SharePoint2007 Forms Authentication Management
I think one of the great features added to SharePoint 2007 is the ability to use forms authentication instead of just Windows authentication. Unfortunately I don't think the SharePoint team did a great job of thinking about this feature overall and this was just a nice feature due to the use of ASP.NET. Don't get me wrong, it works well and is easy to set up once you know the steps.
http://blogs.msdn.com/sharepoint/archive/2006/08/16/702010.aspx
Check out the example site http://beta.ineta.org/
So you get the SharePoint site set up, but now the hard part comes. Managing the users! This is not part of SharePoint, so you can use Visual Studio to add users, but I don't have VS2005 on most of my servers so this is not an option. I have heard that IIS7 will have the ASP.NET 2.0 management of membership as part of the Management console, but I can't remote into the server every time I need to manage a user.
To finish setting up your SharePoint site with forms auth management, there is a two step process:
- set up the site to allow users to Register and
- set up a management site to manage the users and roles.
Download code Step 1: http://devcow.com/files/9/sharepoint_forms_auth_management/entry2629.aspx
Step 1: The first step step to getting your forms auth site set up is to add a user to the system. I did this by adding a folder to SharePoint called members (http://beta.ineta.org/members) and put a single web page that has a single CreateUserWizard control. I made this folder a .NET application, but I don't remember if you have to do that or not. I will double check later and take it out if you don't. I just used a standard theme from the Visual Studio UI to make it look better. The biggest change you need to make is the ContinueDestinationPageUrl and set it to your base site. The control is below and how it will look. Note: you do not need a web.config file because the site's web.config should be configured correctly with forms auth, remember this is the SharePoint web application set up for forms auth.
<asp:CreateUserWizard ID="CreateUserWizard1" runat="server" BackColor="#EFF3FB" BorderColor="#B5C7DE"
BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" ContinueDestinationPageUrl="http://beta.ineta.org">
<WizardSteps>
<asp:CreateUserWizardStep runat="server">
</asp:CreateUserWizardStep>
<asp:CompleteWizardStep runat="server">
</asp:CompleteWizardStep>
</WizardSteps>
<SideBarStyle BackColor="#507CD1" Font-Size="0.9em" VerticalAlign="Top" />
<TitleTextStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
<SideBarButtonStyle BackColor="#507CD1" Font-Names="Verdana" ForeColor="White" />
<NavigationButtonStyle BackColor="White" BorderColor="#507CD1" BorderStyle="Solid"
BorderWidth="1px" Font-Names="Verdana" ForeColor="#284E98" />
<HeaderStyle BackColor="#284E98" BorderColor="#EFF3FB" BorderStyle="Solid" BorderWidth="2px"
Font-Bold="True" Font-Size="0.9em" ForeColor="White" HorizontalAlign="Center" />
<CreateUserButtonStyle BackColor="White" BorderColor="#507CD1" BorderStyle="Solid"
BorderWidth="1px" Font-Names="Verdana" ForeColor="#284E98" />
<ContinueButtonStyle BackColor="White" BorderColor="#507CD1" BorderStyle="Solid"
BorderWidth="1px" Font-Names="Verdana" ForeColor="#284E98" />
<StepStyle Font-Size="0.8em" />
</asp:CreateUserWizard>
Now that you have the create user set up, you can add a user and then add that user to the policy settings for the site. You need to add a way for your users to know how to create their own users which I did by modifying the default.master page to have a link to that page. You could add this link anywhere on your site though.
Download code Step 2: http://devcow.com/files/9/sharepoint_forms_auth_management/entry2631.aspx
Step 2: The users will want to change their password eventually so I have created a page that I uploaded to a document library that allows users to change their own password. Then I added a tab to the top navigation bar to allow the users to get to the page.
Download code Step 3: http://devcow.com/files/9/sharepoint_forms_auth_management/entry2630.aspx
Step 3: To allow me (and you) to manage the users from a remote machine I created a few management pages that I am going to upload to DevCow. Just put them in a local folder in the secured intranet site and make the folder a .NET web site. These pages do not handle errors very well yet, but they will give you the ability to have a start.
The pages that have been created are
- Add a new user, also links to Manage Roles and Manage All Users (default.aspx)
- Add/View/Delete/Manage ASP.NET roles (role_view.aspx)
- Add users to roles, display users in roles, remove users from roles (role_manage.aspx)
- View all users, delete users (ShowAllUsers.aspx)
Now you have all the tools you need to get going with the forms authentication on Windows SharePoint Server 2007. I have been helping Dan on this problem lately and he ran into a problem on Office SharePoint Server 2007 that the user profile doesn't import the users. You can use the BDC to import the users into the user profile and Dan is going to have a write up on this hopefully.