none
SharePoint 2010 web application FBA using LDAP

    Question

  • Hi Guys,

    First time i'm working on LDAP configuration in one of my projects, to let you know i'm very much familliar with ASp.net FBA membership provider.

    I have followed following steps on my web application to enable LDAP FBA.

    1. Created SharePoint 2010 web application (enabled anonymous access)

    2. Created Share Point 2010 Publishing site collection under created web application (with default settings,  except enabling anonymous access)

    3. Updated Web Application, Central Administration and STS web.config files with LDAP membership provider details

    <add name="membership"
                   type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                   server="localhost"
                   port="5001"
                  useSSL="false"
                  userDNAttribute="distinguishedName"
                   userNameAttribute="cn"
                  userContainer="CN=Users,CN=corp,DC=development,DC=com"
                   userObjectClass="person"
                   userFilter="(ObjectClass=person)"
                   scope="Subtree"
                   otherRequiredUserAttributes="sn,givenname,cn" />

    <add name="roleManager"
                 type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                server="localhost"
                 port="5001"
                 useSSL="false"
                 groupContainer="CN=Roles,CN=corp,DC=development,DC=com"
                 groupNameAttribute="cn"
                 groupNameAlternateSearchAttribute="cn"
                 groupMemberAttribute="member"
                 userNameAttribute="cn"
                 dnAttribute="distinguishedName"
                groupFilter="(ObjectClass=group)"
                 userFilter="(ObjectClass=person)"
                scope="Subtree" />

    Updated Web application with FBA configuration details (now web application is enabled with Windows and LDAP FBA)

    4. Used custom login page to authenticate user crendentials and under login button wrote following code.

    protected void ibtnLogin_Click(object sender, ImageClickEventArgs e)
            {
                SecurityToken securityToken = GetSecurityToken(txtUserName.Text, txtPassword.Text);

                SPFormsAuthenticationProvider authProvider = IisSettings.FormsClaimsAuthenticationProvider;

                MembershipProvider membershipProvider = System.Web.Security.Membership.Providers[authProvider.MembershipProvider];

                MembershipUser memUser = membershipProvider.GetUser(txtUserName.Text, true);
            }

            private static SPIisSettings IisSettings
            {
                get
                {
                    SPSite spSite = SPContext.Current.Site;

                    SPWebApplication webApp = spSite.WebApplication;

                    SPIisSettings settings = webApp.IisSettings[spSite.Zone];

                    return settings;
                }
            }

            public static SecurityToken GetSecurityToken(string username, string password)
            {
                SPSite spSite = SPContext.Current.Site;

                Uri appliesTo = new Uri(spSite.Url);

                if (string.IsNullOrEmpty(username) ||
                    string.IsNullOrEmpty(password))
                    return null;

                SPIisSettings iisSettings = IisSettings;
                SPFormsAuthenticationProvider authProvider = iisSettings.FormsClaimsAuthenticationProvider;
                SecurityToken token = null;

                if (authProvider != null)
                {
                    token = SPSecurityContext.SecurityTokenForFormsAuthentication(
                        appliesTo,
                        authProvider.MembershipProvider,
                        authProvider.RoleProvider,
                        username,
                        password);
                }
               
                return token;
            }

    When i pass (corp\administrator and password or administrator and password) as user credential SPSecurityContext.SecurityTokenForFormsAuthentication returned null and  membershipProvider.GetUser(txtUserName.Text, true); returned following error, please let me know what is issue.

    error message:

    Unexpected exception occurred, please contact administrator to resolve this issue.

    1. My requirement is i want to authenticate user using windows credentials

    2. After authentication i would like to retrieve windows user properties including SID so i can maintain users uniquily in a common data, i'm storing user details in a custom database for custom roles and based on roles dynamic menu and functionalities will be different.

    Let me know if there is an alternate way to achieve my requirement in a best possible way.

    Thanks a lot.

    -

    P

    Monday, February 20, 2012 4:31 PM

All replies

  • Hi,

    I am confused about why you create FBA authentication and create the custom login page with so many things.

    From your description, i can get that your requirements is to use windows authentication and to create custom roles for authenticated users to authorize them based on these new roles.

    If i am right. i think you just need to create new permission levels and sharepoint groups and use them to authorize windows users together. also if the permission level definition can not meet your need, you can also use ribbons customization to improve the flexibilities.

    http://technet.microsoft.com/en-us/library/cc721640.aspx

    http://technet.microsoft.com/en-us/library/cc262690.aspx

    http://msdn.microsoft.com/en-us/library/gg552606.aspx

    Regards,

    Seven

    Friday, February 24, 2012 8:03 AM
  • Hi Seven,

    We are using a custom login form to authenticate Ldap users configured using Ldap membership provider, hope your confusion cleared now.

    Coming to roles, we are having custom menu control and different roles (not sharepoint roles, we are using custom database for roles) to render the menu items. To make it clear for you we dont want to use SharePoint Roles.

    Hope now you are clear about the requirement.

    -

    P

    Friday, February 24, 2012 8:23 AM