Bojko Consult

SharePoint FBA user with secure stored passwords

Symptoms

Your are creating FBA users, assigning them the correct rights in SharePoint. The FBA users just can’t log in. You go on with your obvious checklist:

  • Password: Correct and meets the requirements
  • Username: Correct
  • Rights in SharePoint: Spot on. (Hey you the admin and know what your doing.. right?)

Still no login works.

As it turns out there could be several reasons for this.

First

Check that your FBA-settings are exactly the same in your web.config’s on CentralAdmin SecureToken and the webapp that you use for FBA. This is how the setting should look like if you use SecureStoredPassword and a few relaxed password setting, because basicly the users hate strong passwords settings and this is not a critical WebApp. The password should be stored in encrypted in the database. As a rule I really don’t touch the web.config all that much. It can be pretty risky if you are working on a production enviroment. So go through the IIS settings and make sure that your settings for each site that uses the Forms Based Authentication looks like this: (click on image to see the larger ones)

If you are looking at this in your web.configs, you should end up having something like:

<membership defaultProvider=”i”>

<providers>

<add name=”i”type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />

<add name=”FBA” type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”
applicationName=”/”
connectionStringName=”FBADB”
enablePasswordReset=”true”
enablePasswordRetrieval=”false”
passwordFormat=”Hashed”
requiresQuestionAndAnswer=”false”
requiresUniqueEmail=”false”
minRequiredNonalphanumericCharacters=”0″ 
minRequiredPasswordLength=”5″ 
/>

</providers>

</membership>

NOTE: The two extra properties changes the required password to be 5 characters and no numbers.

Solution

If you want to use StorePasswordInSecureFormat to be true, you have to set enablePasswordretrieval to false.

Second

Check your database. You should open the asp.net user database (I call it FBADB) and have a look inside aspnet_Membership. The PasswordFormat should all read 1. If they don’t something is wrong.

Checklist

  • Don’t use secure storage and password retrieval at the sametime. It just won’t work.
  • check, and check again, that your configuration for FBA is the same for the Central Administration site, the secure token and for the WebApp where you wish to use it, are 100% identical.
  • Check your Password format in the FBA user database.
  • Check machine keys (http://sharepoint.stackexchange.com/questions/11150/sharepoint-2010-updates-the-machine-key-in-web-config)
  • Check web.config (http://www.qualitydata.com/learn/web-config-membership-provider-settings)

Ulrich Bojko

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.