Monday, April 09, 2012 6:08 PM
FOrwarding an unanswered post from a co-worker:
I have implimented FBA Claims Authentication for a soon to be internet-facing site using :
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=126.96.36.199, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="ADMembers" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="adconn" enableSearchMethods="true" attributeMapUsername="sAMAccountName" />
I was happy to get the signon working.
Logons with an expired account or password are still issued a valid token for the site.
Disabled or locked accounts are correctly rejected.
Normal sequence of events for a new ID is to set it up with a password the user must change at first logon.
The Sign On control evidently verifies a valid password and issues a token without checking for expiration of the account or password.
Note: I am researching a custom membership provider because ActiveDirectoryMembershipProvider does not supply required information to the People Picker - (the signon ID is all I have to work with at present)
The mechanism of changing the password is yet another area under research&development.
Any tips in these latter points are appreciated as well. But Authentication really needs to validate the credentials correctly including expiration.
Wednesday, April 11, 2012 7:17 AM
From your narration, it looks like you are using LDAP provider. Based on my research, you can use the following filter to screen out disabled user.
For more information about configuring LDAP provider, check out the following article:
Rock Wang TechNet Community Support
Wednesday, April 11, 2012 3:53 PM
Actually I am using System.Web.Security.ActiveDirectoryMembershipProvider, as stated above in the title and body of the post.
The LDAP provider is not available for SharePoint Foundation and does not work.
Parser Error Message: Could not load type
'Microsoft.Office.Server.Security.LdapMembershipProvider' from assembly
'Microsoft.Office.Server, Version=184.108.40.206, Culture=neutral,
SharePoint Foundation does not supply Microsoft.Office.Server.UserProfiles (in Microsoft.Office.Server.UserProfiles.dll) which contains this namespace,
I spent a couple days trying to follow the article refernced in your reply before discovering this
- Edited by nfts Wednesday, April 11, 2012 6:25 PM