Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Active Directory and Forms Based Authentication

5 views
Skip to first unread message

gbrowins

unread,
May 6, 2009, 2:35:01 PM5/6/09
to
I am trying to make Forms Based Authentication (FBA) work with SharePoint
using Active Directory (AD) as my LDAP connection.

I am having similar issues to the post here:

http://www.eggheadcafe.com/software/aspnet/32306890/forms-based-authenticatio.aspx

I have set up my configuration in accordance with:

http://technet.microsoft.com/en-us/library/cc288259.aspx

I also have tried this as well, and this is my current configuration:

http://blogs.technet.com/nishants/archive/2009/03/18/how-to-configure-forms-based-authentication-active-directory-ldapmembership.aspx

The end result is that I believe the AD authentication takes place, but when
authenticating to the SharePoint Site with AD credentials, I get the error
“Access Denied”

Here are my web.config settings that I’ve changed:

<authentication mode="Forms">
<forms loginUrl="/_layouts/login.aspx" />
</authentication>


<membership defaultProvider="LdapMembership">

<providers>

<add name="LdapMembership"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider,
Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71E9BCE111E9429C"
server="ad-server-name.com"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="CN=Users,DC=AD-domain-name,DC=com"
userObjectClass="person"
userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />

</providers>

</membership>

<roleManager defaultProvider="LdapRole" enabled="true"
cacheRolesInCookie="true" cookieName=".PeopleDCRole">

<providers>

<add
name="LdapRole"
type="Microsoft.Office.Server.Security.LDAPRoleProvider,
Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71E9BCE111E9429C"
server="ad-server-name.com"
port="389"
useSSL="false"
groupContainer="DC=AD-domain-name,DC=com"
groupNameAttribute="cn"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
scope="Subtree"

/>

</providers>

</roleManager>

Here is the alternate modification which offers the same results:

<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
enableSearchMethods="true"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>

<connectionStrings>

<add name="ADConnectionString"

connectionString=

"LDAP:// ad-server-name.com/CN=Users,DC= AD-domain-name,DC=com " />

</connectionStrings>


I do see that the users in the SharePoint site have the Domain\Username
format. So I don’t know why it won’t grant access to the site?

Any help would be appreciated!

Thanks!

0 new messages