Atlanta .NET Regular Guys

Community Blog for two guys in Atlanta that focus on Microsoft and Community.

Quick About

This is the community blog for Brendon Schwartz and Matt Ranlett.  If you want to see their technical posts visit http://www.sharepointguys.com

Back To DevCow

Recent Posts

Tags

Email Notifications

    Archives

    Add Forms Based Authentication users into your Shared Service Providers User Profiles

    When you setup a SharePoint 2007 site with Forms Based Authentication (FBA) you have multiple options of where to store your user profiles.  The two most common places to store the profiles are the User Information List located in each site collection or the User Profile store of a Shared Service Provider (SSP).

    Here are the steps to be able to add your forms based authentication users to your Shared Service Provider.  After you complete these steps the Shared Service Provider will look for those users when using the Add User Profile functionality.  The reason you must perform these steps is because the SharePoint Web Applications only look in a single authentication type per Web Application Zone.

    1. Create a web application for your site that uses Windows Based Authentication
    2. Extend the web application to also have a zone for forms based authentication

      Here is a great link for steps 1 and 2: Office SharePoint Server 2007 - Forms Based Authentication (FBA) Walk-through - Part 1 by Dan Attis
    3. Create a Shared Service Provider for that application.
    4. Extend the Shared Service Provider with the same settings as the web application

      NOTE: To do this step just follow the same steps you used above for extending a web application.  The Shared Service Provider is just in a web application.

      aam 

      5. The following mappings were used for the example:
      http://<machinename>:1111 - Windows Based Authentication Shared Service Provider
      http://fbassp.devcow.com - Forms Based Authentication Shared Service Provider

      authenticationproviders
    5. Add a forms based authentication user to the Full Control Policy for that Zone in order to log into the site

      policy
    6. Log into the site and add the forms based authentication users that are required for the site.

      NOTE: Make sure when you log into the site you use the SSP link such as http://fbassp.devcow.com/ssp/admin
    7. Add a user using the right provider name and user name such as

      AspNetMembershipProvider:bschwartz
    8. Once the users are entered in the system they will show up in the people picker on the Windows Based Authentication site.

      userprofiles
    Posted: 01-02-2008 2:18 PM by Brendon Schwartz | with 3 comment(s)
    Filed under:

    Comments

    gbelzile said:

    Hi, great stuff.

    I'm trying to use the User Information List to keep my FBA users but I can't manage to allow my users to edit their 'My Settings'.  In display mode I see all the fields but when I click the Edit button, only the Account name shows up.  Any clues?

    Thanks

    # July 11, 2008 9:55 AM

    Brendon Schwartz said:

    If you have a shared service provider installed and you have MOSS installed the fields will be marked DisplayInEdit=false.  You can either create your own interface or use the code in www.codeplex.com/cks for the IEE that has a CustomTemplate Control to overright this functionality based on if the user is an FBA user.  

    Good luck.

    # July 20, 2008 4:06 PM

    Andrew said:

    I have set up the aspnetdb to contain all fba users; I would like to manage the profiles in the sharedservices provider.  I even created a seperate SSP for the occasion. The FBA site is web extension set up for FBA (extranet); the SSP site is also a web extension setup for FBA (extranet) with the role providers and managers setup properly. I have updated all the web. config files to contain the connection string and the role manager and providers. This includes the CA site and both the FBA and SSP sites. The only differance is the role manager in CA is AspNetWindowsTokenRoleProvider.

    I followed the posting to the letter... any q let me know...

    I can add users to groups in the site but when I try to access the profilemanager to get the users profile I get "Object is not set to instance of the object".  It is starting to drive me nutty. Any Ideas?

    # September 23, 2008 11:42 AM