Advertisements

“Sign me in automatically” in Forms Authentication

image

Now this is not just limited to SharePoint, but, since my main focus is SharePoint, this is where I come across this issue the most. When you log in with SharePoint via Forms Based Authentication, there is that little “Sign me in automatically” checkbox below the FBA login form. If you check this, you may realize that a few hours later, when you go to log back into the site, it does not seem to actually remember you at all. That is because by default, it will only remember you for 30 minutes. We can change this quite easily however… This option is controlled within your web application configuration file (web.config) on the server.

If you open this file directly, search for <authentication mode=”Forms”> under <system.web>, you will see, by default, this:

<authentication mode="Forms">
<forms loginUrl="/_login/default.aspx" />
</authentication>

You can also look in IIS as well, under the Configuration Editor feature in the Management section of the web application

image

 

If we expand system.web, and click on authentication

image

Now, the two options we want to look at in here are timeout, and sliding expiration…

image

The definitions for both of these settings are below, taken from MSDN.

When the SlidingExpiration is set to true, the time interval during which the authentication cookie is valid is reset to the expiration Timeout property value. This happens if the user browses after half of the timeout has expired. For example, if you set an expiration of 20 minutes by using sliding expiration, a user can visit the site at 2:00 PM and receive a cookie that is set to expire at 2:20 PM. The expiration is only updated if the user visits the site after 2:10 PM. If the user visits the site at 2:09 PM, the cookie is not updated because half of the expiration time has not passed. If the user then waits 12 minutes, visiting the site at 2:21 PM, the cookie will be expired. (from: http://msdn.microsoft.com/en-us/library/system.web.configuration.formsauthenticationconfiguration.slidingexpiration.aspx)

The amount of time in minutes after which the authentication expires. The default value is 30 minutes. (from: http://msdn.microsoft.com/en-us/library/system.web.configuration.formsauthenticationconfiguration.timeout.aspx)

I suggest setting this to something much higher… if your users will generally log in once a month, setting this to a couple of months, will ensure they are remembered, and with sliding expiration configured, if they log in during the 3rd month, then the system will reset the time on that cookie, remembering them for another 3 months from that date. For sites which have users logging in less often, setting this to a year will be a decent bet that this will remember them for some time. A year in minutes would be: 525600

Hopefully this helps in your configuration of FBA for SharePoint, as well as other FBA applications.

Advertisements

Speaking at SharePoint Saturday–The Conference

image

The first event of it’s kind, SharePoint Saturday – The Conference (it’s not just for Saturdays anymore! However, this will end on one…), and I am pleased to be a part of it. I’m also very excited to see that SharePoint Saturday has grown so much over the past couple of years, and now there is a full 3-day conference. SharePoint Saturdays are great ways to share your knowledge with others, learn from peers, experts, MVPs and Microsoft Certified Masters. SharePoint Saturday holds a special place for me, as that is where I got my start speaking on SharePoint, back in the beginning of 2009 at SharePoint Saturday Boston. Since then I have spoken at 11 others to date from New York to New Orleans, and have helped organize SharePoint Saturday Boston since the beginning of 2010.

Unlike usual SharePoint Saturdays however, this one is not free, but pretty close to it as far as conference fees go. The current rate is $39, which will go up to $59 soon, so if you want to save twenty bucks… register today!

I could write-up all of the information about the conference, but it has already been done on the site, so why reinvent the wheel (http://www.spstc.org/Pages/About.aspx) – the text below is a copy of that.

WHAT

A community-focused, educational event filled with sessions from respected SharePoint professionals and executives covering a wide range of technical and business topics.

WHO

Anyone who interacts with SharePoint and its related technologies: Tracks for IT Pro, Developers, End Users, Business Process Owners, the Cloud and more!

WHERE

Northern Virginia Community College

Annandale Campus, Annandale, VA

(Visit the website here.)

WHEN

Thursday, August 11 – Saturday, August 13, 2011: 8 am – 6 pm

Friday Night Attendee Event: 6 pm – 11 pm

WHY

SharePoint Saturdays are a community sponsored event with a huge following. As we take the SharePoint Saturday event to the next level, the goal remains the same: to encourage community participation and lower the barriers to learning SharePoint.

For attendees in any role (End User, IT Professional, Business Manager or Developer), this conference provides an unparalleled level of training, sharing, networking and one-to-one interaction with the SharePoint community. It’s not to be missed!

HOW

Registration Fee:

$39 Early Bird (until August 7, 2011)

$59 for Regular & Walk-Ins

(discounts available for groups of 10 or more)

And there are some FAQ’s on the conference about page as well… http://www.spstc.org/Pages/About.aspx

I will be presenting 3 sessions there, so please drop in to one and say hello if you go!

 

9 Ways to Become a (SharePoint) Rock Star

Co-Presented with Christian Buckley

Session Level: 100

Session Type: End User

So you want to become a rock star? We’re talking actual rock star – not a metaphor for “finding stardom” at your company, but that little “band thing” you do on the side after putting in your 9-to-5 each day.
In this session, we will lead you on a fun and adventurous journey where you can not only learn SharePoint, but springboard into that life of fame and rock stardom that you’ve been dreaming of, using the tools at your disposal during the daily grind. If, by chance, your wildest dreams of becoming a rock star do not come to fruition, you can be rest assured that you can apply what you learn in this session to become a SharePoint rock star. Because its always good to have a backup plan.

 

Just Freakin’ Work! Overcoming Hurdles and Avoiding Pain in SharePoint Custom Development

Co-Presented with Mark Rackley

Session Level: 200

Session Type: IT Pro / Developer

“Why am I getting a security error??” “Why does my code work sometimes, but not others?” “I wonder if McDonalds is hiring.” Writing custom code in SharePoint opens up unlimited possibilities but also throws many hurdles in your way that will slow you down if you don’t take them into account. So, before giving up and searching for careers in the fast food industry, equip yourself with the knowledge you need to succeed in writing custom code for SharePoint.
Attendees will learn:
1. Commonly used methods to improve functionality and performance
2. Best practices for disposing of SP Objects
3. How to avoid common issues when writing custom code for SharePoint
PREREQUISITES: Developers need to have a basic knowledge of SharePoint, know C# and be comfortable in Visual Studio.

 

Planning and Configuring Extranets in SharePoint 2010

Session Level: 300

Session Type: IT Pro / Admin

Most companies, large or small, require contact and collaboration with external entities, whether they are vendors, clients, or contractors. SharePoint gives us the ability to open up portals for collaboration with these external entities – this session will show you how to accomplish this using SharePoint 2010.
We will review what is required to make SharePoint “open” to the external world, discuss scenarios regarding security and privacy, as well as walk through configuring Forms Based Authentication, Claims Based Authentication, as well as using Business Connectivity Services in SharePoint 2010, to authenticate, and manage our external users.
Once completing this session, you should have a firm grasp on how to configure an extranet environment using SharePoint 2010, as well as what should be considered during the planning of your extranet scenarios.

Speaking at SharePoint Saturday New York on 7/30/11

I am pleased to announce (a bit belated) that I will be presenting at the next SharePoint Saturday New York on July 30th, 2011.  I will be presenting Planning and Configuring Extranets in SharePoint 2010.

Most companies, large or small, require contact and collaboration with external entities, whether they are vendors, clients, or contractors. SharePoint gives us the ability to open up portals for collaboration with these external entities – this session will show you how to accomplish this using SharePoint 2010.

We will review what is required to make SharePoint “open” to the external world, discuss scenarios regarding security and privacy, as well as walk through configuring Forms Based Authentication, Claims Based Authentication, as well as using Business Connectivity Services in SharePoint 2010, to authenticate, and manage our external users.

Once completing this session, you should have a firm grasp on how to configure an extranet environment using SharePoint 2010, as well as what should be considered during the planning of your extranet scenarios.

SharePoint Saturday New York is one of the great SharePoint Saturday events – put on by some great people – Becky Isserman (@MossLover), Jason Gallicchio (@PrincetonSUG), Greg Hurlman (@ghurlman), with Tasha Scott (@TashasEv) coordinating volunteer efforts.

For more information on my session, check out my blog series on the matter here:

Planning and Configuring Extranets in SharePoint 2010–Part 1

Planning and Configuring Extranets in SharePoint 2010–Part 2

Planning and Configuring Extranets in SharePoint 2010-Part 3 “The Environment”

 

I hope to see you in New York! Oh, and by the way, registration is now open! Sign up today as space IS limited! SharePoint Saturday New York

Planning and Configuring Extranets in SharePoint 2010-Part 3 “The Environment”

I know quite a few people have been waiting for this post. In this post we’ll cover the environment itself, which I have made mention of in Part 1 of this series, and went through more of the configuration in during Part 2. I even made mention of it during my session at SharePoint Saturday Boston on the same subject. I have been extremely busy over the past two weeks with work, and finally had a chance today to finally put the finish touches and testing on the environment, and it is now ready for release.

extranets_csI would like to thank the folks over at CloudShare for making this possible. If you are not familiar with them – well, they say it better than I can

“CloudShare makes it easy to build, manage and share any business application instantly and on-demand, in the cloud. Used by individual business and IT professionals, developers, consultants, teams and enterprises, CloudShare offers complete and easy cloud solutions for development and testing, migration, training, demos and proofs of concept. Its latest product, CloudShare ProPlus, enables users to quickly build SharePoint environments and access preconfigured production-grade SharePoint farms – no physical servers, installs, recoding or software licensing of any kind.“

So, what they have allowed me to do, is build up a demonstration environment, using CloudShare ProPlus, and using the SharePoint and Office 2010 Information Worker Virtual Image from Microsoft as a base (actual environment setup took about 5 minutes to do – and then it was just a simple matter of configuration. Then, after taking a snapshot of that environment, I can now share that environment out. Each and every person that uses the link will have their very own copy to use. Using the link provided below you will be required to register for CloudShare Pro Plus, as a 14-day trial account, which you can play around with the image as much as you want. If you like what you see, you can keep that going, even dumping this environment and creating your own, for just $49/month. You can then share out your environments with other if you’d like. This is really one of the best cloud SaaS solutions I’ve seen on the market to date.

So, with that – have at it!

[UPDATED – NEW LINK AS OF 9.25.11] http://go.gvaro.net/ExtranetsVM3

If you have any questions or comments, please let me know in the comments below.

More posts to come within this series as well!

Planning and Configuring Extranets in SharePoint 2010–Part 2

extranetIn Part 1 of this series, we walked through creating of the actual databases for managing our FBA users, as well as the general scope of this blog series. Today, we are going to focus on the configuration of SharePoint [insert crowd roar here]. Ok, ok, I know you are excited, this however, is the hardest part IMHO, so, please pay attention, and try to color inside the lines to the best of your ability while we are following this exercise.

 

Membership and Role Providers

First, let us do a quick definition of what these are.

Membership Providers are the authentication sources for applications. A provider can be a number of back ends (LDAP, SQL, 3rd party application, or a custom membership provider). In our specific case here, we are using SQL, specifically, the ASP.NET Membership Database. If you look at the tables we created in Part 1, you can see how this provider stores a username, password, and other information about the user. Just like active directory, it can hold information about a user, and also be used for authentication.

Role Managers are similar to membership providers, however, these are more like groups in Active Directory. A person in the membership provider can belong to a number of different roles, or groups. We will be configuring these as well.

So, hopefully the brief introduction to these terms above is enough to make sense, so we can move onto our next bit.

At this point, they do not need to have a name. We can name them whatever we’d like to. So, we will use:

  • Membership Provider: SQL-MembershipProvider
  • Role Manager: SQL-RoleManager

 

Extending our Web Application with Claims Based Authentication

Now that we have our database up and running, we need to extend our web application in SharePoint 2010, so that we can create an FBA-Only authentication portal, for our partners at Contoso to access.

To do so, we need to enable Claims Based Authentication on our site, because it is already created, we need to enable our existing site to be “Claims aware”.

Note: a great blog on configuring Claims Based Authentication can be found here: http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx] I’ve relied heavily on that article in the past, so you will see a lot of the same information in this article as you will see in my reference above. This is not a swipe of that article, it is more of a homage 🙂

 

Extending the Web Application and Enabling Claims Authentication

To do so, go into Central Administration.

In Central Administration, go to Application Management > Manage web applications, and click on the site you would like to extend. In this example, I will be using the Intranet site within the SharePoint 2010 Information Worker demo image. Click on that site

image

And then click on Extend up in the Ribbon.

image

Now, time to configure the extended site. Give it a name, port, etc. (If you give it a DNS name, make sure you add in a DNS entry!)

image

image

Then select the Extranet zone. This doesn’t do anything but classify the extended web application, and allow us to modify the authentication methods used. Then click OK.

Now, once we have done that, you will notice, if you keep the web application selected in the list, click on Authentication Providers in the Ribbon, and then click on Extranet

image

You will notice that we cannot change the authentication type from Windows to Forms.

image

Don’t worry, we have a fix for that. To convert the web application from Classic Authentication to Claims Based Authentication, open up the SharePoint 2010 Administration Console (PowerShell – as an administrator)

image

   1: $webApp = Get-SPWebApplication http://extranet

   2: $webApp.UseClaimsAuthentication = "true"

   3: $webApp.Update()

This will enable Claims authentication on our web application.

Now if we click on Authentication Providers on the ribbon again, you can see that they now show up as Claims Based Authentication

image

Click on the Extranet again, you will now see that we can change the authentication type for this web application. If you want to have both AD users as well as FBA users to be access the same portal with their respective accounts, go ahead and check both Enable Windows Authentication as well as Enable Forms Based Authentication. Remember how I listed the Membership Provider and the Role Manager at the beginning of this article? Now is when I make use of those.

image

Note:  If you want to create a custom login page, you can specify that option from here (right below the Claims Authentication Types section). Maybe in an addendum to this article down the road I will write a quick post on how to do that. It’s easy, but, this article is more IT Pro/Admin focused, so we’ll skip that for now 🙂

Now go to the bottom and click on Save.  SharePoint will deal with the configuration of this web application.

 

Extranet Web Application Configuration

Our next item of concern is the configuration for the extranet. We need to re-configure the web.config settings for this extended web application. To do so, open the web.config file for the extranet web application, in my example, it is located at (C:\inetpub\wwwroot\wss\VirtualDirectories\extranet80\web.config)

Search for </SharePoint>, which should appear right before <system.web>, and insert the following code, after </SharePoint>, and before <system.web>.

   1: <connectionStrings> 

   2:   <add name="SQLConnectionString" connectionString="data source=DEMO2010A;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> 

   3: </connectionStrings>

And where the two highlighted bits are above, insert your SQL server name, and FBA database name respectively. (see Part 1 for creating this database).

Once that is complete, locate the end of the </system.web>, mentioned above, where we just put the connectionStrings information above. It will be right above </system.webServer>. there are many other system.web declarations within this file, so be sure to use the right one. You should see tags in the XML for membership and rolemanager there.

We will leave these AS-IS! No need to modify those lines. Now, we need to add the following code within the <providers> and </providers> tags within the <membership> element, as directed in the image below

image

   1: <add connectionStringName="SQLConnectionString" 

   2: passwordAttemptWindow="5" 

   3: enablePasswordRetrieval="true" 

   4: enablePasswordReset="true" 

   5: requiresQuestionAndAnswer="true" 

   6: applicationName="/" 

   7: requiresUniqueEmail="true" 

   8: passwordFormat="Hashed" 

   9: description="Stores and Retrieves membership data from SQL Server" 

  10: name="SQL-MembershipProvider" 

  11: type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

Make sure that the connectionStringName and name attributes match the connection string we used above, as well as the membership provider name we used in SharePoint respectively.

Next, the piece of xml we are going to use will fit in between the <providers> and </providers> tags within the <roleManager> element, as directed in the image below

image

   1: <add connectionStringName="SQLConnectionString" 

   2: applicationName="/" 

   3: description="Stores and retrieves roles from SQL Server" 

   4: name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

again, making sure that the connectionStringname and name attributes match the connection string we used above, as well as the role manager name we used in SharePoint respectively.

Then save the web.config file.

Central Administration Web Application Configuration

We now need to modify the Central Administration web.config file as well. In our example here, our Central Admin web.config file is located at: C:\inetpub\wwwroot\wss\VirtualDirectories\44535\web.config

We will be editing in the same places within the config file that we did for our extranet web application above, but with just a few slight changes.

So, first, locate the closing </SharePoint> tag, and the opening <system.web>. Just as we did above, we are going to paste in our connection strings here.

   1: <connectionStrings> 

   2:   <add name="SQLConnectionString" connectionString="data source=DEMO2010A;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> 

   3: </connectionStrings> 

And next, as you may have guessed, just before we close out the </system.web> tag in this web.config, we need to put in our membership provider and role information. This is slightly different from the one we used for the extranet web.config above, notice the default membership provider. Don’t change this – leave this as-is. It is NOT a typo.

   1: <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="false"> 

   2:   <providers> 

   3:     <add connectionStringName="SQLConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

   4:   </providers> 

   5: </roleManager> 

   6: <membership defaultProvider="SQL-MembershipProvider"> 

   7:   <providers> 

   8:     <add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

   9:   </providers> 

  10: </membership> 

 

Security Token Web Service Application Configuration

Last, but certainly not least, we must also update the web.config for the SecurityToken service.

Within your SharePoint Root folder, under WebServices\SecurityToken (generally found at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken), you will find another web.config file. Before the end <configuration> </configuration> section, add in the following… again, tailored to your configuration which we have specified above.

   1: <connectionStrings> 

   2:     <add name="SQL-ConnectionString" connectionString="data source=DEMO2010A;Integrated Security=SSPI;Initial Catalog=aspnetdb" /> 

   3: </connectionStrings> 

   4: <system.web> 

   5:     <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> 

   6:         <providers> 

   7:             <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> 

   8:             <add connectionStringName="SQL-ConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

   9:         </providers> 

  10:     </roleManager> 

  11:     <membership defaultProvider="i"> 

  12:         <providers> 

  13:             <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> 

  14:             <add connectionStringName="SQL-ConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 

  15:         </providers> 

  16:     </membership> 

  17: </system.web>

Once you do that, it would be healthy to restart IIS as well (just humor me on this one, while not required, as changes to the web.config will cause the application pools to recycle, I’ve seen issues where a reset to IIS has been known to do good).

And lastly, once you visit your site, you should get one of these nice choice boxes:

 

image

You should be configured, and ready to roll!

Now stay tuned for Part 3… get access to this test environment!

Planning and Configuring Extranets in SharePoint 2010–Part 1

extranetFor my SharePoint Saturday Boston session on April 9th, I will be delivering a presentation on Planning and Configuring Extranets in SharePoint 2010. As I am building up my virtual environment for this presentation, I thought I would also write a blog series on the subject. The abstract for the session is below, and, if you can make it to SharePoint Saturday Boston, I hope you’ll come and see the presentation.

Most companies, large or small, require contact and collaboration with external entities, whether they are vendors, clients, or contractors. SharePoint gives us the ability to open up portals for collaboration with these external entities – this session will show you how to accomplish this using SharePoint 2010.

We will review what is required to make SharePoint “open” to the external world, discuss scenarios regarding security and privacy, as well as walk through configuring Forms Based Authentication, Claims Based Authentication, as well as using Business Connectivity Services in SharePoint 2010, to authenticate, and manage our external users.

Once completing this session, you should have a firm grasp on how to configure an extranet environment using SharePoint 2010, as well as what should be considered during the planning of your extranet scenarios.

At the conclusion of this series, as well as after the presentation at SPS Boston, I will include my slide deck here, as well as links to the actual virtual environment I am creating for this via cloudshare, as well as follow-up answers to questions asked during the session. I am using this to build up the shareable version of my presentation, because, it doesn’t use any local resources, I can access it from anywhere, and, I can share it with an unlimited amount of people, and I can update it from time to time.

So, let’s get started. To give some background on what we are going to be accomplishing here as our end game – we are going to configure the SharePoint 2010 Information Worker image with FBA, using the ASP.NET membership database as our backend. As well as using some built-in and home-grown tools to manage those users.

So now, really this time, lets get started… oh wait, before I do, notice the two images that start off this blog post? get it? an “extra net”, hah! Wow, did I strike a funny bone on that one.

Ok, I am seriously serious about moving forward on this. Let’s go.

Creating the ASP.NET Membership Database

So, first, we will need to be able to authenticate users. In the imaginary (but none-the-less exciting!) extranet planning that took place for Contoso, we decided we wanted to not have our external users, our partners, to have Active Directory accounts. Sure, we can secure AD users, and create a sub-domain to support them, but, just in case, we want to make sure that with the username and password they are given, they cannot access any other resource at all, no matter what, within our organization. Even if they came into our office and plopped down onto a computer connected to our internal network, and started typing away. A SQL-based authentication source will guarantee that.

To do this, we are going to follow this resource here (http://go.gvaro.net/AN2Mbr) to create our authentication database (pay no attention to the fact that the content is outdated – it is not for our purposes!). If we visit that link, and scroll down to Using the SQLMemberShipProvider, and look at Step 2, we have the commands needed to configure our ASP.NET Membership Database.

aspnet_regsql.exe -E -S localhost -A -all

If you do not have aspnet_reqsql.exe in your path, it can be found in C:\Windows\Microsoft.NET\<FRAMEWORK VERSION>\<versionNumber>\aspnet_regsql.exe

image

This will create all of the tables needed (we might need roles, web part personalization, etc. so that is why I chose the “All” option. Information on all of the above options can be found here at the Creating the Application Services Database for SQL Server link from technet.

Once that completes, if you check SQL, you should have a new database named aspnetdb, as well as the tables.

image

And time to leave you hanging until Part 2… until then, stay tuned for more extranet fun in SharePoint 2010!

%d bloggers like this: