SharePoint/MOSS 2007 Forms Based Authentication Login/Registration Web Part

SharePoint 2007 and MOSS 2007 are built on ASP.Net 2.0 which means they can leverage many of the same features of ASP.Net 2.0 including the AspNetSqlMembershipProvider for use with Forms Based Authentication.  While the ability to use the SQL based authentication exists in SharePoint, the other features like user registration and password recovery are not available.  So having some time on my hands I decided to create a custom web part for FBA sites to allow users to login, register, and recover their password.

One thing I noticed while developing this web part for my own use is that the functionality of the standard ASP.Net controls wasn't really sufficient.  In particular I have added the following functionality:

  • 1. Made UserName and Password field prompts web part properties
  • 2. Added option to request user's First Name and Last Name when they are registering
  • 3. Added option to request user's Company Name when registering
  • 4. Added basic CAPTCHA functionality to avoid robot registrations
  • 5. Added functionality to automatically add the new user to a Site group specified by the administrator
  • 6. Added functionality to update the User Information List with the name and company info entered during registration.

To get started you first have to set up your site to use Forms based authentication.  Rather than rehash how to do that here, I'll provide a couple of links with the steps required.

Channel 9: http://channel9.msdn.com/ShowPost.aspx?PostID=299338
SharePoint Team Blog: http://blogs.msdn.com/sharepoint/archive/2006/08/16/702010.aspx

Once you have your site ready for Forms based authentication, you need to install the solution containing the web part and the CAPTCHA handler.  You can do this using the setup.bat command file located in the bin\Debug directory for the project. 

Setup.bat /install /weburl http://localhost/ /siteurl http://localhost/

Once the features are installed, you'll need to modify the web.config for the root site to add the assembly containing the utility methods used by both the web part and the CAPTCHA handler.

    <compilation batch="false" debug="false">
      <assemblies>
        <add assembly="BallardSoftware.SharePoint.FBA, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ac0a223a1bb0e47c" />
      </assemblies>

Next you'll need to check to make sure the CAPTCHA feature is enabled.  To do this go to Site Settings->Site Features.  You should see the screen below:

NOTE:  In order to upload the .ASHX file to your site, you may have to go to Central Administration and temporarily remove the .ASHX extension from the list of blocked file types.

Now that the wiring is complete, you can add the Login/Registration web part to any page.  I'm using a basic team site template and so to add a web part, click on Site Actions->Edit Page.  Then click on Add a Web Part in any zone.  This will bring up the following window.  Scroll down to the Miscellaneous section and you'll find the Login/Registration part.

After you click on Add, you'll see the web part displayed in the zone you selected... or actually not.  Nothing is displayed in the web part at this time because you are currently authenticated and therefore don't need to login or register.

The next step you'll want to take is to set the options for the web part.  To do this click on Edit on the top right of the web part and choose "Modify Shared Web Part".  This will bring up the tool pane on the right as shown below.

The first field is the group that new registrants should be added to.  The list is created from the groups currently defined for this web.  You'll notice at the bottom of the tool pane are three collapsed sections.  These are "All", "Login", and "Registration".  Each section contains options for that particular functionality.

The All section contains two text fields to allow you to set the prompt to be used for the UserName and Password fields regardless of which "mode" it is in.  The default is "User Name:" and "Password:".  If you prefer your users to use an email address as their user name you can change the prompt here.

The Login section contains options for whether to allow the user to register themselves or ask for password resets.  If you only want to use the web part for logins, you can uncheck these boxes and the user will not be presented with the option to register or reset their password.  The buttons if shown, are added by the web part and given specific CSS definitions to allow you to change their alignment, style, etc.  The classes used are "fbaLogin", "fbaLogin-regButton", and "fbaLogin-resetBtn".

The registration section contains a text field to allow you to specify a prompt to display above the registration section.  The default is "Sign Up For Your New Account".  Also in this section are checkboxes to allow you to specify if you want the user to enter their first and last names and/or their company name.  Note that if you check these options, those fields become required.  Also note that "Company Name" is not a default field in the User Information List so if you want to use it you have to add it to the list manually with the name set to "Company Name". 

Also shown is a checkbox that allows you to specify if you want to use the CAPTCHA feature for new registrations.  You can find out more information on CAPTCHA here.  This is a basic line of defense against automated registrations.

Click on "OK" and you're ready to go.  Now sign out and you'll see the Login/Registration part is displayed like this:

The "Remember me next time" option will work for the user by saving a cookie that will automatically authenticate them to the site at their next visit.  If the user clicks on the "Register" button, the web part changes to display as shown below:

Note that all fields are required and the password policy used is the one set in your web.config (or default if one is not set).  When the user enters the data correctly and clicks on "Create User" the user is created in the SQL database, then their information is updated in the User Information List (if it exists on that site) and the user is added to the group specified on the tool pane.  There are some tricks involved with making all of this happen but I'll go into that in another post or you can just look at the source code and see how it's done.

If from the login mode the user clicks on the "Reset Password" button the web part changes to display as shown.

The user can enter their username and then the security questions appear.  If the user enters them correctly a new password will be emailed to them.  Note that in order for the email to be sent (and an error not be displayed) you must have configured the SMTP server in the web.config.  Here is an example.

  <system.net>
    <mailSettings>
      <smtp from="Admin@sharepoint.rochester-consulting.com">
        <network host="v-win2k3" port="25" />
      </smtp>
    </mailSettings>

I'm sure that there are dozens of other features that can be added to this web part.  In particular, the next step is to create a means of managing users after they have registered themselves.  You can use the People and Groups to add and remove them from the site collection but they will still exist in the authentication database.  Rather than wait for that funcationlity though, I wanted to make this available now for those of you who may find it useful. 

These files are no longer available for download. Please see the latest code at http://www.codeplex.com/CKS for the latest in Forms Based Authentication for SharePoint 2007.

 

 

25 Comments

  • we were trying out the webpart you have provided and we are facing some problems. The main problem

    being:

    in addition to the fields provided, we need to add some more mandatory fields like gender, position,

    department, address, postal code, city, county, country and phone while the user registers to the

    site.
    Looking at the codes, we could not figure out how to make the changes for fulfiling our requirement.

    In addition to this, we have tried to open the solution to make some changes but were not able to do

    so too. It display an error that Visual studio does not supports such file format.

  • To add more fields to the user registration, in the AddRegistrationCtrl() method, call code similar to below:

    if (addGender)
    {
    TableRow tr1 = AddField("Gender:", "txtGender", "*");
    Table cuwTable = GetCreateUserTable();
    cuwTable.Rows.AddAt(3, tr1);
    }

    Then, in the cuw_CreatedUser() method add:

    if (addCompanyNameFld)
    newUser["Gender"] = ((TextBox)cuw.CreateUserStep.ContentTemplateContainer.FindControl("txtGender")).Text;

    As for the error message regarding unsupported project types, you must have installed the SharePoint Extensions for Visual Studio to use it.

  • I connot open the source code with vs 2005 do I need to install something specific?

    Thanks

  • Here is the link to the Visual Studio 2005 Extensions for WSS3. http://www.microsoft.com/downloads/details.aspx?familyid=19F21E5E-B715-4F0C-B959-8C6DCBDC1057&displaylang=en

    Paul

  • I'm trying to install it to a Publishing site. I'm having two problems that may be related.

    When running the setup bat file I get an error when it gets to the part of activating the CAPTCHA feature, saying, "The file you are attempting to save or retrieve has been blocked from this Web site by the server administrators." The same error is given when trying to manually activate it via the site features section of Site Settings. Any ideas of what file might not be liked?

    Possibly related is that the web part doesn't display on the site. I disabled the CAPTCHA option, but it still doesn't show. I don't know if it would start displaying if the CAPTCHA were working or not.

    Mark

  • Update on last comment:
    Of course as soon as you ask a question you find your own answer. &nbsp;The .ashx file was the offender. &nbsp;I went into the Central Admin Site -&gt; Operations -&gt; Blocked File Types and removes .ashx from the list and the CAPTCHA feature activated smoothly.
    However, I'm still having the other issue.

  • You won't see the web part if you are currently authenticated on the site. If you logoff you should see the logon screen.

  • Make sure that the BallardSoftware.Sharepoint.FBA.dll is either in the bin directory of the website or installed in the GAC. I believe the project installs it into the GAC.

  • I can not tell where the registation inforamtion saved. Is it in the profile provider database?

    Thanks

  • The registration data is stored in the database pointed to by your membership provider. It's also stored in the User Information List on SharePoint.

  • You can edit the Login.aspx page using SharePoint Designer or by editing the page itself on the SharePoint server.

  • I was able to install the web part. The login/registration form shows as expected. However, when I click on register, I get an error saying 'The user or group 'CUSTOMIZEDPROVIDERNAME:test111' is unknown.' Any clue as to what could be wrong?

    Thanks.

  • Did you create a user named test111? Is your membership provider named CUSTOMIZEDPROVIDERNAME? It looks like one of these values isn't set correctly. For example, on my test site the user name is aspnetsqlmembershipprovider:username.

  • Hi, i manage to made the webpart to insert a new user on a group, but not without an error...

    When i hit create user, i got an error message, but the user is created succesful, this is the message:

    Value does not fall within the expected range. at Microsoft.SharePoint.SPFieldCollection.GetField(String strName, Boolean bThrowException)
    at Microsoft.SharePoint.SPFieldCollection.GetField(String strName)
    at Microsoft.SharePoint.SPListItem.SetValue(String strName, Object value, SPField field, Boolean protectFields)
    at Microsoft.SharePoint.SPListItem.SetValue(String strName, Object value, Boolean protectFields)
    at Microsoft.SharePoint.SPListItem.set_Item(String fieldName, Object value)
    at BallardSoftware.SharePoint.FBA.LoginRegistration.b__0()
    at Microsoft.SharePoint.SPSecurity.CodeToRunElevatedWrapper(Object state)
    at Microsoft.SharePoint.SPSecurity.c__DisplayClass4.b__2()
    at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
    at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
    at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
    at BallardSoftware.SharePoint.FBA.LoginRegistration.cuw_CreatedUser(Object sender, EventArgs e)
    at System.Web.UI.WebControls.CreateUserWizard.OnCreatedUser(EventArgs e)
    at System.Web.UI.WebControls.CreateUserWizard.AttemptCreateUser()
    at System.Web.UI.WebControls.CreateUserWizard.OnNextButtonClick(WizardNavigationEventArgs e)
    at System.Web.UI.WebControls.Wizard.OnBubbleEvent(Object source, EventArgs e)
    at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args)
    at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

  • This error is probably caused by the group name set in the web part not being found. Make sure you've got everything wired up correctly. If not that, make sure that the site you are using the web part on has the "User Information List" defined.

  • Paul, can you refer me to an article that further explains how to update login.aspx with your webpart. When I attempt to do this in SharePoint Designer, I do not have the option of inserting a web part zone, and subsequently, your web part.

    Thank you.
    -chad

  • The Login.aspx page is not a web part page, therefore you can't drop the Login web part onto it. However, they both use the same ASP.NET infrastructure so if you have FBA enabled on your site, the Login.aspx page will use the SQL based membership provider.

  • I plan to implement this on my blog site later today. Also thanks for providing source code, as I am sure I will find ways I want to extend this thing. Looks nicely done as webparts go!

    With reagard to Login.aspx I imagine you could modify your sire master pages and web.config to point to a different URL for a login page that *is* a web part page, no? Sounds like a lot of work though.

    What might be nice is a feature/project that can be easily deployed to a site, which would include pages for managing FBA users, roles, memebership profiles, etc. I'll see if I can't come up with something.

  • Patience folks, all you need is patience. The SharePoint CKS team that I'm on is nearly ready for the first public beta of their FBA features that include users, roles, etc.

  • I have installed the webpart without any issues. Just wondering if I am able to change the background colors, field colors, etc...

    Thanks!

  • If you look, you'll see that the web parts have a CSSClass defined that start with "fba". You should be able to use these to style your web part.

  • Please can you help out in customizing the login page with the custom Login Webpart.

    Thanks,
    Nageswari.

  • I've gotten several requests for some explanation of how to add the Login web part to the Login.aspx page. The Login.aspx page is not a Web Part page, and so you can't just add the web part to that page.

    You can replace the Login.aspx page with a web part page and then add the control to that page or you can just drop the web part on your home page. Or you can just do nothing, if you switch the MembershipProvider to FBA the Login.aspx page will still work just as it always did.

  • Hi,
    I have a problem while adding new user through share point site through form based authentication. i created extranet and internet sites and updated the web.config file. site is opening but the problem is when click on site actions->site settings->people and group and try to add new user not able to do this. anyone know about this what is the problem?

  • There is no corrolation between SharePoint People and Groups and users created in the MembershipProvider, at least in the code I wrote.

    However, and at the risk of sounding like a broken record, that is something we'll be addressing in the CKS:IEE edition to be released hopefully very soon.

Comments have been disabled for this content.