MOSS and Forms-Based Authentication: the Tricks

There are three great guides to configuing FBA: Andrew Connell had the best article first. Dan Attis built on this by getting My Sites and Profile imports working (Part 1, Part 2). Then Stacey Draper wrote it for people who prefer paper in his chapter of Real World SharePoint. They all configure the web application using host headers, and this is why:

If you distinguish your web application by port alone, you will receive a 403 Forbidden Error when you try to reach many (but not all) application pages stored in the _layouts folder. For example, /_layouts/sitemanager.aspx and AccessDenied.aspx will work, but settings.aspx and viewlsts.aspx will not. The solution is to instead configure the web applications with host headers.

A related issue points to a problematic ASP.NET fix (KB 928365) though the symptoms appear different - site settings remains available and only the user permission pages are unavailable. 

If you only want FBA, and do not want Active Directory at all (as the walk throughs do for the internal-facing site), you can. It works. You do not need to set up two sites as Andrew, Dan and Stacey do. However, the Index service will not crawl an FBA-only MOSS site. This is why it is recommended that you set up multiple authentication -- Windows from the internal-facing site, FBA on the internet-facing site -- index server will work. The workaround would be to crawl only the anonymously-accessible pages of the FBA site, indexing it as you would any public internet site.

If configuring multiple authentication, it does not matter whether the default site is configured for FBA or Windows authentication. Andrew and Dan do it different from each other, and both work.

To manage users get the Community Kit Extranet Edition, it adds great login and forgot password web parts, FBA user management and more. The SP&T team's announcement contains screenshots and more. It was based on Stacy's Forms Based Authentication Tools project on Codeplex and takes that great idea a long ways further. 

[Updated 2007-11-19 with the CSK Extranet Edition for Forms-based Authentication] 

Published Friday, September 07, 2007 2:48 PM by erobillard
Filed under: , ,

Comments

Sunday, September 09, 2007 3:17 AM by Christopher Steen

# Link Listing - September 8, 2007

Link Listing - September 8, 2007

Wednesday, September 19, 2007 3:17 PM by Richard M

# re: MOSS and Forms-Based Authentication: the Tricks

A point to add to Dan's post which I don't think he covered.  He discusssed two possible ways of implementing the MySites pages.  He went on to describe using "Method #2".  If you use "Method #1" you may get an error stating that Self-service site creation is not activated.  If so then in CA->App Mgmt->Self-Service Site Management you need to enable Self-Service Site Creation.

A second error that may be seen is "There has been an error creating the personal site. Contact your site administrator for more information."  This may be curable using a hotfix more information at support.microsoft.com/.../937207

Wednesday, June 11, 2008 12:54 PM by moss 2007 design host headers

# moss 2007 design host headers

Pingback from  moss 2007 design host headers

Thursday, July 10, 2008 2:21 AM by Virendra Jain

# re: MOSS and Forms-Based Authentication: the Tricks

Hi

I want to implement a form based authentication on my WSS 3.0 Site. As far as the information available, it uses the ASP.NEt Provider framework and its object like Membership Object. This membership object talk to the database created by ASP.Net Provider framework. I want to use the same member ship object for the SQL database with different Schema. I am not sure what this membership object return and how I can used the derive object to return what WSS 3.0 require to authenticate and authorise users.

Can you put some light on this>?

Cheers

Virendra Jain

virendra.munot@gmail.com

Leave a Comment

(required) 
(required) 
(optional)
(required)