Forms Based Authentication in SharePoint site
Written By: Manoj V -- 7/26/2011 --
(2326) comments --
Categories: Configurations, Infrastructure, MOSS 2007, Permission Management, System Administration, WSS3
< Prev -
- Next >
| Become a paid author
5. Configure Users in extended web application and Configure People Picker
When you access the extended web application in a browser we will be redirected to a sign-in page. Though we have created users in
the ADAM instance we have not given these
users privilege to access our extended site. The work around would be to log in to default site as Admin user (NTLM) and add the ADAM users. But for the ADAM users to list in
the default zone web application people picker we will have to make the same web.config changes as we did in previous step.
For the people picker in SharePoint to list the ADAM users, we have to specify a wild card in
the web.config file.
6. Limiting People Picker Results
In our case we do not want our AD users to be listed when a Vendor searches for users in People Picker in the FBA site. We have a couple of ways to restrict this, two of
Search only within a site collection is suitable to a classic extranet environment where the internal and external user accounts are in the active directory however you
do not want the extranet users to be able to search and browse the directory listing. Note that this is not 100% secure, users can still search Active Directory using a
fully qualified logon name, regardless of this property setting. To only list users who have been added to a site collection we can run the following command:
- Search only within a site collection.
- Non Windows Accounts only via FBA.
stsadm -o setproperty –url http://partner.mycompany.com/sites/partner1 –pn peoplepicker-onlysearchwithinsitecollection –pv yes
In this case the People Picker would only list users from that Site Collection.
In the second method, the People Picker will not return any users from Active
Directory. For example, say we have in our company a user named Bob and a partner has a user
named Bobby. If the site admin of the partner site searches in the People Picker for
the results will not include Bob in the AD domain. Here is the command:
stsadm -o setproperty -url https://partner.company.com -pn peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode -pv yes
When we extend a web application on to a zone where the content database is still the same, only a new
URL is configured and a new IIS website is created. Therefore, 'Search' will work
successfully because 'Crawl' will utilize the URL on the default zone.
In this article we saw how to configure a SharePoint application to use Forms
Based Authentication in a tenant or hosting scenario. ADAM is part of the Windows Server 2003
OS and in Windows Server 2008, we have AD LDS. The same principle can be applied to SharePoint 2010 and
we can configure it for FBA scenarios, however SharePoint 2010 can have
multiple authentication scenarios in the same zone using claims based authentication without extending
the web application.
< Prev -
- Next >