Project Description

End-2-end demo with code and instructions of advanced SharePoint 2010 Claims Based FBA concepts. Includes custom membership/role providers using SQL Server table and OpenID. Also included are custom login pages and web parts for secure and anonymous SharePoint sites. Special attention given to creating membership provider and custom login page allowing OpenID authenticated users to login to SharePoint 2010.

Project Information

Uses DotNetOpenAuth provided by http://www.dotnetopenauth.net.

Created using Visual Studio 2010 and CKSDevToolKit.

SharePoint Web Applications & Configuration

SQL Server Database Requirements

OpenID Integration Requirements

trust level
dll not in gac, in web application bin folder
custom login page will be relying party
needs provider (use either real provider or OpenID Provider included in download)

FBAAddOns Visual Studio Project Explained

OpenIDProviderWebForms Project Explained

Required Configuration Changes

Open the web.config file for each section below (all but STS is located in C:\inetpub\wwwroot\wss\VirtualDirectories (or other custom location specified by admin).

1. Central Administration

PeoplePickerWildcards: add key and value if membership and role provider support wild-card searching from peoplepicker.
<PeoplePickerWildcards>

roleManager and membership providers:
<system.web>
<configuration>

<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="CustomDbUsersRP" type="FBAAddOns.classes.CustomDbUsersRP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
</providers>
</roleManager>

<membership defaultProvider="CustomDbUsersMP">
<providers>
<add name="CustomDbUsersMP" type="FBAAddOns.classes.CustomDbUsersMP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
<add name="MyOpenIDWhiteListMP" type="FBAAddOns.classes.MyOpenIDWhiteListMP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
</providers>
</membership>

Add connectionStrings and appSettings if needed too.

2. Security Token Service

Location: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken

roleManager and membership providers:

<system.web>

<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomDbUsersRP" type="FBAAddOns.classes.CustomDbUsersRP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
</providers>
</roleManager>

<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomDbUsersMP" type="FBAAddOns.classes.CustomDbUsersMP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
<add name="MyOpenIDWhiteListMP" type="FBAAddOns.classes.MyOpenIDWhiteListMP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
</providers>
</membership>

</system.web>

3. Web Application

Changes to the web.config file for the SharePoint 2010 Web Application that is expected to handle OpenID authentication.

update trust level

<trust level="Full" originUrl="" />
<!-- Trust level discussion:
Full: everything works (this is required for Google Apps for Domains support)
High: TRACE compilation symbol must NOT be defined
Medium: doesn't work unless originUrl=".*" or WebPermission.Connect is extended, and Google Apps doesn't work.
Low: doesn't work because WebPermission.Connect is denied.
-->

roleManager and membership providers:

<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomDbUsersMP" type="FBAAddOns.classes.CustomDbUsersMP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
<add name="MyOpenIDWhiteListMP" type="FBAAddOns.classes.MyOpenIDWhiteListMP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomDbUsersRP" type="FBAAddOns.classes.CustomDbUsersRP, FBAAddOns, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5ee875d473662cf4" />
</providers>
</roleManager>

Last edited Jan 5, 2012 at 1:07 AM by bandrben, version 9