blog community
Portals & Integration blog » Step-by-Step guide, installing AD Provider on WSS v3
Step-by-Step guide, installing AD Provider on WSS v3

During the Sharepoint development courses I often get the question how to use Forms Authentication. There are a lot of walkthroughs available on the net telling you how to use FA combined with a SQL Server DB, but it's also possible to do FA against your own Active Directory.

This blogpost described just how you would accomplish such a thing. For those of you who have a demo installation like I described in the setup post (click here), this is also build using the same installation.

Step 1: Change web.config for Central Administration

Add between </authorization> and <httpModules> the following tags: 

<membership>
    <providers>
    <add name="ADProvider" 
    type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web, 
    Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" 
    connectionStringName="ADServices" />
    </providers>
</membership>

Add between the </system.web> and <runtime> the following tags: 

<connectionStrings> 
    <add connectionString="LDAP://bartg03_moss.moss.contoso.com/OU=contoso users,
		DC=moss,DC=contoso,DC=com" name="ADServices" /> 
</connectionStrings>

This contains the LDAP connectionstring where the users are stored

  • Start Central Administration, Browse to the Application Management page.
  • Click on ‘Authentication providers’
  • Select the Web Application which needs to be AD provider enabled
  • Click on ‘Default’
  • Select ‘Forms’ as Authentication type
  • Type ‘ADProvider’ as Authentication Provider (Case sensitive!!)

  • Set Enable Client Integration to ‘No’ (client integration only works with Windows authentication’
  • Select ‘Save’
  • Select ‘Site Collection Administrators’ from the ‘Application management’ tab on Central Administration
  • Select the AD Provider enabled web application and add a new site administrator here.
  • Open the web.config file from the Web Application which needs to be AD provider enabled
  • Add between </authorization> and <httpModules> the following tags:

 

<membership defaultProvider="ADProvider">
    <providers>
        <add name="ADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADServices" />
    </providers>
</membership>

Add between the </system.web> and <runtime> the following tags: 
<connectionStrings> 
<add connectionString="LDAP://bartg03_moss.moss.contoso.com/OU=contoso users,DC=moss,
DC=contoso,DC=com" name="ADServices" /> 
</connectionStrings>

This contains the LDAP connectionstring where the users are stored

Last step:

Log on to the AD provided web application using your AD Credentials.

You can set up a lot more information using the ActiveDirectoryMembershipProvider, check http://msdn2.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx for more information.

Posted 07-05-2007 10:09 by Bart Gunneman
Filed under: , ,

Comments

" + title + " wrote " + title + "
on 08-05-2007 10:19
Oskar Austegard wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 11-05-2007 18:04

Interesting - but why?  Under what scenario would you want to use forms auth (and not NTLM/Kerberos) against AD?  Curious....

Bart Gunneman wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 11-05-2007 21:01

why? Well, we use WSS in a hosted environment. This means multiple clients on the same AD. We would like to have our clients log on by using there SPN adress instead of the usual acocuntname. This way, you can.

And by using the AD Provider, I can specifically target a single OU or container in the AD to authenticate against per Web Application.

Hope this clarifies it a bit.

Barend wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 19-10-2007 12:34

I have 2 problems. One is that when I add the membership part to the web.config my SharePoint Services v3 site gives an error. The second is I'm not sure how I fill the LDAP connection string exactly.

When I remove the <membership> part from the web.config of my site where I want forms authentication I can see the loginform.

Any idea?

Bart Gunneman wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 19-10-2007 12:38

Barend,

The web.config file is case sensitive so make sure it is absolutely the same. Also, copy-pasting directly from a web-page could lead to incorrect characters inserted in the web.config. First, paste it into notepad, from there copy-paste it into the web.config.

I cannot help you with your second problem, this LDAP string is different for each AD. Mine looks like this:

LDAP://bartg03_moss.moss.contoso.com/OU=TESTUSERS,DC=MOSS,DC=CONTOSO,DC=COM

Good luck!

Bart

Indranil wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 19-11-2007 8:32

Thanks, it really helps to find out exact error

Sharepoint user wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 29-01-2008 22:16

Thank you for this article.

For me everything works fine.

I was able to add users from AD to my sharepoint group,

but I was not able to find AD group even it is inside users directory.

EJ wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 02-02-2008 6:21

Bart,

Thanks for putting this together! I have been looking for detailed instructions on how to setup FBA with AD membership provider.

I am running into an error when trying to add a site collection administrator. The people picker cannot seem to find any users.

Any help would be greatly appreciated!

Thanks,

EJ

Robby wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 06-02-2008 18:35

Hello, I have been able to successfully hook up the ActiveDirectoryMembershipProvider and my site successfully uses forms authentication.  However, I cannot find out how to add security groups to my sharepoint groups.  I can add AD users all day long, but it never sees security groups.  How do I add security groups?

Thanks a ton,

Robby

Sharepoint user wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 07-02-2008 18:53

Hi Robby

I was having same problem.

If you find the solution please post here.

I will do the same.

Thanks

shekhar wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 25-02-2008 10:21

I am sucessfully able to configure form based authentication with active doirectory using LDAP , but my site link doen't come up when i logged in into the webapplication with form based authentication using AD users.

hotman wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 27-02-2008 13:38

I am sucessfully able to configure form based authentication with active doirectory using LDAP , but my site link doen't come up when i logged in into the webapplication with form based authentication using AD users

Mat wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 18-06-2008 15:14

Hi, just a follow-up to a couple of the requests above. I have also managed to get FBA working with the AD provider, but I also need to access security groups.

I've tried adding a roleManager using the Windows ASP provider, but that doesn't work.

Any ideas?

george mathews wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 05-11-2008 13:53

hi...

I'm not sure how I fill the LDAP connection string exactly.

can someone describe what exactly each field is? what should be entered here::::

LDAP://bartg03_moss.moss.contoso.com/OU=TESTUSERS,DC=MOSS,DC=CONTOSO,DC=COM

supposing i use an ip instead of a site name, what should be my OU,DC???

someone kindly help me out.

Thanx.

Bart Gunneman wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 05-11-2008 14:06

Hi George,

an LDAP connection is set up like: LDAP://<machinename>/<Active directory structure> so you should have a look in your Active Directory to determin which OU, DC you should use.

Regards,

Bart

george mathews wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 05-11-2008 17:40

Thanx a lot Bart.

Will ask you if i face any other problem.

george mathews wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 06-11-2008 12:10

hi...

Inside Policy for web application, i need to add users. so, when I click on browse directory icon, i need to enter the user names which i need to add right?

what is the format in which i need enter the user name?

is it anything like            membershipprovidername:username    or    just the username or is there anything else?

kindly help me out.

thanx.

Emma wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 13-02-2009 0:18

George, you can just type the username, it should show two users

One being <membershipprovidername: username>;

the other being <domain\username>

Per Ekstedt wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 28-04-2009 16:01

Your article is very helpful, thank you!

But, i also have a question.

Can I use this scenario to set up a connection to a differnt AD, not trusted to the AD hosting my WSS portal. If I choose to have an authentication provider for the main portal (read Windows) and then extend that webapplication and let the new extended application use the custom LDAP connection pointing to another AD that is not trusted with the first one.

Then I have users that can authenticate against the portal from to AD's note connected at all. Is it possible do you think?

If true this way of doing this is more than helpful!

/Per

Saqib wrote re: Step-by-Step guide, installing AD Provider on WSS v3
on 07-09-2009 23:43

Hi,

Can you add AD groups to WSS when using ActiveDirectoryMembershipProvider?

Best Regards!

Add a Comment

(required)  
(optional)
(required)  
Remember Me?
Enter code (required)
Powered by Community Server (Commercial Edition), by Telligent Systems