Atlanta .NET Regular Guys

News

Brendon Schwartz - Email Me
Matt Ranlett - Email Me

Brendon Schwartz

MVP Logo
Community Kit for SharePoint
View Brendon Schwartz's profile on LinkedIn

Matt Ranlett

Matt Ranlett MVP Logo

Community Links

INETA Live

Useful Links

SharePoint 2007

ASP.NET 2.0

Atlanta Area Bloggers

BizTalk

SharePoint 2007 WebControls

SharePoint 2007 Development

Add Forms Based Authentication users into your Shared Service Providers User Profiles

When you setup a SharePoint 2007 site with Forms Based Authentication (FBA) you have multiple options of where to store your user profiles.  The two most common places to store the profiles are the User Information List located in each site collection or the User Profile store of a Shared Service Provider (SSP).

Here are the steps to be able to add your forms based authentication users to your Shared Service Provider.  After you complete these steps the Shared Service Provider will look for those users when using the Add User Profile functionality.  The reason you must perform these steps is because the SharePoint Web Applications only look in a single authentication type per Web Application Zone.

  1. Create a web application for your site that uses Windows Based Authentication
  2. Extend the web application to also have a zone for forms based authentication

    Here is a great link for steps 1 and 2: Office SharePoint Server 2007 - Forms Based Authentication (FBA) Walk-through - Part 1 by Dan Attis
  3. Create a Shared Service Provider for that application.
  4. Extend the Shared Service Provider with the same settings as the web application

    NOTE: To do this step just follow the same steps you used above for extending a web application.  The Shared Service Provider is just in a web application.

    aam 

    5. The following mappings were used for the example:
    http://<machinename>:1111 - Windows Based Authentication Shared Service Provider
    http://fbassp.devcow.com - Forms Based Authentication Shared Service Provider

    authenticationproviders
  5. Add a forms based authentication user to the Full Control Policy for that Zone in order to log into the site

    policy
  6. Log into the site and add the forms based authentication users that are required for the site.

    NOTE: Make sure when you log into the site you use the SSP link such as http://fbassp.devcow.com/ssp/admin
  7. Add a user using the right provider name and user name such as

    AspNetMembershipProvider:bschwartz
  8. Once the users are entered in the system they will show up in the people picker on the Windows Based Authentication site.

    userprofiles
Posted: Jan 02 2008, 02:18 PM by Brendon Schwartz | with 2 comment(s)
Filed under:

Comments

gbelzile said:

Hi, great stuff.

I'm trying to use the User Information List to keep my FBA users but I can't manage to allow my users to edit their 'My Settings'.  In display mode I see all the fields but when I click the Edit button, only the Account name shows up.  Any clues?

Thanks

# July 11, 2008 9:55 AM

Brendon Schwartz said:

If you have a shared service provider installed and you have MOSS installed the fields will be marked DisplayInEdit=false.  You can either create your own interface or use the code in www.codeplex.com/cks for the IEE that has a CustomTemplate Control to overright this functionality based on if the user is an FBA user.  

Good luck.

# July 20, 2008 4:06 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)