Wednesday, January 20, 2010

Configure Form Based Authentication in SharePoint Server 2010.

Form Based Authentication is used by all of companies who have deployed SharePoint site over the internet or they have the SharePoint sites published. Form Based Authentication is a feature provided by ASP.NET 2.0. As the name tells that it gives you a form for authentication when you try to access the SharePoint site (similar to a pop-up box that you get when you access the SharePoint site using the Windows authentication).In SharePoint the authentication happens in the IIS and the authorization happens in SharePoint depending on the permission given to ths user.The Form Based Authentication is widely used when the people accessing your site are not the part of your Active Directory (AD) or basically not the part of your domain and at the same time you have a requirement telling that you would like these people (who are not the part of AD), when they try to access the site they would be authenticated. The only way possible is by storing the user credentials in a repository ( other than AD ) and telling SharePoint to use that repository as the authentication provider. In MOSS 2007 we could store the user credentials in AD , ADAM (Active Directory Application Mode) and in SQL Server. For SharePoint to use the Form Based Authentication (FBA) we have to do some amount of custom coding. So if you are familiar with the configuration of FBA in MOSS 2007 this post should not be very difficult to follow. Next I would discuss the steps that took to achieve the FBA in SharePoint Server 2010 using SQL Server to store the users.
  • To start configuration form based authentication create a new web application and choose the Authentication as Claim Based Authentication. 
  • Choose the new IIS Site and mention suitable port number or mention the host header. If the host header is specified then remember to add  A-record in the DNS.
  • In the security configuration section choose NO for allow anonymous access and for the use of SSL.
  • In the Claims authentication types tick the "Enable Windows Authentication" and under that choose NTLM in the Integrated windows Authentication.
  • Next check the "Enable Form Based Authentication" and under that mention the name for ASP.NET membership provider name and the ASP.NET role manager name. I gave sqlmember and sqlrole respectively.
  •  Leave the other options to the default and Click OK and create the new web application.
  • Also create a site collection using a suitable template.
Now we need to create a database in SQL Server in which we would be storing the users credentials. For that you need to go to C:\windows\Microsoft.Net\Framework\v2.0.50727 and there look for a exe called aspnet_regsql. Double click on the exe and a wizard will pop up. Click next on the first and second screen of the wizard. In the third screen enter the SQL Server name and leave the database name to default.Click next and then you would have created a database that you talk to a ASP.NET Application.The created database name would be aspnetdb. Now we need to create the users in the SQL Server. You can either write a application or code that helps you do this or use a tool (like I do) and create the users easily. The tool that I use is called Membership Seeder . This tool is available at http://www.codeplex.com/ . You will find many other similar tools in this web site. Any tools used from codeplex site in production is not supported by Microsoft. This tool is basically used to create dummy users in the aspnetdb. I will not cover how to use the tool as the instructions are given in the site where you download this tool. By the way this tool is FREE. Once the users are created then we need to deal with the coding aspect of the configuration.We need to make chances in three web.config file and they are:
  1. The newly created Web Application.
  2. The Central Administration Web Application.
  3. The Security Token Service Application.
So lets start of with the central administration web.config file, which can be found in C:\inetpub\wwwroot\wss\VirtualDirectory and here double click on the folde with an usual number. In my case the folder name was 23018. All other virtual directory except central administration virtual directory would have the servername and the port number or the host header name and the port number. After opening the CA folder, create a new folder and take the copy of the web.config file and save it inside the new folder. This step is very important as you are taking the backup of the web.config file which is the most important file for the web application. Once you have backup copy of it then open the web.config, which is a XML file. It is preferable to open in Visual Studio as it easy to edit in it. If you dont have VS then it can be opened in notepad as well. Inside this webconfig file search for the "system.web" tag .Once you find it you need to add the CODE1 above the tag "system.web" and CODE2 below the tag "system.web".

CODE1

CODE2
One you have done the above, save the file and close it. So the CA web.config file is done. Next lets go to the STS (Security Token Service ) service application web.config file. The easy way to get to the STS web.config file is open IIS Manager. Expand the sites section and then expand the SharePoint Web Services section. There you would find the SecurityTokenServiceApplication, click on it and open the content view (content view option is avalable in the middle section at the bottom of the IIS Manager). Next click on explore option from the Actions Sections (the rightmost section). Or just follow this path : C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken. This will lead you to the web.config file of the STS service application. Again do not forget to take the backup of this file before making any chances to it. Then open the web.config file. In the STS web.config file you will not find the tag "system.web". Hence we need to opening the closing tages of the "system.web". (Refer the snapshot) .So we need to add the CODE1 above the "system.web" and the CODE 2 just below "system.web". So the entire set of code would look like the following:


I pasted the entire above code under the closure of the tag "system.net" in the STS web.config file. Now the last place where we need to do the coding is the web.config file of the newly created web application. But making modification in this web.config file is slightly different as we would already have the tags for and . Hence we need to be a bit more careful here. So open the virtual directory of the newly created web.config file by navigating to C:\inetpub\wwwroot\wss\Virtual Directory\ .Once opened take the backup of the web.config file by creating a new folder and pasting a copy of the web.config file in it. Open the web.config file and search for the membership tag defined. You will see that we already have the membership and the rolemanager  providers in the web.config file. We just need to add our membership and roleprovider entries. In the below snapshot I have highlighted the code snipnet that you need to add in the web.config of the newly created web application. Also notice that the rolemanager provider and then the membership provider.


We also need to add the CODE1 as well. Remember that you add above the and this SHOULD be above the and provider that you just added. The best way is to find the first occurance of the "system.web" in the web.config and add the CODE1 just above it.

Once the above things are done then the hardest part is finished. Now we need to the CA site,click on the Manager web application, choose the newly created web application and then click on User Policy. You would get a pop-up box. Click on Add Users and then choose the zone ( in our case it is the default zone) and then add users. These users are the one that you created using the Membership Seeder tool are are available in SQL Server aspnetdb database. If the user name gets resolved then the code is working fine. Next type the URL of the newly created web application and you would get a new form where in the drop down you would have two options. 1. Windows Authentication and 2.Form based Authetication. Choose Form Based Authentication and you would be given another form to add the username and the password. Put the username of the user present in the aspnetdb and the associated password. Then you would be able to login in and hence you have successfull configured form based authentication.

Hurry!!!..Finally Done!!....

Tuesday, January 19, 2010

Content Type Publishing in SharePoint Server 2010

This particular post has to do with the improvements in the concept of Content Types in SharePoint Server 2010.

So before going into the improvements of content types, lets first discuss what are content types and the limitations of it in MOSS 2007. Content Types are used when you would like a document library to give you the option to create an excel sheet, a word document , a powerpoint presentation etc when you click on the new option. Content types enable you to store multiple different types of content in the same document library or list. For example : You have created a single document library for your sales and marketing team .The sales team have their own word template and the marketing team have their own word document but you want them to use the same document library and both the team should get the option of creating their own document depending on the template suitable for their needs. For more information on content types, please refer the following two links:
(In this post I will not discuss how do you create the content types and explain the scenario's with regards to MOSS 2007)

Now lets talk about the limitation. In MOSS 2007 the content types were limited to the site collection level. That means, if we create the content type and would like to use it in another site collection it was not possible out of the box. We would have to do extensive customization to achieve it. But in SharePoint Server 2010 there limitation has been addressed and now we can publish the content types in one site collection and use them in another site collection. So now lets directly go ahead and see how we can do the publishing of the content types:
  • Create a site collection. For example I created a site collection called http://roshan-pc which is running on port 80.
  • Next we need to enable one of the site collection feature called the "Content Type Syndication Hub".
  • Once enabled you need to go to the CA (Central Administration ) site and click on manage service application which is under the Application Management section.
  • In SharePoint Server 2010, the content types are part of the Managed Metadata Service.Hence click on the managed metadata service in the service application page. Remember not to click on the name "Managed Metadata Service " as its a hyper link and it will take you to the Term Store Management page. Just click beside the name and then click on the properties tab present in the same page ( in the ribbon).
  • Once you clicked, you would get the pop up box.Scroll down to the end and there would be asked for the site collection URL which would be the content type hub. I typed http://roshan-pc and also it is recommended that you choose the option that tells "Report syndication import errors from Site Collections using this service application."
  • Then you will be directed back to the Service application page and now you need to select the Managed Metadata Service Proxy/Connection which is just the metadata service. Again do not click on the name. Click on the proxy and click on properties (available in the same page in the ribbon).
  • You would be given a pop-up box where you need to check mark the third option which tells "Consumes content types from the Content Type Gallery at http://roshan-pc " (in my scenario).
  • Then the publishing of the content type has to be done by going back to the site collection http://roshan-pc and there create a content type. I created a new content type called PRODUCT with the site columns as Product Name and Product ID.
  • Once done with you get to see an option in the same content type page called " Manage publishing for this content type" (Under settings the last option)


  • Click on that and you would be prompted to publish the content type. Click OK.
  • Next create another site collection which can consume the published content type (In my case I created a site collection called http://roshan-pc:81/ 
  • Next need to start two timerjobs which are responsible for the publishing of the content types for which you need to go to the CA site and click on Monitoring.
  • There you will find a link for Review Job defination.Click it.
  • Now you need to start two timerjobs. First one called "Content Tyep Hub", just click on this timerjob and Click Run Now.
  • Next you need to choose the second timer job called " Content Type Subscriber". Notice that if you have created two web application that you will two timerjob of the same type. Choose the one where you would be consuming the published content type. That is http://roshan-pc:81
  • Now go to http://roshan-pc:81/ and then to the site content type you will find the content type present there that was published fron the site collection http://roshan-pc/
One very important point to remember here is that if you use two different which are in two different web application then those two web application should be associated with the same Managed Metadata Service.

More on content types in the same post very soon.....

Monday, January 18, 2010

Installing SharePoint Server 2010 on Windows 7

I am back with another post.

This post is regarding the steps that you need to consider if you want to install SharePoint Server 2010 on Windows 7. Yes, SharePoint can now be installed on windows 7 and on windows vista as well. This provision is given for developers only who can test and build application or tools on top of SharePoint Server 2010. SharePoint Server 2010 running on any client OS is not supported in production.
The product team came up with this idea because with MOSS 2007 we got not install the product any client O.S and the developer who did not need a server OS for their developement, had to install Windows server 2003 or Windows Server 2008 and then work with MOSS 2007.

So now lets see how we can install Windows 7:
  • First decide the OS on which you would like to install SharePoint Server 2010. This blog is for installing SharePoint Server 2010 on windows 7 (64 bit).
  • Put the media and open the setup file location.
  • Open the location  "C:\SharePointFiles\files\Setup\config.xml".
  • Add the following xml code : "Setting Id="AllowWindowsClientInstall" Value="True"  (at a look at the snapshot)
  • After adding the xml will look like the following. The snapshot is related to SharePoint Server 2010 and not SharePoint Foundation 2010 (the new name for WSS 4.0). The above code is case sensitive and hence maintain the same case.

  •  Next step is the longest and the most important one. While you are installing SharePoint Server 2010 you will not be able to run the Pre-Requisite Installer as it will only run on Windows Server 2008 with SP2 and Windows Server 2008 R2. So you need to download and install all the prequiste manually. To make it easy to find all the pre-requiuste at a single place please follow this link .  You will find all the pre-requistes here.
  • Once the pre-requistes are done then you need to make your IIS ready on Windows 7. For that we have given a script that you can find in this location . Or the way I did was to enable the IIS first from command line and send enable the features manually. Below is the screen shot of the features that I enabled manually.








  • Once this is done click on the setup.exe which you find in "C:\SharePointFiles\Setup.exe".
  • You can choose Standalone or Advanced Option ( to choose complete) depending on how much resources you can give for SharePoint. I choosed Standalone for two reasons. 1. I did not have a full-blow SQL Server 2. My laptop on which I am installing has only 4GB RAM.
  • Its left to you on what you want to choose.
  • Once done with the first phase of installation, then you need to install the SQL Server 2008 KB 970315 x64 . Its the Cummalative Update 2 for SQL Server 2008 SP1.
  • Then complete the configuration wizard and yes you are done.
Enjoy Sharing on Windows 7.