Claims Based Authentication inSharePoint 2010Before starting our actual configuration let us first understand what is clai...
1. Create a web Application in SharePoint Central Administrator, click on Claims based      Authentication.2. Go to Claims...
3. Once we have created a web application using Claims Based Authentication, we can create a sitecollection. Now we can ac...
4. Enter your credentials, and then click ok.
5. Now we are able to access our site.
Step B: - Configure the Membership provider and role manager.   1. Open the Command Prompt and navigate to C:WindowsMicrso...
2. Specify the Database name. If you don’t specify the database name then it will create    a database call aspnetdb.Note:...
Then we are able to connect with database with only database server name.3. Use membership seeder tool to create the users...
 Next screen will open as below. First click on Configure button Change the Database server name.it will ask to Restart ...
3. Then create the user Just type the name of the user in User Prefix box and password.
Step C: - Modify the web. Config file for Membership provider and role managerWe need to modify 3 different web.config fil...
Modify Web.config of the Central Administration web Application.Add below connection string into web.config file after <...
Modify web.config of STS. We can Navigate the STS web.config from %programfiles%common filesMicrosoft Sharedweb server ...
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Versi...
2. Click on Add User and Select Default Zone. Then Click Next.
3. Insert User name and give full Control. Then click on next button.
Thus you can see user in sql aspnetmembership provider is getting recognized   by SharePoint and web application.         ...
Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .new
Upcoming SlideShare
Loading in...5
×

Claims based authentication in share point 2010 .new

1,028

Published on

Claims Based Authentication in SharePoint 2010

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,028
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Claims based authentication in share point 2010 .new

  1. 1. Claims Based Authentication inSharePoint 2010Before starting our actual configuration let us first understand what is claims based authentication?We are going through am simple example: - Now I have Voter-Id Card which is provided by theGovernment of India. And I am traveling through Indian railway. In train Ticket checker comes andasks for identity at that time I can show my Voter-Id card and he said ok, because:-1. There is a trust between Indian Government and Indian railway.2. Voter-ID card describes my identity like my name, age, Address...etc.It means Indian Government provides authority to me, to live or travel anywhere in India .So I canclaim I am Indian. And Indian Government is my Identity Provider.Before Starting claim Base Authentication we need to understand some basic Concepts:-What is identity?It is a set of attribute which describe us uniquely (e.g. our name, age, address, email address etc.)What is Claim?Some rights or permission on which bases we can claim we are have the permission for this.What is Security Token?Security token is a collection of Claims valid for unique identity for specific time.htttp://www.parallelminds.bizClaim based security service not always requires own security, it also can be rely on other securityproviders.
  2. 2. 1. Create a web Application in SharePoint Central Administrator, click on Claims based Authentication.2. Go to Claims Authentication Type section and click on the check box to enable the Enable Formsbased Authentication (FBA). And give the name to ASP.Net Membership provider name andASP.Net Role manager.Note: - These Names are case Sensitive.
  3. 3. 3. Once we have created a web application using Claims Based Authentication, we can create a sitecollection. Now we can access the site choosing Windows Authentication or Forms BasedAuthentication.
  4. 4. 4. Enter your credentials, and then click ok.
  5. 5. 5. Now we are able to access our site.
  6. 6. Step B: - Configure the Membership provider and role manager. 1. Open the Command Prompt and navigate to C:WindowsMicrsooft .NetFramework64v2.0.50727 and Run “aspnet_regsql.exe”. This will open ASP .Net SQL Server Setup wizard. On this click on NEXT
  7. 7. 2. Specify the Database name. If you don’t specify the database name then it will create a database call aspnetdb.Note: - In Database name only give the Database Server name (Don’t give theinstance name because aspnetdb database must be create on root of database, itmeans in default instance). After clicking Next button on the next screen it willshow you Server Name and Database name. Then click on Next button.Important: - if the server is not connected it means on your database server defaultinstance is not created, so when you will try to connect the server usingManagement studio without giving the Instance name it will give you error“server is not found or named pipe is not enabled “.Needful: - First create a default instance in Database and give the permission to allthree accounts when you setup the farm like  (with all the permission likedbcreator, dbowner)  srv_sql  srv_setup  srv_farm
  8. 8. Then we are able to connect with database with only database server name.3. Use membership seeder tool to create the users in SQL database. You can find the tooland information on that from:-http://cks.codeplex.com/releases/view/7450After down load the membership seeder tool, in the bin folder again two folders are there name as  Debug  Release Select release version and run the MembershipSeeder.exe as Run as Administrator
  9. 9.  Next screen will open as below. First click on Configure button Change the Database server name.it will ask to Restart the MembershipSeeder tool 1. 2.
  10. 10. 3. Then create the user Just type the name of the user in User Prefix box and password.
  11. 11. Step C: - Modify the web. Config file for Membership provider and role managerWe need to modify 3 different web.config files for FBA to work. 1.Web.config of FBA Web application, 2. Web.config of Central Administration Site & 3. Web.config of STS.Modify Web.config of FBA Web Application. Add below connection string into web.config fileafter </SharePoint> and before <system. Web>. (Go to Start->run->type inetmgr -> site ->selectyour web application -> right click and explore -> select web config)Imp: - Take Backup of webconfig file before doing any changes.<connectionStrings> <add name="SQLConnectionString" connectionString="data source=SPSQL5;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> </connectionStrings>Also add membership provider and Role manager on same web.Config<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint,Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves rolesfrom SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web,Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> <membership defaultProvider="i"> <providers> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider,Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrievesmembership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership>
  12. 12. Modify Web.config of the Central Administration web Application.Add below connection string into web.config file after </SharePoint> and before <system.web>.<connectionStrings> <add name="SQLConnectionString" connectionString="data source=SPSQL5;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> </connectionStrings>Also add membership provider and Role manager on same web.Config<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="false"> <providers> <add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves rolesfrom SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web,Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> <membership defaultProvider="SQL-MembershipProvider"> <providers> <add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrievesmembership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership>
  13. 13. Modify web.config of STS. We can Navigate the STS web.config from %programfiles%common filesMicrosoft Sharedweb server extensions14WebServicesSecurityTokenAnd Add Below code before </Configuration> <connectionManagement> <add address="*" maxconnection="10000" /> </connectionManagement> </system.net> <connectionStrings> <add name="SQLConnectionString" connectionString="data source=PMTSLSQL;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> </connectionStrings> <system.web> <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> <membership defaultProvider="i"> <providers>
  14. 14. <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> </system.web>Step D:- 1. Go to Central Administration ----->Manage Web Application ----->User Policy.
  15. 15. 2. Click on Add User and Select Default Zone. Then Click Next.
  16. 16. 3. Insert User name and give full Control. Then click on next button.
  17. 17. Thus you can see user in sql aspnetmembership provider is getting recognized by SharePoint and web application. 4. Now we are going to open our site URL in next tab, and enter user name and password.4. You can see that Ravi is getting authenticated from aspnetmembersipprovider like old forms based authentication. That means SQL database containing aspnetmembershipprovider is identity provider and SharePoint security token service is Relying Party5. Now we are able to access our site.

×