none
Problems extending a site for AD authentication (to use with PowerPoint Dashboard Designer)

    Question

  • If anyone can help me resolve this I will be very thankful!!  Thanks in advance.

    I have a claims-based SP 2010 Enterprise web application that has an extended FBA site.  I need to start implementing dashboards, but can't currently use Dashboard Designer - seehttp://technet.microsoft.com/en-us/library/ee748637.aspx:

    Claims-based authentication in SharePoint Server 2010 supports multiple authentication providers on a single web application and is used to pass the users identity between the front-end web servers and the application servers. PerformancePoint Services supports multiple authentication providers only when you use dashboard content through a web browser. Dashboard Designer is not supported when you directly access a URL for any web application that uses multiple authentication providers. In order to use the Dashboard Designer in this configuration, you must extend the web application to configure access to the new URL that is restricted to the Windows authentication provider.

    I tried extending my site and defining an AD authentication provider using http://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspx and http://serverfault.com/questions/130543/how-can-i-figure-out-my-ldap-connection-string.  The login page appears, but when I try to login I get "Server Error in '/' Application."

    ULS log entry:
       04/26/2012 09:37:00.15  w3wp.exe (0x17B4)                        0x2B8C SharePoint Foundation          Claims Authentication          fo1t Monitorable SPSecurityTokenService.Issue() failed: System.ArgumentException: Cannot get Membership Provider with name SPADMembershipProvider. The membership provider for this process was not properly configured. You must configure the membership provider in the .config file for every SharePoint process. 

    Event viewer critical error
    Cannot get Membership Provider with name SPADMembershipProvider. The membership provider for this process was not properly configured. You must configure the membership provider in the .config file for every SharePoint process.

    Event viewer warning
       Event code: 3005
       Event message: An unhandled exception has occurred.
       Event time: 4/26/2012 9:19:15 AM
       Event time (UTC): 4/26/2012 3:19:15 PM
       Event ID: 419fab8bb27b4c85afc0e33fd227978d
       Event sequence: 4
       Event occurrence: 1
       Event detail code: 0
       
       Application information:
           Application domain: /LM/W3SVC/1985932121/ROOT-11-129799271400602646
           Trust level: WSS_Minimal
           Application Virtual Path: /
           Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\SharePoint - Dashboard Designer\
           Machine name: SPservername
        
       Process information:
           Process ID: 12868
           Process name: w3wp.exe
           Account name: domainname\spfarmacct 
        
       Exception information:
           Exception type: FaultException
           Exception message: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.
       
       Request information:
           Request URL: http://sp.company.com/_forms/default.aspx?ReturnUrl=An unhandled exception has occurred.f_layoutsAn unhandled exception has occurred.fAuthenticate.aspx4/26/2012 9:19:15 AMfSource4/26/2012 9:19:15 AMd%252F&Source=%2F
           Request path: /_forms/default.aspx
           User host address: 10.0.2.108
           User: 
           Is authenticated: False
           Authentication Type: 
           Thread account name: domainname\spfarmacct 
        
       Thread information:
           Thread ID: 41
           Thread account name: domainname\spfarmacct 
           Is impersonating: False
           Stack trace:    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
          at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
          at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
          at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
          at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForFormsAuthentication(Uri context, String membershipProviderName, String roleProviderName, String username, String password)
          at Microsoft.SharePoint.IdentityModel.Pages.FormsSignInPage.GetSecurityToken(Login formsSignInControl)
          at Microsoft.SharePoint.IdentityModel.Pages.FormsSignInPage.AuthenticateEventHandler(Object sender, AuthenticateEventArgs formAuthenticateEvent)
          at System.Web.UI.WebControls.Login.AttemptLogin()
          at System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e)
          at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args)
          at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
          at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    web.config - Connection String

    <add name="SPADConnectionString" connectionString="LDAP://DCServerName.company.com/OU=Service Accounts,DC=company,DC=com" />

    web.config - Membership Provider

    <add name="SPADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SPADConnectionString" />


    David


    • Edited by dgunnlds Friday, April 27, 2012 1:38 PM
    Thursday, April 26, 2012 4:03 PM

Answers

  • Rock,

    Thanks for taking the time to respond.  However, as I mentioned in my post, I have tried extending the application and defining an AD authentication provider in order to use classic mode authentication.

    The current status is that I've resolved the errors above (found an error in my config file as a result of a copy/paste error during one of my many attempts at troubleshooting, plus enabled the claims to windows token service).  The current error I'm getting is "An exception occurred when trying to issue security token: The security token username and password could not be validated."  But I think I'll mark this post as an answer and create another post for the current error.


    David

    • Marked as answer by dgunnlds Tuesday, May 01, 2012 1:40 PM
    Tuesday, May 01, 2012 1:39 PM

All replies

  • Hi,

    Based on my knowledge, what you have to do is to extend your application into another zone. Make sure that when you extend it that you use classic mode authentication. Then, use that zone whenever you need to use Dashboard Designer. The claims based authentication should not interfere with the consumption of your Dashboard items.

    Thanks,

    Rock Wang


    Rock Wang TechNet Community Support

    Tuesday, May 01, 2012 7:46 AM
  • Rock,

    Thanks for taking the time to respond.  However, as I mentioned in my post, I have tried extending the application and defining an AD authentication provider in order to use classic mode authentication.

    The current status is that I've resolved the errors above (found an error in my config file as a result of a copy/paste error during one of my many attempts at troubleshooting, plus enabled the claims to windows token service).  The current error I'm getting is "An exception occurred when trying to issue security token: The security token username and password could not be validated."  But I think I'll mark this post as an answer and create another post for the current error.


    David

    • Marked as answer by dgunnlds Tuesday, May 01, 2012 1:40 PM
    Tuesday, May 01, 2012 1:39 PM