none
Claims based auth strange issue

    Question

  • We have enabled windows and forms auth in our web application.

    Now from the site when we go to site settings / site collection administrators I see the following strange behaviour

    1.  Only forms users are coming when searched

    2. Certain users have additional space say i:0#(space)name starts here. This user is able to login to site but on click of MyProfile it fails. Reason in MyProfile sute url %20 is there. if you remove this it works.

    For this user when I search I get forms /  windows plus additionally 1 entry from where I see the space in the name.

    3. In the Central Admin I am able to get both forms and AD.

    This is a claims based authentication. FBA with AD [ LDAP Conn string ]

    Thanks

    vijay

    Saturday, April 14, 2012 3:24 PM

All replies

  • Guys I think I have not put my reqt correctly.

    first I would like to know why windows auth entries are not coming in people picker dialog box. The site is enabled with both windows and forms [ AD ].

    Thanks

    Vj

    Sunday, April 15, 2012 2:39 PM
  • Hi,

    Please make sure make sure the zone for the web application have enabled  Windows authentication and FBA authentication.

    In order for a user of one authentication type to see another users, both authentication types would need to be enabled on that instance of the web application.

    Users of one authentication type cannot communicate with another cross-web application.

    For the display name i:0#, you can refer to:http://sharepointx-men.com/2010/11/17/user-display-name-shows-i0-f-using-ldap-membership-provider-for-fba-gives-you-no-fix-from-ms-support/


    Xue-mei Chang

    TechNet Community Support

    Tuesday, April 17, 2012 9:09 AM
  • Hi,

    We have enabled both Forms and Windows authentication for the web app instance. Say search is working fine so windows is required and it is working fine.

    Thanks

    Vj

    Tuesday, April 24, 2012 10:27 AM
  • Hi,

    For this question "windows auth entries are not coming in people picker dialog box" ---->  you can try changing application pool admin for central admin to network service and then do IISRESET.


    Thanks.... ________________ Baba (MCTS, MCPD)

    Tuesday, April 24, 2012 12:41 PM
  • Check your webconfig for your website and make sure you have a couple of things configured: PeoplePickerWildcards, Membership Providers.  The people picker wildcards is where you see the results in the search boxes for users.  Keep AspNetSqlMembershipProvider, and then add your custom membership provider and custom roles provider if you have them.

        <PeoplePickerWildcards>
          <clear />
          <add key="AspNetSqlMembershipProvider" value="%" />
          <add key="CustomMembershipProvider" value="%" />
          <add key="CustomRolesProvider" value="%" />
        </PeoplePickerWildcards>
    ------and--------
     <membership defaultProvider="i">
          <providers>
            <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
            <add name="CustomMembershipProvider" connectionStringName="SQLProvider" applicationName="/" type="Custom.AspNet.Membership.CustomMembershipProvider, CustomMemberShipProvider, Version=1.0.0.0,  Culture=neutral, PublicKeyToken=c5ae7c5e0dc4c5fa" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
          </providers>
        </membership>
        <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
          <providers>
            <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
            <add name="CustomRolesProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="SQLProvider" />
          </providers>
        </roleManager>
      </system.web>

    Make sure "i" and "c" are default providers.  Also, remember the IISReset after changing config files.

    -Nici


    • Edited by KonaCoffee Tuesday, April 24, 2012 1:41 PM
    Tuesday, April 24, 2012 1:40 PM
  •  <PeoplePickerWildcards>
          <clear />
          <add key="AspNetSqlMembershipProvider" value="%" />
          <add key="LdapRole" value="*" />
          <add key="AD" value="*" />
        </PeoplePickerWildcards>

     <membership defaultProvider="i">
          <providers>
            <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
            <add name="AD" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="qqqq-abc01" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="DC=aagroup,DC=redicons,DC=local" userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
          </providers>
        </membership>
        <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
          <providers>
            <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
            <add name="LdapRole" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="qqqq-abc01" port="389" useSSL="false" groupContainer="DC=aagroup,DC=redicons,DC=local" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" />
          </providers>
        </roleManager>

    Only difference I see is in ppl picker I have * where in you have % ?

    Thanks

    Vj

    Tuesday, April 24, 2012 5:01 PM