="true"
        requiresQuestionAndAnswer="false"
        applicationName="FBA2"
        requiresUniqueEmail="false"
        passwordFormat="Hashed"
        maxInvalidPasswordAttempts="5"
        minRequiredPasswordLength="1"
        minRequiredNonalphanumericCharacters="0"
        passwordAttemptWindow="10"
        passwordStrengthRegularExpression=""
        />

    </providers>

</membership>

<!-- role provider -->
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
    <providers>
        <add name="FBA1AspNetSqlRoleProvider"
        type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="FBA1ConnString"
        applicationName="/"
        />
        <add name="FBA2AspNetSqlRoleProvider"
        type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="FBA2ConnString"
        applicationName="/"
        />
    </providers>
</roleManager>

For this to all make sense here are some articles I suggest reading:

http://www.wildwires.com/Blog/PermaLink,guid,2dc7ea3d-c892-4baa-b990-671e0c2ab673.aspx

http://www.chandima.net/Blog/Lists/Posts/Post.aspx?ID=6

http://www.andrewconnell.com/blog/articles/HowToConfigPublishingSiteWithDualAuthProvidersAndAnonAccess.aspx

My very old post on setting up FBA:
http://weblog.vb-tech.com/nick/archive/2006/06/14/1617.aspx

posted on Friday, March 09, 2007 11:03 AM

Get email alerts when this blog is updated!

Feedback

# re: Multiple SharePoint 2007 sites running off Forms Authentication 4/11/2007 5:05 AM Henky C. Katianda

Hi Nick,

If I have 1 WSS 3 (or even MOSS 2007) web application and that app must have a flexibility to users to choose which provider they want to use to authenticate theirselves using FBA. Therefore, I must have 2 kinds of membership providers, for example SqlMembershipProvider and ActiveDirectoryMembershipProvide.

I already tried FBA with SqlMembershipProvider and ActiveDirectoryMembershipProvider separately (using ASP.NET 2.0 Login web control or my own login control).

But, when I was combining these 2 kind of providers and let's say there is a drop down list to choose which provider that users (let's say me or you) want to use, the problem occurred.

It is not cause by failure when authenticate, because SharePoint known that we passed that authentication but SharePoint did not recognize as a valid authorize user (with this message: ACCESS DENIED).

Yes, I checked for Site Permissions, and yes we have a FULL CONTROL (for example).

I hunted it down to the fact that it caused by a default provider attribute in membership element in web.config file.

It looks like SharePoint knew that we passed that authentication regardless the provider that we choosed previously. But SharePoint also knew why the hell this guy choose a provider that was not a default provider stated in web.config file (membership element).

When I read this blog message, I suggest that you might have the same FBA app (cause it used multiple provider). CMIIW.

How can I solve my problem? I mean is there any way to bypass the default provider so that my case will work seamlessly.

Because it was not about authentication itself (including the code) or even Site Permission, it must be caused by something else.....

Thank's in advanced.

Title  
Name  
Url
Comments - All Comments are moderated and will not be displayed until approved by this blog's author    
Enter the code you see: