SharePoint 2010 :Implementing SharePoint Extranet Solution Part 2

Configuring Authentication Providers

This section demonstrates the configuration of forms-based authentication (FBA) using an ASP.NET SQL Server authentication provider. Additional information about configuration and examples for authentication providers can be found on MSDN and TechNet.

The configuration for FBA requires the following major steps:

1.	Modify the web.config file in the extranet web application to include the membership provider and role manager for the authentication provider. This step enables the proper behavior of the people picker in the web application.
2.	Modify the web.config file in the Central Administration web application to include the membership provider and role manager for the authentication provider. This step enables the proper behavior of the people picker in the Central Administration web application.
3.	Modify the web.config file for the STS web services to include the Membership provider and role manager for the authentication provider. This step enables the claims authentication against the SQL authentication provider.
4.	Configured the extranet web application to use FBA, and specify the membership provider and role manager.
5.	Add the roles and users to the extranet site collection and grant the appropriate permissions and access.

Modify the web.config for the Extranet Web Application

Modify the web.config for each of the web front ends (WFEs) hosting the extranet web applications. Add the following connection string between the

nodes: and

Find the and nodes in the parent node. Add the nodes to include the following entries:

...


type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />










       

Find the nodes in the parent node. Modify the node to “add” the membership provider name to the people picker:

Modify the web.config for the Central Administration Web Application

Modify the web.config for the Central Administrator web application. Add the following connection string between the

and nodes:

Find the and nodes in the parent node. Add the nodes to include the following entries:

...









       

Find the nodes in the parent node. Modify the node to “add” the membership provider name to the people picker:

Modify the web.config for the STS Web Services

Edit the web.config of the STS web services. The web.config is located at C:\Program Files\Common Files\Microsoft Shared\web server extensions\14\WebServices\ SecurityToken:

Configure the Membership Provider and Role Manager for the Extranet Web Application

To configure the membership provider and role manager for the extranet web application, perform the following steps:

1.	Open the browser to the Central Administration site.
2.	Click Manage Web Application under Application Management.
3.	Select the web application and click the Authentication Providers button in the Ribbon.
4.	Click the zone for the authentication provider to configure for FBA.
5.	In the Edit Authentication page, check Enable Forms-Based Authentication (FBA), as shown in Figure 3. Figure 3. Edit Authentication page.
6.	Enter the membership provider name: SQLMembershipProvider.
7.	Enter the role manager name: SQLRoleManagerProvider.
8.	Select the web application and click the User Policy button on the Ribbon.
9.	Click Add Users and choose the default zone (or the zone configured with FBA).
10.	Add the users, as shown in Figure 4, with the appropriate permissions as needed for the FBA website. Then, click Finish. Figure 4. Add Users page.

Creating an Extranet Service Application Proxy Group

SharePoint 2010 offers a distributed model for shared services or service applications. Web applications themselves subscribe to use the various service applications. Application proxy groups can be created to define a set of service applications. It is recommended that extranet web applications, one or more application proxy groups be created to ensure only minimum required service applications are enabled for use in the extranet web applications. The following PowerShell commands show how to create a new application proxy group:

1.	Open a SharePoint 2010 Management PowerShell console and navigate to Start, All Programs, Microsoft SharePoint 2010, SharePoint 2010 Management Shell.
2.	Use the following command to create the new service application proxy group and add a member to it: New-SPServiceApplicationProxyGroup [-Identity ] Add-SPServiceApplicationProxyGroupMember [-Identity ] [-Member ] For example: New-SPServiceApplicationProxyGroup -Identity PartnerExtranet Add-SPServiceApplicationProxyGroupMember -Identity PartnerExtranet -Member bfea704a-e2a1-429f-8c4d-1372e5524bdc

Validating the Partner Extranet Solution

To validate whether the solution works properly, do the following:

1.	Open the browser to the extranet partner site: http://partner.companyabc.com.
2.	Choose the authentication provider from the drop-down, as shown in Figure 5, and enter the proper credentials. Figure 5. Login page.
3.	At this point, you will be logged in to the site using claims-based authentication, as shown in Figure 6. Test all the configured authentication providers. Figure 6. Successful login to extranet partner site.