MOSS 2007 FBA to Active Directory
- I am trying to configure forms based auth to AD for my external sharepoint site. Here's what I've done.
1. Create web application to host https://extranet.acme.com with "default zone" and use form with either AD/LDAP Membership
Provider so external users login with their internal NT Account or Email (BTW I used SSL 128 bit)2. Extend the above web application to host intranet http://intranet with "Intranet zone"
3. Modify web.config of both Central Administration and extranet
4.Here is partial of web.config file that show connection and membership
//AD Membership Provider<connectionStrings>
<add name="ADConnection" connectionString="LDAP://server1.acme.com/CN=Users,DC=acme,DC=com" />
</connectionStrings><membership defaultProvider="ADProviderService">
<providers>
<add name="ADProviderService" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" connectionUsername="acme\app_account" connectionPassword="abc123"/>
</providers>
</membership>When I try AD Membership Provider and login to the form with either email or nt account, I got the following sign in form error:
"The server could not sign you in. Make sure your user name and password are correct, and then try again."
Then I take a look at the server event viewer, I got the following error
Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1315
Date: 5/1/2008
Time: 12:40:27 AM
User: N/A
Computer: MYSERVER
Description:
Event code: 4006 Event message: Membership credential verification failed. Event time: 5/1/2008 12:40:27 AM Event time (UTC): 5/1/2008 7:40:27 AM Event ID: 5ed5b12b0e7c491fb4962f07827ac9f3 Event sequence: 4 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/918023365/Root-1-128541012094024926 Trust level: WSS_Minimal Application Virtual Path: / Application Path: C:\Inetpub\wwwroot\wss\VirtualDirectories\extranet.acme.com80\ Machine name: MYSERVER Process information: Process ID: 3824 Process name: w3wp.exe Account name: acme\app_account Request information: Request URL: https://extranet.acme.com:443/_layouts/login.aspx?ReturnUrl=Membership credential verification failed.f_layoutsMembership credential verification failed.fAuthenticate.aspx5/1/2008 12:40:27 AMfSource5/1/2008 12:40:27 AMd%252f&Source=Membership credential verification failed.f Request path: /_layouts/login.aspx User host address: 10.247.229.41 User: Is authenticated: False Authentication Type: Thread account name: MYSERVER\IUSR_FLATFILE Name to authenticate: john.doe@acme.com Custom event details:For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
For both provider, I try to look up user in people picker Ex: ADProviderService:jonh.doe@acme.com, but I could not find any of them
I checked membership/connection string syntax many times and could not find anything wrong.
http://www.chrislooney.com MCITP: Enterprise Administrator (Server 2008), MCSE: Security 2003/2000, MCSE: Messaging 2003/2000, MCITP: Exchange 2007, MCTS:SharePoint 2007 (Admin, and Develop), MCTS: SQL 2005, MCDBA, MCAD, MCDST, MCSA, CCNA, CCSP, Security+, OCDBA
All Replies
Hi Chris,
take a look at a blog post i made when i configured SharePoint Forum to use AD membership provider:
http://www.sharepointforum.com/en-US/Blog/archive/2008/07/19/form-based-authentication.aspx
I have 2 more attributes than you have.Also make sure you add a "fba admin" as site collection administrator and also full control to the web application with a Web Application Policy.
Hope this helps!
Cheers,
Daniel Bugday™ Web: © SharePoint Forum Blog: Daniel Bugday's Blog- Thanks for the reply Daniel,
I had tried my membership provider previously with the additional attributes without any luck. Until now I have not been able to add my user account that I specified in the membership provider to the web application policy. I added the user to a be a site collection administrator per your suggestion and at least now I am able to use the people picker and add the user to the web application policy.
However my FBA still does not work. I get event id 1315 from ASP on my front end server everytime authentication fails. Below are some of the details of the error. I have googled and found that others have had this error but have not found anyone offering solutions.
Event code: 4006
Event message: Membership credential verification failed.
Application information:
Application domain: /LM/W3SVC/1035366705/Root-1-128686466414990518
Trust level: WSS_Minimal
Application Virtual Path: /
Application Path: C:\Inetpub\wwwroot\wss\VirtualDirectories\www.XXXXX.com80\
Machine name: Frontend1
Process information:
Process ID: 3772
Process name: w3wp.exe
Account name: DOMAIN\_Serv_MOSSAppPool1
Request information:
Request URL: http://www.sttxspw.com/_layouts/login.aspx?ReturnUrl=Membership credential verification failed.f
Request path: /_layouts/login.aspx
User host address: 64.191.xxx.xxx
User:
Is authenticated: False
Authentication Type:
Thread account name: machinename\IUSR_XXXX
Name to authenticate: user@domain.int
Custom event details:
http://www.chrislooney.com MCITP: Enterprise Administrator (Server 2008), MCSE: Security 2003/2000, MCSE: Messaging 2003/2000, MCITP: Exchange 2007, MCTS:SharePoint 2007 (Admin, and Develop), MCTS: SQL 2005, MCDBA, MCAD, MCDST, MCSA, CCNA, CCSP, Security+, OCDBA - You added the exact same thing to both the web application and the central admin web.config?
Daniel Bugday™ Web: © SharePoint Forum Blog: Daniel Bugday's Blog - Yes sir. I cut/pasted from one web.config to the other.
I've googled that error and get several posts about the applicationName parameter must be set to the same application name in sharepoint. I'm about to try that.
http://www.chrislooney.com MCITP: Enterprise Administrator (Server 2008), MCSE: Security 2003/2000, MCSE: Messaging 2003/2000, MCITP: Exchange 2007, MCTS:SharePoint 2007 (Admin, and Develop), MCTS: SQL 2005, MCDBA, MCAD, MCDST, MCSA, CCNA, CCSP, Security+, OCDBA - Nope that didn't work either
Just as an FYI I do have multiple servers in my farm. A total of 5 (2 DB's, 1 application server, 2 front end servers). I have been updating the web.config file on all servers just to be certain.
http://www.chrislooney.com MCITP: Enterprise Administrator (Server 2008), MCSE: Security 2003/2000, MCSE: Messaging 2003/2000, MCITP: Exchange 2007, MCTS:SharePoint 2007 (Admin, and Develop), MCTS: SQL 2005, MCDBA, MCAD, MCDST, MCSA, CCNA, CCSP, Security+, OCDBA - Hi Chris,
I was wondering if you were ever able to get your FBA to work. Im stuck in the same boat as you and get the same error message in the event log. Any assistance would be much appreciated. Thanks in advance. You need to update the web.config on all web-front end servers.
Also, do an IISReset!Let us know how i goes.
Cheers,
Daniel BugdayWeb: SharePoint Forum Blog: Daniel Bugday's SharePoint Blog
- Did Anyone get a reply with 100% solution for Membership Verification Failed on FBA site in Sharepoint.
I have got the same error under the event log 1315 when i was tried to login with the username and password that i have created.
I have debug the login page code and found that on membership.validateuser method always getting false and so invalid password message fire all the time. why it always false and why its not authenticate the username and password from sql database?
Please someone reply me as i have lost so many hours finding and try out a different solution?
Thanks in Advance
Uday Patel
