Forms Based Authentication in SharePoint site

Written By: Manoj V -- 7/26/2011 -- join -- contribute -- (3040) comments -- printer friendly version

Rating: Rate --

Categories: Configurations, Infrastructure, MOSS 2007, Permission Management, System Administration, WSS3

< Prev - 1 | 2 | 3 | 4 | 5 | - Next > | Become a paid author

5. Configure Users in extended web application and Configure People Picker

When you access the extended web application in a browser we will be redirected to a sign-in page. Though we have created users in the ADAM instance we have not given these users privilege to access our extended site. The work around would be to log in to default site as Admin user (NTLM) and add the ADAM users. But for the ADAM users to list in the default zone web application people picker we will have to make the same web.config changes as we did in previous step.

For the people picker in SharePoint to list the ADAM users, we have to specify a wild card in the web.config file.

People Picker change

6. Limiting People Picker Results

In our case we do not want our AD users to be listed when a Vendor searches for users in People Picker in the FBA site. We have a couple of ways to restrict this, two of which are:

  • Search only within a site collection.
  • Non Windows Accounts only via FBA.
Search only within a site collection is suitable to a classic extranet environment where the internal and external user accounts are in the active directory however you do not want the extranet users to be able to search and browse the directory listing. Note that this is not 100% secure, users can still search Active Directory using a fully qualified logon name, regardless of this property setting. To only list users who have been added to a site collection we can run the following command:

stsadm -o setproperty –url –pn peoplepicker-onlysearchwithinsitecollection –pv yes

In this case the People Picker would only list users from that Site Collection.

In the second method, the People Picker will not return any users from Active Directory. For example, say we have in our company a user named Bob and a partner has a user named Bobby. If the site admin of the partner site searches in the People Picker for 'Bob', the results will not include Bob  in the AD domain. Here is the command:

stsadm -o setproperty -url -pn peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode -pv yes

When we extend a web application on to a zone where the content database is still the same, only a new URL is configured and a new IIS website is created. Therefore, 'Search' will work successfully because 'Crawl' will utilize the URL on the default zone.

In this article we saw how to configure a SharePoint application to use Forms Based Authentication in a tenant or hosting scenario. ADAM is part of the Windows Server 2003 OS and in Windows Server 2008, we have AD LDS. The same principle can be applied to SharePoint 2010 and we can configure it for FBA scenarios, however SharePoint 2010 can have multiple authentication scenarios in the same zone using claims based authentication without extending the web application.

Next Steps

< Prev - 1 | 2 | 3 | 4 | 5 | - Next >

Learn more about SharePoint

Sponsor Information

Copyright (c) 2010-2017 Edgewood Solutions, LLC All rights reserved
privacy | disclaimer | copyright | advertise | contribute | feedback | about
Some names and products listed are the registered trademarks of their respective owners. |