Sharepoint Extranet Setup with Forms Based Authentication

At some point in your company’s SharePoint usage, you will probably want to expand the usage of your Intranet sites to clients. Extranet deployment usually requires some additional server and license resources which can add to the expense of the Sharepoint deployment. Fortunately, SharePoint Server 2007 has the Authentication Zones feature, which allows you to setup different authentication methods for your employers and customers and minimize the additional hardware and software licenses required.

In this article we will be configuring forms based authentication with newest version of Microsoft Office SharePoint Server with Service Pack 2 on Windows Server 2008.

SharePoint authentication zones

By default, on SharePoint applications there is only one default zone configured, which corresponds to our LDAP (Active Directory) authentication mode. However, there are several other zones that can be used for authenticating site users (see screen below)

Alternate Access Mapping Collection

Alternate Access Mapping Collection

In this instance we will be configuring our Extranet zone with Forms Based Authentication, so our external users (clients/customers) would be using different credentials database. In most cases we do not want external users to have any accounts in the Active Directory as it will be a drain on resources to have an Active Directory only for these users. Therefore, in this scenario we will be using ASP .NET functionality to store user credentials in MS SQL Database.

Configure Extranet zones with users stored in a SQL Server Database

We need set the ASP .NET services engine to use a SQL Server database to store user credentials, as well as membership, profiles and the SQL Web event provider. To do this, you will need to run aspnet_regsql.exe located in theC:\Windows\Microsoft.NET\Framework\v2.0.50727 folder (or C:\Windows\Microsoft.NET\Framework64\v2.0.50727 for 64-bit OS’s).

After reading the application description in the first screen and clicking next, we then ensure that Configure SQL Server for application services is selected and click Next (see screenshot below).

Configure SQL Server for application services

Configure SQL Server for application services

Next, we enter our SQL Server credentials. This is a very useful feature because we can use the same SQL Server instance that is used for SharePoint to avoid the expense of purchasing an additional SQL Server license for external user authentication. Alternatively we could install the free SQL Server Express which is capable of handling Forms based credentials.

Select Servers And Databases

Select Servers And Databases

Next, confirm that the SQL Server credentials for ASP .NET services are correct, and click Next. By default, ASPNET_RegSQL.exe will be using the ‘aspnetdb’ database for storing user data.

Confirm your settings

Confirm your settings

Now we must configure the provider for membership, profiles and the role manager in SharePoint.

First we need to expand our Intranet site that is in the Default Zone (with default, Active Directory based Authentication). This is done in Central Administration / Create or Extend Web Application.

Central Administration Create or extend Website

Central Administration Create or extend Website

Select Extend an existing Web application and then select the web application we need to extend to external, SQL Server based users.

 Extend an existing Web application

Extend an existing Web application

The most important part of the configuration forms after you select the correct application to extend, is on the screen below.

Configuration part

Configuration part

We need to enter the external host name that will be visible from every workstation, so it’s important to have a good domain for our extranet site as it will be probably used by our clients and customers. We may also need to enable anonymous authentication, but in this scenario we won’t be using that for our Extranet site.

At the bottom of the configuration, we need to select the correct zone for our newly extended site. Here we will select Extranet.

Load Balanced URL

Load Balanced URL

Before you accept these changes, ensure that NTLM authentication is selected, which is the only supported mode for Forms Based Authentication.

Leave a Comment