Search This Blog

Sunday, March 1, 2009

Configuring Forms Authentication on Windows 2008

Since Win 2008 has IIS 7, Forms authentication can be done without opening the configuration file (web.config) , unlike in the previous version.

Forms authentications is common sceneario for Internet or Extranet scenerio
where external user need to login, possibly to view some premium content which is available only after login.

Here are the steps:
a) Create a site with Non port 80 (say port 20000 or any free port your server). This will be a site with NTLM and Anonymous access enabled. This will be set with the default zone (very important **).

b) Extend the above site at port 80, give it a Host Name say
For right now, this iste is also is a NTLM site with anonymous access enabled.

c) Create the DNS host entries for on your DNS server.
(For temporary workaround and testing you may create c:\windows\system32\etc\drivers\etc\HOSTS file entry. Do not forget to remove this entry)

e) Run ASPNet_RegSQL.exe command from command prompt (from c:\Windows\Microsoft .Net\Framework\2.XXX\..) to create a SQL Server database.
This is assuming your SQL server is already installed on a Separate Server (could be same server also for a Development environment). Let's say the database you created was called MembershipDB.

f) Open IIS 7.0 and select

Create a new ConnectionString say MyConnectionString and the database to to Membership DB above
and Server to the name of the server where DB is created.

g) Double click the Providers option from the right.
g1) From the drop down on the top: Select .Net Roles (or possibly it is already
selected as the default). Click Add from the Actions pane on the right.

Change the Connection string to one aleady created in earlier step.

h) Similary create MyMembershipProvider using type SqlMembershipProvider

i) For Central Admin to be able to add users -
Add a new Connection string - say the same name - MyConnectionString and point to the same Membership database.
j) Create a new provider using WindowsTokenRoleProvider using MyConnectionString

Please note that all the providers and connection string we are adding are automatiocally changing the web.config file. So go ahead and open web.config file of your FBA site and Central admin site. You will these entries have been added by using the above GUI. Ofcourse you can add these directly to web.config also but the above method provides UI for it making it easy and less syntax error prone.


No comments: