Dec 18, 2008

Forms - Based Authentication

While it is possible to change a newly created SharePoint site collection to use FBA instead of Windows authentication, it is usually a better idea to extend a new Web application from an existing one and configure the new Web application for FBA, leaving the original one set to Windows authentication. There are numerous reasons for this, one being that SharePoint ’ s search uses NTLM (Windows authentication) to authenticate and crawl the site when indexing the content. In the following example, this is the model that is used.

The authentication provider model contains three different providers: membership, role, and profile . The membership provider is the one responsible for the users, including authentication. The role provider is used to determine which users are in which groups. Finally, the profile provider facilitates creating profiles for each user defined in the authentication store. These profiles can contain custom - defined properties along with the standard first and last name, among other properties.

At a minimum, a membership and role provider must be defined. The profile provider is not required, but be aware that omitting it can have adverse effects. For example, a common misperception is that FBA breaks SharePoint ’ s My Site capability. This is not true. My Sites require a profile for the user in order to tie the My Site to the user. If no profile provider is defined, SharePoint cannot create a My Site for that user, which is why many people get the impression that FBA breaks My Sites.

Please ensure the user database for form authentication is accessible.