Configuring Forms Based Authentication for SharePoint 2010 using IIS7
Following on from my article on configuring FBA for SharePoint 2007, writing one for SharePoint 2010 seemed necessary.
There are not a lot of differences with configuring FBA for SharePoint 2010 compared to 2007, but there are a few. For instance, SharePoint 2010 no longer supports “classic FBA”, rather forms based authentication is provided through Claims Authentication. There is also the introduction of the Secure Store Service which is the next-gen of the Single Sign On service of old.
Both of these come into play when configuring Forms Based Authentication.
Mission
Configure an extranet web application for Claims based authentication using AD and Forms. Store membership credentials in a SQL database. Manage members through IIS Manager.
Game Plan
1. Configure SQL for membership store
- Create database
- Create SQL User
- Add SQL user to database
2. Configure Central Admin to use SQL membership store
3. Configure Secure Store Web Service to use SQL membership store
4. Create new Web Application for extranet site
5. Configure Extranet site to use SQL membership store
So let’s begin…
1. Configure SQL for membership store
The process of creating the store is exactly the same as what we did for 2007, so I’ll just copy and paste that thank you!
The membership store is still created using the ASP.NET SQL Server Setup Wizard. This is launched from the .NET 2.0 Framework folder on the server at:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
This wizard will take you thorough the steps and will build out the SQL database for you.
Once you select to Configure SQL Server for application services, you will be prompted for the SQL Server name and database name. You can choose an existing database to add the membership elements to, or you can type in a new name and the database will be created for you.
Once the database is created, we’re going to create and add a SQL user, rather than use integrated authentication. If your SQL instance is not already running in mixed-mode, you can change it through Server properties in SQL Server Management Studio. Right-click on Server in Object Explorer and select Properties, then navigate to the Security page.
Create SQL user
Back in object Explorer, expand Security –> Logins. Right-click logins and select “New Login…” On the New Login page, enter a username, password on the general page, clear all three password options for policy, expiration, and enforce change. Hit Ok and we have our SQL user.
Add SQL user to membership database
Now, navigate to the database we created for our membership earlier (ConlosoDevFBA), and expand to Security-> Users. Right-click on Users and select New User….
Enter the name, select Login name, and give this fella the role “db_owner”.
To recap:
We created a database called ConlosoDevFBA.
We created a SQL user called FormsAuthUser
We added FormsAuthUser to ASPNetFormsAuth database and gave them the db_owner role.
We’re done with SQL.
2. Configure Central Admin Web Site to use SQL Membership Provider
SharePoint web sites out of the box are configured to use Active Directory. So you may be wondering why we’re configuring Central Admin to use FBA when we don’t really want to login in as an FBA user. Well, we actually don’t want to configure it to to login as a forms user, but we do need to be able to add users from out membership database when configuring site collection admins, and the like.
So all we want to do is tell the Central Admin web application to use our SQL membership provider as well as AD, so when you use the people picker to select users, it will provide results from our membership database.
Open IIS Manager on the WFE server (if more than one, then this needs to be done on every FWE that has Central Admin. The same goes for the proceeding steps for the other web applications).
Select the SharePoint Central Administration v4 site. On the Home Page, you’ll see many options for ASP.NET and IIS. The ones we’re concerned with are
Open the Connection Strings Page. Under Actions menu on the right, select Add… to create a new connection string. Provide the details for the membership database for the new connection string.
Add Role Provider
Go back to the Web Application page and open up Providers page. Here we will create a provider for Roles and Users. Set feature to .NET Roles and click Add… in the Actions pane to add a new role provider. I called it FBARoleProvider and selected the right type and connection string.
Ensure you provide an ApplicationName so the provider knows what uses to authenticate. For a good explanation on why you need this, see Scott Guthrie’s blog.
Add Membership Provider
Now set feature to .NET Users and click Add… from the actions pane to add a membership provider.
Select the correct type and connection string, and whatever behaviors you choose.
That’s it for the providers for Central Admin.
To verify that all looks ok, we can check the web.config of the web application. To get to the right web.config, right-click on the web application under sites, and select Explore.
In the web.config, you’ll see sections for the connection string and the providers. The <roleManager> and <membership> sections should look like:
You should also see a <connectionStrings> section close to the bottom of the web.config file.
3. Configure Secure Store Web Service to use SQL Membership Provider
Everything we did for Central Admin site, we are going to do for the SecurityTokenServiceAppliaation which is in the SharePoint Web Services application.
Without redo’ing all the steps:
- Create the connection string
- Add the .NET role provider
- Add the .NET users provider
- Verify connection by editing config.xml.
4. Create Extranet Web Application
Ok, finally we are ready to create our web application (called SharePoint – FBA) that will use FBA authentication.
In Central Admin, Select the Application Management page, and select Manage web applications. Select New from the ribbon to create a new web application.
Select Claims Based Mode Authentication as Authentication Type. Select values for all the other options until you get to the “Enable Forms Based Authentication”.
Add the values we created earlier in the section “Enable Forms Based Authentication” for role and membership provider.
Once the application is created, we should create a site collection.
Create Site Collection
Go to the Create Site Collection page from the Manage Applications section in Central Admin. Select the team (or blank, or whichever you choose) template then select the site collection administrator. At this point, we should be able to select from our SQL membership users. Enter a user you know exists in the membership database and see if you can resolve the names.
I have a user with the same name in both AD and SQL, so I know I am hitting both.
At this point we have told SharePoint what role providers to use for the web app, but we still need to configure the web app through IIS manager to bind the providers.
Configure Membership Providers for Web App through IIS
In IIS Manager, browse to the new site SharePoint – FBA. For our new FBA site we need to do the following:
- Add connection string
- Add Providers for members and roles
- Configure .NET Roles
- Configure .NET Users
- Set Authentication to Forms and Integrated
- Add User as Site Collection Admin
1. Add Connection String
Same as we have done before.
2. Add role and user providers
Again, same as what we did before. Open Providers page and add an entry for our role and user providers.
3. Configure .NET Roles
This and the next steps are not required for the other two web applications we configured (Central Admin and SSS).
Open the .NET Roles page for our web application. You will receive a warning that the default role provider is not trusted. WE just need to set our default role provider to FBARoleProvider.
We do not have any roles in our database at this point, so let’s create two (StandardUser, SuperUser) by clicking Add… in the actions pane.
4. Configure .NET Users
Now we need to do the same for .NET Users. Open the .NET Users page. You will get a similar warning saying the default is not trusted. Set the default provider to FBAMembershipProvider. If you had members in the database, you would now see them listed. Assuming you don’t let’s add some. Click Add… from the Actions pane to add users, and assign them roles.
5. Set Authentication
SharePoint should have done this when you created the web application, but let’s confirm. From the web application home page in IIS Manager, select Authentication under the IIS section. Confirm that the web application has both Integrated and Forms enabled.
6. Add User as Site Collection Admin
Now that we have everything hopefully configured correctly, we can go back to SharePoint Central Admin and add our new user as the Site Collection Administrator. From Central Admin Application Management page, click Change site collection administrators. Select SharePoint – FBA root site collection, and add our new user.
Now lets test all this business by trying to login. Browse to your site and select to login as a forms user.
What the…?! I am authenticated ok, but am not allowed in, even though I’m a site collection admin?!
Caveat
Here’s the caveat – In order for you to use IIS Manager to manage your SQL users, you need to set the default provider to our Forms provider, i.e. FBAMembershipProvider. In order for it to work we need to set it to the SharePoint claims provider. Go back to .NET Users and reset the default provider to “i” which is for the Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider
You should also check the default Role Provider for the web application and ensure that is set to “c”. If this is set to the SQL provider that you created, you will get an unexpected error after you logon.
Now let’s try to login again…
Success!!
To verify all of the above: here are the three web.config files in play:
Central Admin Web.config
<roleManager>
<providers>
<add name="FBARoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBADB" />
</providers>
</roleManager>
<membership>
<providers>
<add name="FBAMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBADB" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
</providers>
</membership>
Secure Store Web Service web.config
<membership>
<providers>
<add name="FBAMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBADB" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
</providers>
/membership>
roleManager>
<providers>
<add name="FBARolePRovider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBADB" />
</providers>
/roleManager>
Web Application (SharePoint – FBA) web.config
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="FBAMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBADB" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
</providers>
</membership>
<roleManager cacheRolesInCookie="false" defaultProvider="FBARoleProvider" enabled="true">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="FBARoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBADB" />
</providers>
</roleManager>
Hi Donal,
I followed your steps above and have checked the config files. However I seem to be getting the error below when accessing the website.
Server Error in ‘/’ Application.
——————————————————————————–
The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.]
…
Any ideas please?
I’m encountering the same error. Were you able to resolve this? If so, could you please provide the steps… Thanks!
I have the same problem.
If you have this problem, you will find more explicit information in the 14\LOGS files and in the system Event Logs. For me, it was SQL permissions because I didn’t quite follow the post and stuck with Windows Auth for the DB instead of Mixed mode.
Adding the App pool account to the FBA DB fixed it for me. But it could be other issues, check the logs.
ON following above steps I am getting the following error
The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.
Any guess. Thanks in advance.
@Bharat Sukhwal: Not a clue. I’d say double check your config files. Always backup your configs; so if you hit an issue, you can roll-back to see if it’s related to the web.config.
Thank-you VERY MUCH for this article! What you’ve got in your “Caveat” section finally ended many hours of grief and trouble for me. I suppose I don’t mind that kind of quirkiness if it’s well documented, but yours is the first article I was able to find that even mentioned it.
HI, First off i’d like to say i think this is probally the best post i’ve seen so far regarding this process. Thanks for it 🙂
I’ve followed it to the end and finally when i create the site and login in FBA mode, i get the following message:
EVENT ID 8306
An exception occurred when trying to issue security token: The security token username and password could not be validated..
–
–
8306
14
2
47
0
0x4000000000000000
6530
Application
SPS2010.devmoss.com
–
The security token username and password could not be validated.
Do you have any idea what it could be?
Thanks in advance!!
@IIuis Thanks! What version of SP are you running? I will need to re-try this in RTM to see if there are any issues. It’s been a while since I’ve had to do FBA… Is there something blocking your db? Is it on the same server as your SP server?
Hi =), Yep the MOSS Farm it’s a RTM running in WIN2K8 R2, if i’m right the DB access it’s ok since i’ve been able to create the .Net Users and sharepoint it’s recognizing them in the admnistrators field when i create the site, Yes, the SQL2008 R2 it’s on the same Server, also a DC. I am going to recheck everything and try to make it work, if you have any suggestion it would be greatly appreciated!
Many Thanks in advance!
Lluís
Jejeje It’s working out!! Im a bad ass!! i had right man!
So i can say now it’s such an awesome article, thanks for it, i was typing a bad pass, can you believe that? xD
Thanks 4 the post!
Lluís
Hi! Thank you for this great article…
I have converted an existing web site to Claims Based Authentication. Everything worked fine and the authentication works perfectly (it detect wrong username/password).
But, I got “Access is Denied” as described in the last steps of your article. I triple checked the default provider to ‘i’ but no successs…
I also checked the collection admin but no success…
Any idea?
Thank you,
Eric
In my situation, my sharepoint was an upgrade from 2007 to 2010. I solved it this way:
– I made a granular backup of all sites.
– I uninstalled sharepoint 2010 and 2007
– I made a fresh install of 2010
– I created new site using the claim authentication
– In this site I restored the granular backup using powershell
And it worked perfectly
Eric
Thank you very much for this post! Very well written and very usefull. I ended up using the workaround with an user admin site since a had some issues changing back to the OOTB default membership provider “i” and still wanted to use the IIS man for user administration.
Thank you again!
I ran into the “An exception occurred when trying to issue security token: The security token username and password could not be validated” issue – make sure that you use the “/” in the application name in all of the providers.
Yes; I updated the content to make sure this covered. Thanks!
What is the Cavet here?
Which Website Authentication should I changed to Claims, is it the Fba Site ?
Please help as I am still getting Access Denied Error.
Change the default provider for the users on the web application you are using forms for. In the example case it was SharePoint – FBA.
Thank you very much for this great article!
After some useless attempts, I successfully completed my FBA configuration following these instructions.
hi, thanks for your great tutorial…
finally, i successfully configure fba in my web app…
now i add 1 default asp.net control which is change password…
strange, seem like i can’t change my password….
got the message
“Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 0.” eventhough i give correct password…
is there something configuration that i miss???
thanks in advance….
Thanks for making this so understandable. I’ve invested a lot of time trying to figure this out without much luck. My SP2010 FBA is finally working because of your awesome post!
Dona,
Thanks for the great article
I followed your steps, I did follow the caveat, now when I type the URL, I get the sign on page, then either one on iselt for authentication , i get below error help me out
Neel
Server Error in ‘/’ Application.
——————————————————————————–
Server Error in ‘/’ Application.
The remote server returned an error: (404) Not Found.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The remote server returned an error: (404) Not Found.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[WebException: The remote server returned an error: (404) Not Found.]
System.Net.HttpWebRequest.GetResponse() +1126
System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +81
[EndpointNotFoundException: There was no endpoint listening at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +10258154
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +539
Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) +0
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) +61
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) +36
Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) +26062081
Microsoft.SharePoint.SPSecurityContext.SecurityTokenForFormsAuthentication(Uri context, String membershipProviderName, String roleProviderName, String username, String password) +172
Microsoft.SharePoint.IdentityModel.Pages.FormsSignInPage.GetSecurityToken(Login formsSignInControl) +188
Microsoft.SharePoint.IdentityModel.Pages.FormsSignInPage.AuthenticateEventHandler(Object sender, AuthenticateEventArgs formAuthenticateEvent) +123
System.Web.UI.WebControls.Login.AttemptLogin() +152
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +124
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +70
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
——————————————————————————–
Version Information: Microsoft .NET Framework Version:2.0.50727.4927; ASP.NET Version:2.0.50727.4927
Did you manage to fix this? Is your security token service running?
No Donal, It is running, but now for some reason, i am not getting this error, but now i am not able to retrieve users in sharepoint,but if i change the FBA membership provider in iis then i can see users, but it is not getting resolved
let me know
thank you
Neel
Hi
I am getting an error when trying to do step 3.
3. Configure .NET Roles
This and the next steps are not required for the other two web applications we configured (Central Admin and SSS).
Open the .NET Roles page for our web application. You will receive a warning that the default role provider is not trusted. WE just need to set our default role provider to FBARoleProvider.
The error i get is
.NET Roles
There was an error while performing this operation
Details:
Login failed for user ‘FormsAuthUser’.
Obviously it cannot validate the password for the user, can you help with understanding why? i have checked the password and it is entered correctly in all web.config files and also in the ExtranetMembershipStore Database for ther user FormsAuthUser
Must i add another user to the SQL DB so that IIS can talk to it?
I think the problem may be that i set the Application Name to be /
How do i find out the correct application name? or do i just make one up?
Why do you think the application name is the issue? How does the error manifest? Is it when you open the .NET roles page in IIS?
Yes when i open the .Net Roles it tries to connect to the Default Provider which i set as per your instructions, at that point, i get the error
.NET Roles
There was an error while performing this operation
Details:
Login failed for user ‘FormsAuthUser’.
Hi Donal
I have fixed this by restarting the SQL server, i guess when you change the authentication mode from Windows to Mixed you need to restart the server for it to take affect.
I have done all the steps now though and am at the final part which i cant get to work, ive set the .NET users up and set one of them as Site Collection Administrator and as your post says, when i try to login i get the Access Denied message, however the Caveat that you mentioned isnt working for me as IIS wont allow me to change the .NET Users Default Provider back to the ‘i’ provider.
I get an error message telling me that this feature cannot be used as the default provider is not a trusted provider.
Do you know how to fix this?
Could the error be becuase the
Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider
is not in my C;\Windows\Assembly folder?
There is a Microsoft.SharePoint.Administration.Client and a whole lot of other Micorosft.SharePoint.*****’s in there all with the same Public Key Token.
So i have added the line:
into my C:\Windows\System32\inetsrv\config\administration.config file and now i get a different error which is
There was an error while performing this operation
Details:
Object Reference not set to an instance of an object.
Any ideas?
for some reason it wont post the line, im not sure why.
It is the add ‘i’ type=sharepoint line from the config file you have in your post, with the public key token
I also get the same object refernece not set error if i remove the line from the administration.config file and set the allowuntrustedproviders to true.
Not sure why you are going into administration.config, you should not need to at all. I haven’t set this up in a while, so will have to go back and redo, to see.
Donal,
I tried your solution from scratch, I am not able to see any Forms users through sharepoint, but i can see them in IIS 7, if change to FBArole and FBA member.
I checked everything again and again, it is exactly the same steps mentioned above, could you provide me some clues.
thank you
Neel
Nice post. Very descriptive and useful. Thank you very much for coming up with such a nice post.
I’m with Neel. It’s too bad this doesn’t work. The FBA users don’t show up in the people picker and I can’t log in as them. There is no error to look into. For me this is an epic fail.
Hi Donal,
Firstly thanks for the step by step guide! Very helpful…I am having a similar issue to Neel. Have set up the .NET Users in IIS7 but they don’t seem to be listed in Sharepoint when I try to resolve a user. I am trying to set this up on my local Windows 7 machine to test out the scenario. Any ideas…have I missed something? Are the users supposed to show up in the FBADB created as I don’t seem to see them there?
Thanks
Please ignore my previous comment. Seems I have got it working now. Thanks.
This has to be the best write up on SharePoint 2010 FBA out there, and ive looked. Save my behind today mate. Great Job.
Thanks! Best guide I read so far which help me get my SharePoint 2010 test bed to work with FBA 🙂
Thanks for the tip about naming the application in the providers, wish I’d found it last Friday but.
Thanks for the excellent walk though! It was perfect!
Note: I also got the / error in application but if you look at the event viewer it was because I hadnt setup up my alternate access mappings yet.
Thanks again for the work!!
-Jason
Got it working. I was using a local account as the application pool identity, which apparently doesn’t work when finding the domain accounts. Switched to network service (or you could put in a domain account) and now it works!
Great post … I followed the given steps and it works like a charm ..
Thanks
Thank you for the detailed explanation. It’s easy to follow and very well explained. And it works!!!! This is the best FBA post I found so far.
Just added this link to my session for tomorrow.. remembered just in time!
really help me and save a day.
Thanks
really help me and save a day.
Thanks
Thank you very much for this tutorial!!! Excelent work!!! 🙂
Great documentation! Works great for me.
Thanks
Hello
First thank you for this great post. It has gotten me way farther than the WROX publication “SharePoint 2010 Admin”
I have followed your instructions – with only changing the name of the DB to be something else.
To change the default provider caveat as mentioned above I had to edit the web.config file for my FBA website to change the default provider as i. When editing this web.config file I noticed that under and the FBA ones that we created were not there. These are listed in IIS as Inherited. Is this an issue?
Then my website crashed and would not open at all. I did not see any errors about this crash in the event viewer.
I do have a AD user and FBA user listed as administrators for the website.
This is the error that I get when I try to even access the log in page
Error
Error
An unexpected error has occurred.
Troubleshoot issues with Microsoft SharePoint Foundation.
with Id .. blah
Date and Time: 11/30/2011 2:34:23 PM
Using ULS here is what I see:
System.InvalidOperationException: Operation is not valid due to the current state of the object.
at Microsoft.SharePoint.SPUserToken.GetClaimsUserLoginName()
at Microsoft.SharePoint.SPSite.CopyUserToken(SPUserToken userToken)
at Microsoft.SharePoint.SPSite.SPSiteConstructor(SPFarm farm, Guid applicationId, Guid contentDatabaseId, Guid siteId, Guid siteSubscriptionId, SPUrlZone zone, Uri requestUri, String serverRelativeUrl, Boolean hostHeaderIsSiteName, SPUserToken userToken)
at Microsoft.SharePoint.SPSite..ctor(Guid id, SPFarm farm, SPUrlZone zone, SPUserToken userToken)
at Microsoft.SharePoint.SPSite..ctor(Guid id, SPFarm farm, SPUrlZone zone)
at Microsoft.SharePoint.SPFeatureManager.EnsureSiteAndWeb(SPUrlZone zone, Guid databaseid, Guid siteid, Guid webid, SPSite& site, SPWeb& web)
at Microsoft.SharePoint.SPFeatureManager.c__DisplayClass19.b__18()
at Microsoft.SharePoint.SPSecurity.RunAsUser(SPUserToken userToken, Boolean bResetContext, WaitCallback code, Object param)
at Microsoft.SharePoint.SPFeatureManager.GetFeatureRootAndListSchemaPaths(Byte[]& userToken, Guid& tranLockerId, Int32 nZone, Guid databaseid, Guid siteid, Guid webid, Guid featid, Int32 ltid, String& sPathToFeatureRoot, String& sPathToSchemaXml)
at Microsoft.SharePoint.Library.SPRequestInternalClass.GetListItemDataWithCallback2(IListItemSqlClient pSqlClient, String bstrUrl, String bstrListName, String bstrViewName, String bstrViewXml, SAFEARRAYFLAGS fSafeArrayFlags, ISP2DSafeArrayWriter pSACallback, ISPDataCallback pPagingCallback, ISPDataCallback pPagingPrevCallback, ISPDataCallback pFilterLinkCallback, ISPDataCallback pSchemaCallback, ISPDataCallback pRowCountCallback, Boolean& pbMaximalView)
at Microsoft.SharePoint.Library.SPRequest.GetListItemDataWithCallback2(IListItemSqlClient pSqlClient, String bstrUrl, String bstrListName, String bstrViewName, String bstrViewXml, SAFEARRAYFLAGS fSafeArrayFlags, ISP2DSafeArrayWriter pSACallback, ISPDataCallback pPagingCallback, ISPDataCallback pPagingPrevCallback, ISPDataCallback pFilterLinkCallback, ISPDataCallback pSchemaCallback, ISPDataCallback pRowCountCallback, Boolean& pbMaximalView)
at Microsoft.SharePoint.SPListItemCollection.EnsureListItemsData()
at Microsoft.SharePoint.SPListItemCollection.get_Count()
at Microsoft.SharePoint.SPList.GetItemById(String strId, Int32 id, String strRootFolder, Boolean cacheRowsetAndId, String strViewFields, Boolean bDatesInUtc)
at Microsoft.SharePoint.SPContext.get_Item()
at Microsoft.SharePoint.SPContext.get_Fields()
at Microsoft.SharePoint.WebControls.FieldMetadata.get_Field()
at Microsoft.SharePoint.WebControls.FormField.CreateChildControls()
at System.Web.UI.Control.EnsureChildControls()
at Microsoft.SharePoint.WebPartPages.WikiEditPage.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Any Ideas??
Hugs
Kora
Its me again..
So I changed back the web.config file to the back up I made before I made the change for the default to be I and now I am getting the caveat message.
Hi Kora. So is it working for you now?
WOWWWW!!!…Thanks a ton for the documentation….works like a piece of cake..
Your article is very simple to understand, congratulations, the information was very useful!
Dear Donal Conlon
Thank you very much for this post. My Sharepoint is singing because of this! And so is my boss!
Spoke too soon. So I am able to add users to my sql db using IIS .net Users.
I add this user to a role that I created.
I switch my default provider back to “i” so I am able to log in using Windows Auth.
But when I go to log in my FBA user – nothing happen. It says user name and password is not correct. I did re add my user and added in another password for them.