Setting up Forms Based Authentication for Active Directory
Part 1 – Settings
- The LDAP Path used for Active Directory
- The name to use for the AD Connection
- The name to use for the Membership Provider
The LDAP Path
The AD Connection
The Membership Provider
Part 2 – Setting up the Security Token Service
Note that in these entries, the “AD Connection” name (adconn) and the “Membership Provider” name (admembers) are specified. Visually in the file, this should look like this:
In addition, there MAY ALREADY be a <system.web> section - in this case, place the place the <membership defaultProvider="admembers"> entry just before the </system.web> tag after the last </membership> tag in the file.
Part 3 – Setting up Central Administration
NOTE: If other sites have different kinds of authentication (FBA, etc.), there MAY ALREADY be <connectionStrings> section - if so, ONLY add the <add name="adconn" INSIDE the section - for example:
NOTE: If other sites have different kinds of authentication, there may ALREADY BE providers listed in the <providers> section, if that is the case, you ONLY want to add the provider entry above the </providers> tag:
Be aware that the name indicated by the "defaultProvider" may be set - you should leave this 'as is' OR if 'admembers' will be the default, change it.
Depending on the setup, an error may redirect to the default SharePoint error page thus masking what the real issue may be. To properly ‘debug’ the issue it is necessary to enable debugging in SharePoint. In the SharePoint Hive (usually c:\program files\common files\microsoft shared\web server extensions\14, but the installation may be different), open that folder and locate and open the TEMPLATE folder then the LAYOUTS folder. In this folder, there is also a web.config file. Edit this file and locate the <customErrors tag and change the mode from “On” to “Off”:
MAKE SURE YOU UNDO THIS IN A PRODUCTION ENVIRONMENT!
Part 4 – Setting up the Site
Creating the new Application – Part 1
Note: Setting authentication is not necessary as 2013 defaults to Claims.
On the New Application page, select Claims Based Authentication then set the Port number the site will run under (set the number then click outside of the box). If desired, specify a different name than the default:
Creating the new Application – Part 2
Creating the new Application – Part 3
Updating the Web.confg –Part 1
Visually in the file, this should look like this: