Step-by-Step guide, installing AD Provider on WSS v3
During the Sharepoint development courses I often get the question how to use Forms Authentication. There are a lot of walkthroughs available on the net telling you how to use FA combined with a SQL Server DB, but it's also possible to do FA against your own Active Directory.
This blogpost described just how you would accomplish such a thing. For those of you who have a demo installation like I described in the setup post (click here), this is also build using the same installation.
Step 1: Change web.config for Central Administration
Add between </authorization> and <httpModules> the following tags:
<membership> <providers> <add name="ADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADServices" /> </providers> </membership>
Add between the </system.web> and <runtime> the following tags:
<connectionStrings> <add connectionString="LDAP://bartg03_moss.moss.contoso.com/OU=contoso users,DC=moss,DC=contoso,DC=com" name="ADServices" /> </connectionStrings>
This contains the LDAP connectionstring where the users are stored
- Start Central Administration, Browse to the Application Management page.
- Click on ‘Authentication providers’
- Select the Web Application which needs to be AD provider enabled
- Click on ‘Default’
- Select ‘Forms’ as Authentication type
- Type ‘ADProvider’ as Authentication Provider (Case sensitive!!)
- Set Enable Client Integration to ‘No’ (client integration only works with Windows authentication’
- Select ‘Save’
- Select ‘Site Collection Administrators’ from the ‘Application management’ tab on Central Administration
- Select the AD Provider enabled web application and add a new site administrator here.
- Open the web.config file from the Web Application which needs to be AD provider enabled
- Add between </authorization> and <httpModules> the following tags:
<providers>
<add name="ADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,
</providers>
</membership>
Add between the </system.web> and <runtime> the following tags:
<connectionStrings> <add connectionString="LDAP://bartg03_moss.moss.contoso.com/OU=contoso users,DC=moss,DC=contoso,DC=com" name="ADServices" /> </connectionStrings>
This contains the LDAP connectionstring where the users are stored
Last step:
Log on to the AD provided web application using your AD Credentials.
You can set up a lot more information using the ActiveDirectoryMembershipProvider, check http://msdn2.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx for more information.