Friday, March 23, 2012

Claims Based Authentication in SharePoint 2010 using SQL Server Provider


Hi All,

Here's is the best resource to consider when you wanted to set up Claims Based Authentication for SharePoint 2010 using SQL Server Provider.

You can easily setup the Forms Based SharePoint site by following the above post by Kirk Evans[MSFT].

Here are some of the issues I faced during the setup.

Issue 1: Users created in ASPNETDB created using aspnet_regsql.exe are not showing up in SharePoint PeoplePicker.

Solution: This is the most common issue most of the users face. When we are adding the users to ASPNETDB by using IIS Manager (IIS Manager -> Central Admin Site -> .Net Users), the default provider is set to our custom provider as shown below. Here FBAMembership is my custom Membership provider.

Just revert the Membership and Role Provider to their default. This is done by clicking the Roles -> Set Default Provider. Similary, click Providers -> Set Default Provider.

Once this is done, i was able to resolve the users present in ASPNETDB in PeoplePicker as shown below.

The users present in ASPNETDB (Shown in ASP.NET WebSite Administration Tool)

Users shown after searching in Address Book:

























Issue 2:The Forms User is unable to login to SharePoint Site though resolved in People Picker
As shown in the above picture, the forms user (fbaadmin) is the site collection administrator for the site but when tried to login to SharePoint using correct credentials, i was unable to login as shown below:















Obviously, this is an issue with Secure Store Token Service (STS) and below is the error message i got in Event Viewer:
An exception occurred when trying to issue security token: The security token username and password could not be validated
For this, i had to reconfigure the Membership and Role providers for STS and IISReset. Thats it. after that I was able to login to the SharePoint site.

Happy Coding...!!!

2 comments:

  1. Hi,

    I have setup FBA with ADLDS and When I am trying to login with LDAP user, I have the same error:

    "An exception occurred when trying to issue security token: The security token username and password could not be validated.."

    As per your blog, I have checked my application and STS config file as well but couldn't succeed.

    Please help.


    Thanks in advance.

    Saurabh K Singh

    ReplyDelete
    Replies
    1. Hi Saurabh,

      Restore the backed up STS and Reconfigure Membership and Role Providers again and do an IIS Reset.

      If required, reboot the server. That has resolved my problem in many cases. Good Luck.

      Delete