Forms-based authentication is useful in an extranet scenario where you don't want external users in your Active Directory. But what's really cool is that you can configure SharePoint to use multiple authentication providers for the same site. That means you can have external users of an extranet logging in by typing a username and a password (forms-based authentication) and still provide a seamless user experience for internal users of that same extranet by authenticating them based on their existing Active Directory credentials (windows integrated authentication).
There are two really good posts on how to configure SharePoint to use multiple authentication providers:
- SharePoint Team Blog: Configuring Multiple Authentication Providers for SharePoint 2007.
- Andrew Connell: Configuring a Office SharePoint Server 2007 Publishing Site with Dual Authentication Providers and Anonymous Access.
Now, my whole point of this post was to share a couple things based on my experience with configuring this:
- The first couple of times I configured dual authentication carefully following the instructions in the posts above, it simply wouldn't work for me. I didn't get any useful error messages, SharePoint just didn't want to resolve my forms-based authenticated users. After many hours of frustration I realised that the account that my SharePoint application pool was running under didn't have access to the database where my users were stored. So, after you've created your ASP.NET 2.0 framework database with the aspnet_regsql.exe tool make sure to grant permissions to your SharePoint application pool account.
- Following Andrew Connell's tip, Visual Studio 2005's ASP.NET Configuration Website is a quick and easy way to verify your web.config settings and to add some users into your database. But for your end users, you want to provide a more user friendly and secure way of adding new users. One way of achieving this is to create a new web part page that is only accessible by site owners. Using SharePoint Designer you drop the standard CreateUserWizard ASP.NET 2.0 control onto that page. Remember to set the MembershipProvider property for that control as well as other properties you may want to customise. Similarily, you can also utilise the other standard ASP.NET 2.0 controls, such as ChangePassword, PasswordRecovery, etc.
Update: I just came across this great post on Chandima's Blog. It's another detailed guide on how to configure forms-based authentication. He has also released an early version of a SharePoint feature he is working on. This feature will add user administration functionality to a site using forms-based authentication. Nice work!