Windows SharePoint Services 3.0 (WSS 3.0) and Form Base Authentication

I believe that these days it is not necessary to explain what SharePoint is.  Everyone at least heard the name. I would like to talk about how to install Windows SharePoint Services 3.0 and how to configure it to work inForm Base Authentication mode. You can ask me why Form Base Authentication Mode? There are several reasons for choosing it. One of them was to provide a Web Hosting with SharePoint enabled service. By using Form Base Authentication mode Webmaster can manage users directly through web interface. In this mode all users stored in MS SQL database, so webmaster does not need to have any permission on server or entire network.

So, let’s start from scratch, step by step.
The first step is to Install Internet Information Service (IIS). To do this I really recommend using “Manage Your Server” from Administration Tools and add a new role, Application server (IIS, ASP.NET). Please keep in mind NOT to do all this stuff on Domain Controller, please install WSS 3.0 on Member server.  After IIS successfully installed, start installation of Microsoft .NET Framework Version 2.0 Redistributable Package. If Microsoft .NET Framework Version 2.0 Redistributable Package was already installed, please reinstall it after IIS installation. When we finish with Microsoft .NET Framework Version 2.0 Redistributable Package, we have to install Microsoft .NET Framework 3.0 Redistributable Package. If Microsoft .NET Framework Version 3.0 Redistributable Package was already installed, please reinstall it after IIS installation. So far, so good. We are ready to start MS SQL 200x installation process. It is really straight forward process, so I’m not going to explain how to press NEXT NEXT NEXT :).

By this point, we already have IIS 6 and MS SQL Server installed on our server. Before we continue,PLEASE install last windows updates, at least for IIS and MS SQL.
When all new updates installed we are ready to start installation of Windows SharePoint Services (WSS 3.0). On “Chose the installation you want” screen select “Advance”.

On the next screen make selection according to the following picture:

When setup process completed, make sure to leave checkbox selected on the “Run the SharePoint Products and Technologies Configuration Wizard” and click ‘Close” button.

The “SharePoint Products and Technologies Configuration Wizard” should start immediately. On one of the next screens make selection about “farm” settings. In my case, I selected according to the following picture.

OK, now we have to provide information about our SQL server. You can see what I set on my server:

Make sure to check the next screen:

By clicking on “Advance” button on the next screen you will see some information necessary for setting up “Active Directory Account Creation Mode”, but we will speak about this in another article, right now just remember about this. So, we are not going to click on “Advance” button  we just click on NEXT button and relax for a next few minutes until wizard completed.

OK, now we have to create our first “Web Application”. To do this we should start “SharePoint 3.0 Central Administration“ and go to the “Application Management” tab. On this tab we have to select “Create or extend Web application“.

On the next screen click on the “Create a new Web application”. Fill out all necessary information. Be careful in “Application Pool” section. Take a look at my application:

Of course, you can use other user account, not Administrator, but when I make a configuration, I prefer not to waste time on security issues and use Administrator account. When I get a working system I’m starting ahardening process and perform a security tasks. When Application created, we need to create a new site collection.  This process is straight forward, so I don’t what to provide any additional information about it. After all stuff that we did we can start IE and navigate to the http://localhost. We should gate something like this one:

At this point we can start setting up Form Base Authentication mode. Let’s allow the Anonymous accessto our web site. We need to come back to our “SharePoint 3.0 Central Administration” and go to “Application Management” tab. On that tab go to Application Security section and click on “Authentication providers” link. On the next screen select your Web Application, and under “Anonymous Access” section select “Enable anonymous access” check box and then click on SAVE button. Now, when we turned on anonymous access we have to go back to our default SharePoint web site (http://localhost) and from “Site Actions” select “Site Settings”.

On the next screen click on “Advanced permissions” link and from “Settings” select “Anonymous Access”

On the “Change Anonymous Access Settings: WSS 3.0” window select “Entire Web site” and click onOK button. We have enabled an Anonymous Access and we can continue to the most interesting part of this article. On the next step I recommend to install “Microsoft Visual Web Developer 2008 Express Edition” on SharePoint Server, it’s absolutely  free and could be downloaded from Microsoft. We will use “Microsoft Visual Web Developer 2008 Express Edition” later on.

One more time let’s go to the directory “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727” and run file aspnet_regsql.exe. After a few seconds you will see “ASP.NET SQL Server Setup Wizard” window. Click NEXT button, and on the appeared window select “Configure SQL Server for application services” and YES, click NEXT again. Now we have to provide a server name where our SQL server installed and clickNEXT. On the next window, you will see that wizards going to create a database aspnetdb, confirm this by clicking NEXT button and then click on FINISH button. Now, let’s open an Application Pool on our SharePoint Server and check what user we are using on “Application pool identity” screen. To do this open IIS manager, expend SERVER, Application Pools and select the pool used in SharePoint configuration. Right click on this pool and select Properties. Switch to the Identity tab. You should see a screen similar to this one:

Keep in mind, that the user used to run SharePoint application pool (On IIS server) must have permissionsdb_datareader and db_datawriter on just created aspnetdb database.

Now, let create a new directory, name it “UserManagement”. I created it on the following path:

C:\Inetpub\UserManagement

Inside UserManagement create a file web.config. To skip a long explanation about what should be inside this file I just show you what I have inside my:

connectionString=”Server=WSS3-1;Database=aspnetdb;Integrated Security=SSPI;”
providerName=”System.Data.SqlClient”/>

Remember to provide a correct name of your server on the following line:

           connectionString=”Server=WSS3-1;Database=aspnetdb;Integrated Security=SSPI;”

When we done with this, we need to create a new “Virtual Directory” inside our SharePoint website. Open IIS Manager, find your SharePoint website, and right click on it, select NEW and then “Virtual Directory”.

On the “Virtual Directory Access Permissions” window allow “Read” and “Run scripts (such as ASP)” permissions. Don’t forget to go to the Properties of this virtual directory and be sure that you use the same application pool as a main SharePoint.

OK, now is time to start a “Microsoft Visual Web Developer 2008 Express Edition”. Now from directoryC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG we need to open machine.config file. Inside machine.config find the following string:

“AspNetSqlMembershipProvider”

Few lines up you could see a line with following string:

“add name=”LocalSqlServer” connectionString=”

Please change this line according to the following example:

abase=aspnetdb;Integrated Security=SSPI;” providerName=”System.Data.SqlClient”/>


Ok, now we are going to File > Open Web site…, select Local IIS and UserManagement virtual directory:

Now, we need to start “ASP.net Web Site Administration Tool“. From the menu go to Website and select “ASP.NET Configuration“:

On the “ASP.net Web Site Administration Tool” window click on the Security link

On the next screen click on the “Select authentication type” link. Be sure that “From the internet” option selected

Now we can press DONE button. If we go to the Security tab and click on the “Create user” link we could create a new user.

All users created trough this interface will be stored inside aspnetdb database.
Now let’s open a web.config from our main SharePoint. In my case this file located at:


C:\Inetpub\wwwroot\wss\VirtualDirectories\80 directory.

Right after line and before add the following section:

Database=aspnetdb;Integrated Security=SSPI;”
providerName=”System.Data.SqlClient” />

Finally we have to go back to our SharePoint. Start “SharePoint 3.0 Central Administration”. Inside the SharePoint 3.0 Central Administration go to “Application Management”. Now we have to choose “Authentication providers” by clicking on the “Authentication providers” link from “Application Security” section. Pick the current Web Application and click on provider right here. Now we able to switch the Authentication Type to the Forms:

After switch to FORM we have to provide a Membership provider name. Set it toAspNetSqlMembershipProvider like I did this:

Of course, by the end click on SAVE button.

So, now we can go back to our home site and if we did all staff correctly we will be able to login by using Form Base Authentication.

Before I finish this article I’d like to show you one more thing.
By default “ASP.net Web Site Administration Tool” works ONLY locally. Here is what I did to allow using “ASP.net Web Site Administration Tool” remotely. Inside C:\Inetpub\ I created a directoryASP.NETWebAdminFiles and copy inside all content of %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles directory. Now, open a file App_Code\WebAdminPage.cs and change line:

return WebConfigurationManager.OpenMappedWebConfiguration(fileMap, path);

to the:

return WebConfigurationManager.OpenMappedWebConfiguration(fileMap, path,”Default Web Site”);


In the same file found the following block:

if (!application.Context.Request.IsLocal) {
SecurityException securityException = new SecurityException((string)HttpContext.GetGlobalResourceObject(”GlobalResources”, “WebAdmin_ConfigurationIsLocalOnly”));
WebAdminPage.SetCurrentException(application.Context, securityException);
application.Server.Transfer(”~/error.aspx”);
}


And remark it.

Now, create a new website that runs on port 8080 and home directory of this site should be C:\Inetpub\TEMP(without any file inside this directory). Under current website, create a new Virtual Directory (ASPADMIN) with a home directory C:\Inetpub\ASP.NETWebAdminFiles. Be sure that you use the same application pool that we use on our SharePoint website. Also, remember to check that ASP.NET version on the properties of this website and Virtual Directory. It should be 2.0.50727. In this case, I really recommend remove Anonymous access on this website.
Now, from remote computer we can use “ASP.net Web Site Administration Tool” by browsing to the following address:

http://192.168.32.10:8080/aspadmin/default.aspx?applicationPhysicalPath=C:\Inetpub\UserManagement\&applicationUrl=/UserManagement

Note: Remember to put IP address or FQDN name of your server.

At this point, I can say “The End”.