Wednesday, May 02, 2012

Sharepoint Foundation 2010 FBA and NTLM (no web.config edit)

Here some of my experience with SharePoint Foundation 2010 installation and NTLM with FBA configuration on Windows 2008 R2 sp1 platform. Farm configuration - one Front end and one Back end SQL 2008 R2 server. I did not manually edit any web.config files.
  1. Windows 2008 r2 installation on hyper-v virtual machine on Windows 2008 R2 cluster.
  2. SharePoint foundation 2010 prerequisite installation on Windows 2008 r2 server.
  3. SharePoint foundation 2010 installation.
  4. Service pack 1 for SharePoint foundation 2010 installation.
  5. Check if sp1 installation was successful.
  6. Create FBA user database.
  7. Configure additional SharePoint services for start.
  8. Configure IIS for FBA.
  9. Create SharePoint Web application, configure the Web application and IIS (web application site) for Claim Based Authentication (NTLM and FBA).
  10. Provision FBA roles and users, give FBA user access rights to the Web application.
  11. Test the solution.

Disclaimer: It is not "Best practices" - only the notes for myself.

Windows 2008 r2 installation on hyper-v virtual machine on Windows 2008 R2 cluster.

Nothing special during the installation, but my advise do not use templates and install it from ISO Windows 2008 R2 installation disk. Choose the simple server name no more then 8 char and no special chars, if possible. In case if something wrong, it can make easy the troubleshooting.

SharePoint foundation 2010 prerequisite installation on Windows 2008 r2 server.

Run SharePoint  Foundation 2010 setup and go to "Install software prerequisites". Only one note - after first run exit the setup and run "Install software prerequisites" second time to be sue nothing from prerequisites is missing.

SharePoint foundation 2010 installation.

Before installation create one AD account with "Domain Admin" rights and DBO rights to SQL server (the rights assigned to this account can be more restrict, but for small business with small IT staff it is not so important). The account will be used for IIS Application Pools, site administrators, search and etc. Run the installation - Choose Server Farm button (in my case I have two servers in the farm). Run Configuration Wizard.

Service pack 1 for SharePoint foundation 2010 installation.

Download and install SharePoint Foundation sp1. Check if sp1 installation was successful.



Check "Install Status"  and  "Status" (for datatbases) column , if the status is not installed or update required, you need to run psconfig:
1. Open an Administrative command prompt.
2. Change directory to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN
3. Run
PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures
The above from:
http://blogs.technet.com/b/sbs/archive/2011/07/06/potential-issues-after-installing-sharepoint-foundation-2010-sp1.aspx 

Create FBA user database.

Create the database from .NET scrip, from Technet Blog - Raymundo Vale

Create SQL FBA database to store non-Windows domain users

Open the ASP.Net wizard and creating the database which will store non-Windows domain users for your extranet access:
-          Go to the path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
-          Choose “Configure SQL Server for application services
-          Type the SQL Server name you want. You don’t have to use the SharePoint database server
-          Keep Windows Authentication as default
-          Use “Default” or type the database name you will create at the end of the process

The first time you create the ASP.NET database you have to choose Windows Authentication and create or USE an existing database*

-          Just confirm the settings and that’s it for this part
*You can create a new ASP.NET database to store new users or you ALSO use the one you already have in your MOSS2007, just make sure you are having the correct permissions over the migrated database to the new SQL Login you already created in steps before. 

Configure additional SharePoint services for start.




Check those services Status and start services according the list above.
 

Configure IIS for FBA.

 I will use only GUI to configure FBA on the server. Open IIS Manager and Add Connection string to your SQL server Membership database at Root of IIS (it will be inherited all the way down):

It should looks like this:

Add Providers in "SharePoint Central Administration Site", First .NET Roles:



Default Provider should be AspNetSqlRoleProvider for this site:


Second .NET Users:



 Default Provider can be FBAMembershipProvider for this site, you can change default provider in .NET Users and .NET Roles (but I do not think it is important maybe only for testing Membership database connection):


Do the same for SecurityTokenServiceApplication Site, but do not change Default Providers.





Create SharePoint Web application, configure the Web application and IIS (web application site) for Claim Based Authentication (NTLM and FBA).

Create Web application in Central Administration:





Configure IIS for the Web Application:

 




Provision FBA roles and users - add or change users or roles (the database must have at least one role configured) we can temporary change default provider for this  Web Application or create a Web Application just for  that purpose and do it there.

Give FBA user access rights to the Web application.


Test the solution. 

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)