April 20, 2011

Claims Based Authentication for SharePoint 2010–Part II

In my previous post, I talked about how to enable Claims Based Authentication. In this post, I’ll talk about one more aspect of it – Forms Based Authentication (FBA). FBA can be helpful for creating internet facing, public sites which can be accessed by millions of users who can’t be part of your Active Directory infrastructure.

ASP.NET when launched supported 3 types authentications namely: Windows Authentication (better for Intranet scenarios and credentials are stored inside Active Directory), Passport Authentication (Now Live ID Authentication, can be used via Claims Based Authentication) & FBA (where user data is maintained inside SQL Database). ASP.NET 2.0 provided some tools and classes and made FBA much more simpler. It automatically created required tables, stored procs, UI to manage Users (Membership Providers), their access rules by their roles (Role Provider) and store some more data about users (Profile Provider).

These tools and classes are available within SharePoint Server. To configure SharePoint for FBA follow the steps mentioned below:

STEP01: Creating a database and schema for FBA

First create a blank database in SQL Server Management Studio (e.g  test1.tendulkar.db). To configure this database with FBA, run command prompt at elevated privileges an run following command:


This will open up a ASP.NET SQL Server Setup Wizard. Here click next and choose ‘Configure SQL Server for application services’. Now, the window will look something like below:


This process will create all the required tables, views, stored procedures for above mentioned providers.


STEP02: Configure FBA inside IIS

Execute start –> run –> inetmgr


Here, you’ll see different web applications along with ‘SharePoint Central Administration’ and ‘SharePoint Web Services’ application. Please note highlighted sections.

In SharePoint Central Administration first add Connection String. You’ll see a window something like below:


After that, in Providers, add Roles Provider and for that matter, you should get following window


Now, add Membership provider and window will look like image mentioned below


Now, add Profile provider


Repeat this process for SharePoint Web Services web application as well.

STEP03: Enable FBA for Web App

When you created Web Application, if you’ve selected Claims Based Authentication, go back to SharePoint Central Administration and select your Web Application. On ribbon, click on Authentication Providers and select Default. This will bring in your Web App settings window. Here, pass-on our just configured providers.


Now repeat the step (02) of creating Connection, Role Provider, Membership Provider and Profile Provider for this application in IIS.

Remember, these providers needs to be present at 3 locations, i.e. a) Central Administration, b) Web Services and c) your Web App

Now, create roles and users for this application inside IIS. Once you’re done with it, create site collection for Web App. After you create a site collection and navigate to browsing, it will give following options:


It will bring in the default sing-in page. Provide your use credentials and log in. Once you log-in you’ll be able to see the custom FBA login name at top.


I hope, this will help you to get started. In my next post we’ll go deeper into this FBA stuff and also we’ll try Claims Based Authentication using Trusted Identity Providers.


Mayur Tendulkar | www.mayurtendulkar.com

Other References:

April 13, 2011

Claims Based Authentication for SharePoint 2010–Part I

To allow users to access SharePoint, the platform, provides two authentication mechanisms & whenever, you create a new Web Application, you get these two authentication mechanisms as an option:


Classic Mode Authentication is a passé and use traditional approach to authenticate users with Active Directory. If you’re still using this mode of authentication – get a life.

Claims Based Authentication is the mantra of new generation SharePoint applications. It is like, whilst authentication, user says: My name is Mayur Tendulkar and here is my (identity claim) driving license issued by state government (or token from Facebook, Twitter, LinkedIn or from your other site). Here user claims to be Mayur Tendulkar by providing some tokens. This can help in building internet facing web apps, where tons of users can’t be created in AD and using their existing credentials/claims (like again from Twitter, FB, LinkedIn) can be very helpful.

Once you select Claims Based Authentication, you get few options as mentioned:


By default, Windows Authentication is enabled so that you can crawl through the application even if you don’t have other type of account. If this is disabled, you won’t be able to access application, until and unless you’ve the account for claims mode.

Forms Based Authentication (which I’ll explain more in next blog post), is the most helpful authentication scheme provided by Claims Based Authentication. When you’re using Forms Based Authentication, user credentials/data will be stored in SQL Database (or LDAP, or other stores) and can be authenticated against. Not just AD.

If you want users to claim their identity through other accounts like Facebook, LinkedIn, Twitter, you need to allow them to do so. For that matter, you need to first trust these third-parties and mention them as Trusted Identity Provider. It is just like SharePoint saying, ‘I trust government issued driving licenses, do you have one?’

This can be done by creating a Secure Token Service and defining Trusted Identity Provider.

Once you provide these details, while browsing the sites, your users will have different options:


In next blog post, I’ll talk about using SQL Server and Forms Based Authentication with SharePoint 2010. Till then,


Mayur Tendulkar | www.mayurtendulkar.com

April 7, 2011

Cloud for Windows Phone

These days, cloud and phone are the hottest technologies. Microsoft is pushing Windows Azure and Windows Phone very hard to the customers.

On 9th April, Pune User Group is hosting a Microsoft event for Windows Azure, titled: Windows Azure Camp . In this event, industry veterans are going to talk about various topics related Windows Azure.


In this event, I’ll talking about Cloud for Windows Phone. This session is all about how we can use Windows Phone to access and manipulate cloud data. We’ll see different scenarios where this combination of technologies will be helpful, what tools and SDKs are required and how to setup development environment. Apart from that, we’ll have some demos for the talk.

To get more information about the event follow: http://www.puneusergroup.org/events/WindowsAzureCamp/index.html


Mayur Tendulkar | www.mayurtendulkar.com

April 3, 2011

jQuery Support for Windows Phone 7

jQuery mobile is one of the best JavaScript library to design and develop mobile web applications. It is built on the same core jQuery engine.

I’m really happy that finally jQuery mobile is going to support Windows Phone 7. This is very important because, currently this is the only best library, which can provide cross platform web development. Once you design a site for one device, it will run flawlessly on any other supporting devices.


I’ll be much more happier, when Mango release will provide HTML5 support to Windows Phone 7 devices and give us more opportunities to explore the platform.

You can find more information about jquerymobile at: http://jquerymobile.com/ 


Mayur Tendulkar | www.mayurtendulkar.com