Logo 
Search:

Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Web.Config - how to enter Multiple Forms autentication providers?

  Asked By: Jayshree    Date: Jun 03    Category: Sharepoint    Views: 3724

I am not a coder, or a dev, so this is all new to me. Please
dont laugh too hard if the error is obvious

I was able to get my SQL authentication working on my production
server. I was able to get my ADAM LDAP authentication working on my
lab server. I then tried to set up the ADAM LDAP authentication on
my production server and it doesn't work. SQL is internet
authentication and ADAM is extranet. I can go to the intranet site
and use the people picker to find my ADAM users but whenever I try to
authenticate I get the error:

The server could not sign you in. Make sure your user name and
password are correct, and then try again.

I am sure of the account naes and PWs.

I am almost sure that it is an error in my web.config file. This is
what the relevant web.config file portion looks like in my
administrative and intranet site web.config files:

<system.web>
<!--AspNetSqlMembershipProvider Provider-->
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="sec_dbConn"
minRequiredPasswordLength="3"
minRequiredNonalphanumericCharacters="0"
requiresQuestionAndAnswer="false"
applicationName="Security Application"/>

<add name="ADAMMembership"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider,
Microsoft.Office.Server,

Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server="myserver" (real server name is in here)
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="cn"
userContainer="CN=Users,OU=MOSS07,O=ADAM,C=US"
userObjectClass="user"
userFilter="(ObjectClass=user)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>


This is what the relevant web.config file portion looks like in my
ldap file:

<system.web>
<membership defaultProvider="ADAMMembership">
<providers>
<add name="ADAMMembership"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider,
Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71E9BCE111E9429C" server="my real server name is here"
port="389" useSSL="false" userDNAttribute="distinguishedName"
userNameAttribute="cn" userContainer="CN=Users,OU=MOSS07,O=ADAM,C=US"
userObjectClass="user" userFilter="(ObjectClass=user)"
scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>

What am I missing or doing wrong? PLEASE HELP! If I can get this
part configured then I will have AD, CAC, SQL and LDAP authentication
running.

One other note, everything is SSL except for this one. I didnt set
the adam up to run in SSL nor the IIS but once it hits the intranet
everything there is configured for SSL. Just wanted to add this in
case the error may be here somehow.

Share: 

 

6 Answers Found

 
Answer #1    Answered By: Amanda Brown     Answered On: Jun 03

You cannot have multiple  authentication providers  on a single web
application.

 
Answer #2    Answered By: Caleb Gordon     Answered On: Jun 03

So that means that even though they have provided the means to extend
to alternate access methods I will only be able to use either the SQL
or the LDAP but never both together? So my existing entry points -
CAC, AD and SQL, all accessed via their individual IIS frontends and
then rerouting to the central application, will be the only ways
unless I get rid of the SQL access and place the LDAP in its place?

 
Answer #3    Answered By: Anuj Lakhe     Answered On: Jun 03

You can have multiple web  apps on the same IIS frontends.

You can have multiple  web apps pointing at the same content.

So if you want to use multiple authentication  methods you create a web
app for each one and point them all at the same content. The only
"kicker" is that each web app much have a unique URL, so each
authentication mechanism will have a unique URL.

 
Answer #4    Answered By: Micheal Knight     Answered On: Jun 03

I replied but I think it didnt work  so here it is again. If this
is a repeat I apologize.

 
Answer #5    Answered By: Aditiya Kapale     Answered On: Jun 03

need to go back and take a look at your first message. I missed it
somehow. But I can tell you that I have setup LDAP authentication
for a client successfully. It does work. But let me point out
something that may be the root of your issue. For SharePoint users
that are authendticated via LDAP are NOT the same users  as the ones
authenticated via AD. When you setup LDAP authentication  you are
simply setting up Forms based Authentication using LDAP as the back
end database. The users who log in that way have no Windows
Identity. What that means is that you won't be able to login via
LDAP using a user's ID and password that was entered into the system
in the form of Domain\UserID. When you load LDAP authentication you
identify the user  via User Principal Name (email address) or SAM
account Name (NT4 UserID). UPN is the default. They are then
recognized as completely different users than the ones entered via AD.

Its a lot more work, but remember there is one other possible
solution to your problem. You could write your own custom FBA
provider that uses multiple  backend systems for Authentication. That
way you could use a single URL for entry.

 
Answer #6    Answered By: Cristopher Gould     Answered On: Jun 03

wrote in my original message that I had LDAP working  in a
single installation as the only other form of authentication  besides
AD. Condensed version of LDAP portion:

I install the ADAM, set  up everything, add user  accounts to ADAM,
give read permissions to the correct  accounts, extend an application
to it from within MOSS, set it up as extranet  access and make the
necessary web.config changes (this is where I think I am running into
my problem). There's a couple of IISresets in there as well. Then I
go to my main app and, using the people  picker, add users  (this way I
know that the application is hitting the LDAP). I then go to the
LDAP access point via its own url and the log on form pops up. Up to
that it works fine but when I put in the ADAM user's name and PW
(I've tried multiple  ones) it just wont authenticate the users....

The web.config changes I've made are in my original post if that'll
help as well as the error  message I receive when trying to
authenticate against LDAP.

 




Tagged: