Kashif Nizam Qureshi

Configure FBA for Project Server

IIS Manager

In order to modify web.config, the easy way it to open IIS manager and explore all site’s web.configs that need to configured for form base authentication.

Central Administration

Expand Site and right click SharePoint Central Administration v4 and click Explore as shown in the fig.

This will open up windows directory where you’ll find web.config. Open up the config file in any editor.

People Picker

Add the following highlighted line <PeoplePickerWildcards> tags after the <clear/> markup.

<PeoplePickerWildcards>

<clear />

<add key=”FBAProvider” value=”%” />

<add key=”AspNetSqlMembershipProvider” value=”%” />

</PeoplePickerWildcards>

Role Manager and Membership

Search for the <system.web> section in the web.config, underneath that replace the following section or update it with the following given rolemanager and membership section.

<roleManager>

<providers>

</providers>

</roleManager>

<membership>

<providers>

</providers>

</membership>

The above configuration would be replace by the following section

<roleManager enabled=”true” cacheRolesInCookie=”false” cookieName=”.ASPXROLES” cookieTimeout=”30″ cookiePath=”/” cookieRequireSSL=”false” cookieSlidingExpiration=”true” cookieProtection=”All” defaultProvider=”AspNetWindowsTokenRoleProvider” createPersistentCookie=”false” maxCachedResults=”25″>

<providers>

<clear />

<add name=”FBARoles” connectionStringName=”FBA” applicationName=”/” type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

<add name=”AspNetWindowsTokenRoleProvider” applicationName=”/” type=”System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

</providers>

</roleManager>

<membership defaultProvider=”FBAProvider” userIsOnlineTimeWindow=”15″ hashAlgorithmType=””>

<providers>

<clear />

<add connectionStringName=”FBA” enablePasswordRetrieval=”false” enablePasswordReset=”true” requiresQuestionAndAnswer=”true” passwordAttemptWindow=”10″ applicationName=”/” requiresUniqueEmail=”false” passwordFormat=”Hashed” name=”FBAProvider” type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

</providers>

</membership>

ConnectionString

Search for the <connectionStrings> section in the web.config. if the connection string section is already there add the connectionstring or add the following whole section just above </configuration> tag.

<connectionStrings>

<add name=”FBA” connectionString=”server=SQLCLUST02\SQLINST02;database=EPM_FBA_User;uid=dbusername;password=PASSWORD”/>

</connectionStrings>

Security Token Service Application

Expand Site and right click Security Token Service Application and click Explore as shown in the fig.

This will open up windows directory where you’ll find web.config. Open up the config file in any editor.

Role Manager and Membership

Add the following just above </configuration> section of the web.config

<system.web>

<membership defaultProvider=”FBAProvider”>

<providers>

<add name=”FBAProvider” connectionStringName=”FBA” enablePasswordRetrieval=”false” enablePasswordReset=”true” requiresQuestionAndAnswer=”true” passwordAttemptWindow=”10″ requiresUniqueEmail=”false” passwordFormat=”Hashed” applicationName=”/” type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

</providers>

</membership>

<roleManager defaultProvider=”FBARoles” enabled=”true”>

<providers>

<add name=”FBARoles” connectionStringName=”FBA” applicationName=”/” type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

</providers>

</roleManager>

</system.web>

ConnectionString

Add the following just above </configuration> section of the web.config.

<connectionStrings>

<add name=”FBA” connectionString=”server=SQLCLUST02\SQLINST02;database=EPM_FBA_User;uid=dbusername;password=PASSWORD”/>

</connectionStrings>

SharePoint Site Web Application

Expand Site and right click SharePoint Site Web Application and click Explore as shown in the fig.

This will open up windows directory where you’ll find web.config. Open up the config file in any editor.

People Picker

Add the following highlighted line <PeoplePickerWildcards> tags after the <clear/> markup.

<PeoplePickerWildcards>

<clear />

<add key=”FBAProvider” value=”%” />

<add key=”AspNetSqlMembershipProvider” value=”%” />

</PeoplePickerWildcards>

Role Manager and Membership

Search for the <system.web> section in the web.config, underneath that replace the following section or update it with the following given rolemanager and membership section. DO NOT modify already given providers.

<membership defaultProvider=”i”>

<providers>

<add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />

</providers>

</membership>

<roleManager defaultProvider=”c” enabled=”true” cacheRolesInCookie=”false”>

<providers>

<add name=”c” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />

</providers>

</roleManager>

The updated one would be the following.

<membership defaultProvider=”i”>

<providers>

<clear />

<add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />

<add name=”FBAProvider” connectionStringName=”FBA” enablePasswordRetrieval=”false” enablePasswordReset=”true” requiresQuestionAndAnswer=”true” passwordAttemptWindow=”10″ applicationName=”/” requiresUniqueEmail=”false” passwordFormat=”Hashed” type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

</providers>

</membership>

<roleManager defaultProvider=”c” enabled=”true” cacheRolesInCookie=”false”>

<providers>

<clear />

<add name=”c” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />

<add name=”FBARoles” connectionStringName=”FBA” applicationName=”/” type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

</providers>

</roleManager>

ConnectionString

Add the following just above </configuration> section of the web.config.

<connectionStrings>

<add name=”FBA” connectionString=”server=SQLCLUST02\SQLINST02;database=EPM_FBA_User;uid=dbusername;password=PASSWORD”/>

</connectionStrings>

Setting Web Application

Open Central Administration and go to Application Management. Under Web Applications click Manage web applications. Select the desired web application that needs to be configured for form based authentication and click Authentication Providers. Click the zone that needs to be configured.

Scroll down to Claims Authentication Type and check Enable Windows Authentication (if windows authentication is also required) and check Enable Form Based Authentication (FBA) and enter ASP.Net Membership provider name and ASP.Net Role manager name. Optionally, set the Sign In Page URL. Once done, click save. Your FBA is configured and should be working.

Adding FBA User to Project Server

To add FBA user to Project Server, we need to use the provider name and username of the user. For instance, if user with a name “kashif” was created in FBA, so in the ‘user logon account’ within Project Server Server Setting, we’ll use “i:0#.f|FBAProvider|kashif”.

Once the user is created, try logging in with the new FBA user without the prefix we added “i:0#.f|FBAProvider|” while creating it.

If you have any trouble configuring, you can get in touch with me.

Advertisements

5 thoughts on “Configure FBA for Project Server

  1. Thanks for the above knowledge but i have configured FBA, and i can log in to site with FBA user and when i try to log in to PWA it gives me access dined page

    where site path is

    http;//SharePoint:200/ ——- FBA user can access

    Project server path

    http;//SharePoint:200/pwa/ ——- FBA user can not access

    • Thanks for the comments Yassin. Have you added your user to Project Server? That is from, Server Setting-> Manage Users. Make sure you add it as describe above, providing the correct format e.g “i:0#.f|FBAProvider|kashif”. And lastly, apply permission through Group and Category. If you still find issue figuring it out, please let me know I’ll help you out.

  2. thanks for your support , i did all you ask above but still have the issue, i add the fbaadmin user by PWA-> server setting -> user managment =i:0#.f|FBAmemershipProvider|fbaadmin and in the group managemnet as well categrory managment, please i need your help in this

  3. Hi Kashif,

    I have followed steps you have given and it is working fine with only one exception that when I assign a FBA user to an activity and publish the project plan, the user does not receive any email notification. Any help would be highly appreciated.

    Thanks
    Himanshu

    • Hi Himanshu,

      Make sure you can see email address defined in Manage User for that particular user. Secondly, try with non-FBA user and see if it works. Also, check your SMTP settings.

      Let me know the outcome.

      Happy debugging!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s