Presentation from SharePoint Saturday Virginia Beach

A big thank you to the organizers, sponsors, and attendees of SharePoint Saturday Virginia Beach! The event was well put-on, and it is a great location, with a great layout! I cannot believe it took me 4 years to get down there, I wish I had gone much sooner!

I am looking forward to the next #SPSVB, but in the meantime, you can find my presentation from my session, Planning and Configuring Extranets in SharePoint 2010 below… please leave any questions you have in the comments!



Resources and Slides from Granite State SharePoint Users Group Meeting

GSSPUGI had the pleasure of presenting my Planning and Configuring Extranets in SharePoint 2010 session at the Granite State SharePoint Users Group this past Thursday evening.

After a pleasant drive up to Nashua, I was met with a good sized crowd, and had fun presenting, as well as interacting with the crowd.

I would like to thank the #NHSPUG for allowing me to come up and present – and hope I get a chance to do it again soon!

Below is my deck from the session. Please feel free to contact me directly, or, via the comments below with any questions on the material!


Slides and Resources from SharePoint Saturday New Hampshire

SharePoint Saturday New Hampshire was a great event! A job well done by the organizers. This was the first SharePoint Saturday New Hampshire, and there seemed to be a great turnout, and the location worked out well. Saw a lot of familiar faces, as well as was able to meet a bunch of great new people. This was also my first official event as a Jornata employee, even though today is officially my first day 🙂

This next part of this post is special for those who attended my session, it’s out little inside joke.

My session was very well attended, and I got nothing but great remarks.

Thank you all again for attending, and for the standing ovation – really, you didn’t have to. But thank you none-the-less. Below you will find my slides from the event.

And if you missed my session, or just want to see it again, come see me in a couple weeks at the Granite State SharePoint Users Group, where I will be presenting the same session, on October 13th.

And if you’re in the Baltimore area, I will be presenting this at the Baltimore SharePoint Users Group on October 20th.

Without further ado – here is my slide deck from the event.

In the slide deck is also the updated URL for access to the demonstration environment (

Recap and Resources from SharePoint Saturday NYC

I have to hand it to the organizers of the event, Becky Isserman (@MossLover), Jason Gallicchio (@PrincetonSUG), Greg Hurlman (@ghurlman), and Tasha Scott (@TashasEv) as well as their volunteers, for putting together once of the best organized SharePoint Saturdays I have been to. Great job! Lots of great sessions, sponsors, and speakers made this quite the memorable event! I was able to connect with old friends, and meet plenty of new ones.

The organizers also did something very special and unique with the speaker, volunteer, and organizer shirts – each of them either had a patch for the NYPD, NY Port Authority, or FDNY, remembering the attacks on the World Trade Center, as in just over a month from now, will be the 10th anniversary of that tragic day, in which thousands of lives were lost. This shirt will be definitely one of the conference shirts that I will be holding on to. There were lots of conversations about that day – the people we knew, where we were, and what we were doing… and how it has affected our lives since.

I had a great time giving my session (once I caught my breath after literally running around right up until the starting bell, searching for a power adapter, as mine would not work!), and had a lot of great questions from the crowd! With that, here are my slides from the event, with one important update – the CloudShare link no longer works… found the expiration notice in my junk mail folder the day after the environment was removed 😦 I will work on getting a new one up and running within the next couple of weeks – then the link should be functional again.



Thank you all for attending, if you were able to make it. Someone was even there due to my extranets blog post series (Part 1, Part 2, Part 3), so I know at least once person is reading this!

If you’re in the DC area this week, be sure to catch my session at SharePoint Saturday – The Conference!

Planning and Configuring Extranets in SharePoint 2010-Part 3 “The Environment”

I know quite a few people have been waiting for this post. In this post we’ll cover the environment itself, which I have made mention of in Part 1 of this series, and went through more of the configuration in during Part 2. I even made mention of it during my session at SharePoint Saturday Boston on the same subject. I have been extremely busy over the past two weeks with work, and finally had a chance today to finally put the finish touches and testing on the environment, and it is now ready for release.

extranets_csI would like to thank the folks over at CloudShare for making this possible. If you are not familiar with them – well, they say it better than I can

“CloudShare makes it easy to build, manage and share any business application instantly and on-demand, in the cloud. Used by individual business and IT professionals, developers, consultants, teams and enterprises, CloudShare offers complete and easy cloud solutions for development and testing, migration, training, demos and proofs of concept. Its latest product, CloudShare ProPlus, enables users to quickly build SharePoint environments and access preconfigured production-grade SharePoint farms – no physical servers, installs, recoding or software licensing of any kind.“

So, what they have allowed me to do, is build up a demonstration environment, using CloudShare ProPlus, and using the SharePoint and Office 2010 Information Worker Virtual Image from Microsoft as a base (actual environment setup took about 5 minutes to do – and then it was just a simple matter of configuration. Then, after taking a snapshot of that environment, I can now share that environment out. Each and every person that uses the link will have their very own copy to use. Using the link provided below you will be required to register for CloudShare Pro Plus, as a 14-day trial account, which you can play around with the image as much as you want. If you like what you see, you can keep that going, even dumping this environment and creating your own, for just $49/month. You can then share out your environments with other if you’d like. This is really one of the best cloud SaaS solutions I’ve seen on the market to date.

So, with that – have at it!


If you have any questions or comments, please let me know in the comments below.

More posts to come within this series as well!

Planning and Configuring Extranets in SharePoint 2010–Part 2

extranetIn Part 1 of this series, we walked through creating of the actual databases for managing our FBA users, as well as the general scope of this blog series. Today, we are going to focus on the configuration of SharePoint [insert crowd roar here]. Ok, ok, I know you are excited, this however, is the hardest part IMHO, so, please pay attention, and try to color inside the lines to the best of your ability while we are following this exercise.


Membership and Role Providers

First, let us do a quick definition of what these are.

Membership Providers are the authentication sources for applications. A provider can be a number of back ends (LDAP, SQL, 3rd party application, or a custom membership provider). In our specific case here, we are using SQL, specifically, the ASP.NET Membership Database. If you look at the tables we created in Part 1, you can see how this provider stores a username, password, and other information about the user. Just like active directory, it can hold information about a user, and also be used for authentication.

Role Managers are similar to membership providers, however, these are more like groups in Active Directory. A person in the membership provider can belong to a number of different roles, or groups. We will be configuring these as well.

So, hopefully the brief introduction to these terms above is enough to make sense, so we can move onto our next bit.

At this point, they do not need to have a name. We can name them whatever we’d like to. So, we will use:

  • Membership Provider: SQL-MembershipProvider
  • Role Manager: SQL-RoleManager


Extending our Web Application with Claims Based Authentication

Now that we have our database up and running, we need to extend our web application in SharePoint 2010, so that we can create an FBA-Only authentication portal, for our partners at Contoso to access.

To do so, we need to enable Claims Based Authentication on our site, because it is already created, we need to enable our existing site to be “Claims aware”.

Note: a great blog on configuring Claims Based Authentication can be found here:] I’ve relied heavily on that article in the past, so you will see a lot of the same information in this article as you will see in my reference above. This is not a swipe of that article, it is more of a homage 🙂


Extending the Web Application and Enabling Claims Authentication

To do so, go into Central Administration.

In Central Administration, go to Application Management > Manage web applications, and click on the site you would like to extend. In this example, I will be using the Intranet site within the SharePoint 2010 Information Worker demo image. Click on that site


And then click on Extend up in the Ribbon.


Now, time to configure the extended site. Give it a name, port, etc. (If you give it a DNS name, make sure you add in a DNS entry!)



Then select the Extranet zone. This doesn’t do anything but classify the extended web application, and allow us to modify the authentication methods used. Then click OK.

Now, once we have done that, you will notice, if you keep the web application selected in the list, click on Authentication Providers in the Ribbon, and then click on Extranet


You will notice that we cannot change the authentication type from Windows to Forms.


Don’t worry, we have a fix for that. To convert the web application from Classic Authentication to Claims Based Authentication, open up the SharePoint 2010 Administration Console (PowerShell – as an administrator)


   1: $webApp = Get-SPWebApplication http://extranet

   2: $webApp.UseClaimsAuthentication = "true"

   3: $webApp.Update()

This will enable Claims authentication on our web application.

Now if we click on Authentication Providers on the ribbon again, you can see that they now show up as Claims Based Authentication


Click on the Extranet again, you will now see that we can change the authentication type for this web application. If you want to have both AD users as well as FBA users to be access the same portal with their respective accounts, go ahead and check both Enable Windows Authentication as well as Enable Forms Based Authentication. Remember how I listed the Membership Provider and the Role Manager at the beginning of this article? Now is when I make use of those.


Note:  If you want to create a custom login page, you can specify that option from here (right below the Claims Authentication Types section). Maybe in an addendum to this article down the road I will write a quick post on how to do that. It’s easy, but, this article is more IT Pro/Admin focused, so we’ll skip that for now 🙂

Now go to the bottom and click on Save.  SharePoint will deal with the configuration of this web application.


Extranet Web Application Configuration

Our next item of concern is the configuration for the extranet. We need to re-configure the web.config settings for this extended web application. To do so, open the web.config file for the extranet web application, in my example, it is located at (C:\inetpub\wwwroot\wss\VirtualDirectories\extranet80\web.config)

Search for </SharePoint>, which should appear right before <system.web>, and insert the following code, after </SharePoint>, and before <system.web>.

   1: <connectionStrings> 

   2:   <add name="SQLConnectionString" connectionString="data source=DEMO2010A;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> 

   3: </connectionStrings>

And where the two highlighted bits are above, insert your SQL server name, and FBA database name respectively. (see Part 1 for creating this database).

Once that is complete, locate the end of the </system.web>, mentioned above, where we just put the connectionStrings information above. It will be right above </system.webServer>. there are many other system.web declarations within this file, so be sure to use the right one. You should see tags in the XML for membership and rolemanager there.

We will leave these AS-IS! No need to modify those lines. Now, we need to add the following code within the <providers> and </providers> tags within the <membership> element, as directed in the image below


   1: <add connectionStringName="SQLConnectionString" 

   2: passwordAttemptWindow="5" 

   3: enablePasswordRetrieval="true" 

   4: enablePasswordReset="true" 

   5: requiresQuestionAndAnswer="true" 

   6: applicationName="/" 

   7: requiresUniqueEmail="true" 

   8: passwordFormat="Hashed" 

   9: description="Stores and Retrieves membership data from SQL Server" 

  10: name="SQL-MembershipProvider" 

  11: type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

Make sure that the connectionStringName and name attributes match the connection string we used above, as well as the membership provider name we used in SharePoint respectively.

Next, the piece of xml we are going to use will fit in between the <providers> and </providers> tags within the <roleManager> element, as directed in the image below


   1: <add connectionStringName="SQLConnectionString" 

   2: applicationName="/" 

   3: description="Stores and retrieves roles from SQL Server" 

   4: name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

again, making sure that the connectionStringname and name attributes match the connection string we used above, as well as the role manager name we used in SharePoint respectively.

Then save the web.config file.

Central Administration Web Application Configuration

We now need to modify the Central Administration web.config file as well. In our example here, our Central Admin web.config file is located at: C:\inetpub\wwwroot\wss\VirtualDirectories\44535\web.config

We will be editing in the same places within the config file that we did for our extranet web application above, but with just a few slight changes.

So, first, locate the closing </SharePoint> tag, and the opening <system.web>. Just as we did above, we are going to paste in our connection strings here.

   1: <connectionStrings> 

   2:   <add name="SQLConnectionString" connectionString="data source=DEMO2010A;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> 

   3: </connectionStrings> 

And next, as you may have guessed, just before we close out the </system.web> tag in this web.config, we need to put in our membership provider and role information. This is slightly different from the one we used for the extranet web.config above, notice the default membership provider. Don’t change this – leave this as-is. It is NOT a typo.

   1: <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="false"> 

   2:   <providers> 

   3:     <add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

   4:   </providers> 

   5: </roleManager> 

   6: <membership defaultProvider="SQL-MembershipProvider"> 

   7:   <providers> 

   8:     <add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

   9:   </providers> 

  10: </membership> 


Security Token Web Service Application Configuration

Last, but certainly not least, we must also update the web.config for the SecurityToken service.

Within your SharePoint Root folder, under WebServices\SecurityToken (generally found at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken), you will find another web.config file. Before the end <configuration> </configuration> section, add in the following… again, tailored to your configuration which we have specified above.

   1: <connectionStrings> 

   2:     <add name="SQL-ConnectionString" connectionString="data source=DEMO2010A;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> 

   3: </connectionStrings> 

   4: <system.web> 

   5:     <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> 

   6:         <providers> 

   7:             <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> 

   8:             <add connectionStringName="SQL-ConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

   9:         </providers> 

  10:     </roleManager> 

  11:     <membership defaultProvider="i"> 

  12:         <providers> 

  13:             <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> 

  14:             <add connectionStringName="SQL-ConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

  15:         </providers> 

  16:     </membership> 

  17: </system.web>

Once you do that, it would be healthy to restart IIS as well (just humor me on this one, while not required, as changes to the web.config will cause the application pools to recycle, I’ve seen issues where a reset to IIS has been known to do good).

And lastly, once you visit your site, you should get one of these nice choice boxes:



You should be configured, and ready to roll!

Now stay tuned for Part 3… get access to this test environment!

Planning and Configuring Extranets in SharePoint 2010–Part 1

extranetFor my SharePoint Saturday Boston session on April 9th, I will be delivering a presentation on Planning and Configuring Extranets in SharePoint 2010. As I am building up my virtual environment for this presentation, I thought I would also write a blog series on the subject. The abstract for the session is below, and, if you can make it to SharePoint Saturday Boston, I hope you’ll come and see the presentation.

Most companies, large or small, require contact and collaboration with external entities, whether they are vendors, clients, or contractors. SharePoint gives us the ability to open up portals for collaboration with these external entities – this session will show you how to accomplish this using SharePoint 2010.

We will review what is required to make SharePoint “open” to the external world, discuss scenarios regarding security and privacy, as well as walk through configuring Forms Based Authentication, Claims Based Authentication, as well as using Business Connectivity Services in SharePoint 2010, to authenticate, and manage our external users.

Once completing this session, you should have a firm grasp on how to configure an extranet environment using SharePoint 2010, as well as what should be considered during the planning of your extranet scenarios.

At the conclusion of this series, as well as after the presentation at SPS Boston, I will include my slide deck here, as well as links to the actual virtual environment I am creating for this via cloudshare, as well as follow-up answers to questions asked during the session. I am using this to build up the shareable version of my presentation, because, it doesn’t use any local resources, I can access it from anywhere, and, I can share it with an unlimited amount of people, and I can update it from time to time.

So, let’s get started. To give some background on what we are going to be accomplishing here as our end game – we are going to configure the SharePoint 2010 Information Worker image with FBA, using the ASP.NET membership database as our backend. As well as using some built-in and home-grown tools to manage those users.

So now, really this time, lets get started… oh wait, before I do, notice the two images that start off this blog post? get it? an “extra net”, hah! Wow, did I strike a funny bone on that one.

Ok, I am seriously serious about moving forward on this. Let’s go.

Creating the ASP.NET Membership Database

So, first, we will need to be able to authenticate users. In the imaginary (but none-the-less exciting!) extranet planning that took place for Contoso, we decided we wanted to not have our external users, our partners, to have Active Directory accounts. Sure, we can secure AD users, and create a sub-domain to support them, but, just in case, we want to make sure that with the username and password they are given, they cannot access any other resource at all, no matter what, within our organization. Even if they came into our office and plopped down onto a computer connected to our internal network, and started typing away. A SQL-based authentication source will guarantee that.

To do this, we are going to follow this resource here ( to create our authentication database (pay no attention to the fact that the content is outdated – it is not for our purposes!). If we visit that link, and scroll down to Using the SQLMemberShipProvider, and look at Step 2, we have the commands needed to configure our ASP.NET Membership Database.

aspnet_regsql.exe -E -S localhost -A -all

If you do not have aspnet_reqsql.exe in your path, it can be found in C:\Windows\Microsoft.NET\<FRAMEWORK VERSION>\<versionNumber>\aspnet_regsql.exe


This will create all of the tables needed (we might need roles, web part personalization, etc. so that is why I chose the “All” option. Information on all of the above options can be found here at the Creating the Application Services Database for SQL Server link from technet.

Once that completes, if you check SQL, you should have a new database named aspnetdb, as well as the tables.


And time to leave you hanging until Part 2… until then, stay tuned for more extranet fun in SharePoint 2010!

Helpful Resources for Troubleshooting Issues with Membership Providers in SharePoint

When configuring membership providers for Forms Based Authentication in SharePoint – you often run into some troubles. These are just a couple of links that I have found useful in the past to assist in the configuration process.

Wildcard Search for Forms Based Authentication Users in the SharePoint 2010 People Picker Not Working


The Problem

Ran into an issue today with a client. We have their site configured for mixed authentication in SharePoint 2010 – using both Windows Authentication for internal users, and Forms Based Authentication (FBA) users, using the default SQL Membership Provider. The problem was that we could wildcard search Active Directory users, but, not FBA users. Interesting. If we typed in their username exactly, it came up just fine. Otherwise, well… nothing.

I had no idea what the issue could have been, so… I did a little digging around, and was able to come up with the solution!


The Resolution

The fix, is quite easy! Thanks to this post I came across:, I had a “duh!” moment. When setting up the FBA provider originally, I seemed to have skipped a step – adding the Membership and Role providers into the PeoplePickerWildcards section of the web.config.

          <clear />
          <add key="SQL-RoleManager" value="%" />
          <add key="SQL-MembershipProvider" value="%" />

That did the trick, now both my roles and users can be searched via wildcard in the People Picker in SharePoint 2010. Hopefully this helps others out!

%d bloggers like this: