Tuesday, December 2, 2008

Active Directory Membership Provider with Forms Authentication in MOSS 2007

ASP.NET 2.0 Provider model has introduced a set of rich features to store states using a layer of providers . So users are not needed to directly call to databases or active directory. Some of these Providers are SqlMembershipProvider, ActiveDirectoryMembershipProvider, SqlSiteMapProvider ..etc .

The ASP.NET 2.0 Provider model has built in a way that the main functionality of the system is separate from the data sources. It means we can easily change data sources without harming the logic by simply changing providers. ASP.NET Membership Provider works in a similar way where controls like logins and membership service talk to membership data sources through data providers.

MOSS 2007 can use Active Directory as the data source using the ActiveDirectoryMembershipProvider.You can establish forms authentication with AD using the following procedure

in the web.config add following LDAP connection string
   1: < connectionstrings> 
   2: < add connectionstring="LDAP://,
   3:       DC=IRONONEMS" name="ADServices"> 
   4: </connectionstrings> 

After that provide information on the membership provider

   1: < membership defaultprovider="ADProvider"> 
   2:   < providers> 
   3:     < add name="ADProvider" 
   4:       type="System.Web.Security.ActiveDirectoryMembershipProvider, 
   5:       System.Web, Version=, Culture=neutral,
   6:       PublicKeyToken=b03f5f7f11d50a3a" 
   7:       connectionstringname="ADServices" 
   8:       connectionusername="MLEARNINGTEST\Test" 
   9:       connectionpassword="****"           
  10:       attributemapusername="sAMAccountName"> 
  11:     </add> 
  12:   </providers> 
  13: </membership> 

provide above information in the web.config file of the Central Administration site as well.

Now go to Sharepoint Central Administration to include authentication provider details.

In Application Management section click on Authentication Providers and select the current web application. Click on the default provider and modify the authentication type to be Forms Authentication. Enable anonymous access and give the name of provider as ADProvider which we had entered in the web.config.

After that go to Site Collection Administrators and select the first administrators for the site from the domain specified in the ldap connection string of the ADProvider

This should switch on Forms authentication for your MOSS 2007 web application