Configuring Forms Based Authentication in SharePoint 2013

Configuring Forms Based Authentication (FBA) in SharePoint 2013 – Part 1

Configuring Forms Based Authentication (FBA) in SharePoint 2013 – Part 2

Part 3 – Editing the Web.Config Files

SharePoint is actually divided up into several web applications – Central Administration, the Security Token Service and all of the SharePoint web applications that you create. Each of those web applications needs to know about the membership provider. Now, You will have to make changes to the following web.config files:

• SharePoint Central Administration
• SecurityTokenServiceApplication
• Every SharePoint web application you create that you would like to access via FBA.

Note: BEFORE EDITING ANY .CONFIG FILE – MAKE A BACKUP OF IT.

In order for FBA to work, the ConnectionString, .NET Roles provider and .NET Users provider also need to be added to the web.config files of the Security Token Service and the web.config file of the Central Administration Web Application.

First up: the Security Token Service.

From the IIS Manager, locate the web.config file location by following these steps:

Under the SharePoint Web Services IIS site, Select  SecurityTokenServiceApplication,open the context menu by right-clicking the SecurityTokenServiceApplication node and choose Explore.

This will open a Windows Explorer dialog with the location of the STS web.config file. The default location is C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\WebServices\SecurityToken.

Open the web.config in a text editor, like Notepad and make the following changes:

In the <configuration> section, see if there is a <connectionStrings> element present. If not, add a <connectionStrings> element. Next, add the element containing the connection string to the FBA database as highlighted in the Web App’s web.config file above, i.e.:

Next, check if there is a <system.web> element, with <membership> and <roleManager> elements present in the web.config, and add it if not, add them. Now add the membership and role manager providers, as highlighted in the Web App’s web.config snippet, i.e.

Save your changes to the web.config file.

Return to IIS Manager and locate the web.config file for Central Administration:

Select the SharePoint Central Administration v4 IIS site from the list of sites, open the context menu for this site and choose Explore.

From the Windows Explorer window, open the web.config file in a text editor like Notepad.

Here, also add the ConnectionString snippet to the <configuration> section and add the .NET Users and .NET Roles providers, just like you did for the STS site.

Note: the Central Admin’s web.config should already contain the <roleManager> and <membership> elements in <system.web>. Be sure not to modify any existing providers.

Important: the default provider for the roleManager must be set to “AspNetWindowsTokenRoleProvider”.

The role and membership providers have now been setup for SharePoint. Continue on to Part 4  to configure SharePoint to use the membership provider we just setup.