Affichage des articles dont le libellé est extranet. Afficher tous les articles
Affichage des articles dont le libellé est extranet. Afficher tous les articles

vendredi 22 avril 2016

Set up SharePoint 2016 Extranet for your client/provider part 2, set up web.config and install FBA pack

Please see step 1 if you missed it on how to create membership database, create webApplication for your Extranet site and how to extend it :

1. Configure web.config

We will now tell SharePoint that membership provider and the role provider are stored into the database we create in the first step.

Locate the file machine.config into C:\Windows\Microsoft.Net\Framework64\v4.0.30319\Config
save a copy of that file and edit the original one:

In the section "Connectionstrings"  add :

<add connectionString="Server=SP2016; Database=fba_extranet; Integrated Security=true" name="SQLConn" />

Replace "SP2016" and "fba_extranet" by your SQL server instance and the database name you create earlier:

Into "<membership><providers>"  add the following lines, replace "SQL_Membership" by the membership provider name you chose earlier when we have extended the webApplication. You can see that you can change some parameters (password length, max invalid password attempts before account will be locked etc..):

  <add name="SQL_Membership"  Type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"  ConnectionStringName="SQLConn"  EnablePasswordRetrieval="false"  enablePasswordReset="true"  requiresQuestionAndAnswer="false"  applicationName="/"  requiresUniqueEmail="true"  passwordFormat="Hashed"  maxInvalidPasswordAttempts="20"  minRequiredPasswordLength="7"  minRequiredNonalphanumericCharacters="1"  passwordAttemptWindow="10"  passwordStrengthRegularExpression="" />

Into "<roleManager><providers>"  add the following lines, replace "SQL_Role" by the membership provider name:

<add name="SQL_Role" connectionStringName="SQLConn" applicationName="/"
 type="System.Web.Security.SqlRoleProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

Save the file (if you have problem saving the file open notepad with admin right).

2. Edit Security Token Service Application

Go to IIS manager, go into "SharePoint Web Services" right click on "SecurityTokenServiceApplication" and clic "Explore":


Modify web.config file add the membership and role like you did into machine.config file add the following line under <configuration>

<!-- Section to add -->
  <!-- Add membership provider here -->
   <roleManager enabled="true">
    <!-- Add role provider here -->
   <customErrors mode="RemoteOnly"/>
<!-- End Section to add -->

3. Install FBA Pack solution

We can now create our first site collection in the web application go to "Application Management => Create site collection"

Select the webApplication Extranet and create a team site for example

Download the zip from and extract the archive on the SharePoint 2016 server, add the solution thanks to powershell with the Add-SPSolution.

Navigate to the farm solutions management page and deploy the solution to your WebApplication:

Set up SharePoint 2016 Extranet for your client/provider

One of the first feature that many company need is to provide information to client or provider, one of the way to do that is to open an extranet on which they can connect and find your latest documentation on product, technical documents.

In order to open one site you can add for each users of AD account but it can be expensive if you have many clients. SharePoint offer an other way to authenticate users called FBA (Forms Based Authentication) users and authorization will be stored in a dedicated database.

1. Create the database

From your SharePoint 2016 server go to the folder: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319"

Open and click on "Next/Suivant"
Select the first option and click next again:

Specify the server that will host the datadabse and the named instance if you have any, specify a name for the database "fba_extranet" in my case and click next.
The account use to connect to the SharePoint server will be used as admin for the database you can change the right after.
Click "next/suivant" and the base will be created, you can see the dase and the structure thanks to Management studio:

2. Create Extranet WebApplication

We will now create the SharePoint WebApplication that will host you extranet sites, from SharePoint central administration create a WebApplication

- Name
- Port
In claims authentication types chose "Enable Windows Authentication" "NTLM"

Set up you webApplication as you normally do and create it.

2.1 Extend the webApplication

The web application is now available but only your AD users can connect we will now extend the webApplication to make it available through an other url that will be dedicated for your client/provider users.

I've created my webApplication on port 82 my internal users will use that url to connect with SSO to the site using their windows account.

I will now decide that external users will connect on port 8282 but they will use FBA credentials.
Select your webApplication in SharePoint central administration and click on "Extend":
Extend webApplication

Give a name to your extension "Extranet - External users" in my case and a port "8282" for me

Unselect "Enable windows authentication" and select "Enable Forms Based"
Type of name for ASP.Net Membership provider and save it for later do the same for ASP.Net Role Manager:

You can also change the default sign in page if you want to add your company logo or message for your customer but we will not see it here.
Just set up the public Url and chose "Extranet" for the zone:

Please now go to step 2 of this article to see how to tell your SharePoint in which database your users are stored and how to install webParts that will help you manage your users and roles :

Step 2 configuration and install FBA Pack webparts