Here is the scenario. You have a wonderful intranet site going and you’d like to share it with the outside world. You do NOT want this externally facing site using your AD, so you decide to use forms authentication for your external access. Also, you need SSL set up for the external site since you’d rather not broadcast unencrypted content across the web.

1.       Configure your SQL forms authentication DB

a.       Determine you access methods for the forms auth DB (Integrated is the suggested way to go here)

b.      Create your forms Authentication database on your SQL box

                                                                           i.      Just make sure you name it something intelligent

c.       The preferred way to run the following command is from a machine with Visual Studio. However, if you do not have VS you can find the exe for this call in the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727  folder.

                                                                           i.      Run the aspnet_regsql.exe command to create the forms auth table structure and SPs

1.       Run down on all commands for this utility http://msdn2.microsoft.com/en-us/library/x28wfk74.aspx

2.       Aspnet_regsql.exe  –E  -S <servername> -d <database name> -A all

d.      Adding the first user(s)

                                                                           i.      Add your first user via SQL Server Management Studio by calling the following SP:

declare @now datetime      

set @now= GETDATE()

exec aspnet_Membership_CreateUser 'appName', 'userid','password','','email@somewhere.com','','',1,@now,@now,0,0,null

                                                                         ii.      http://msdn2.microsoft.com/en-us/library/aa478949.aspx more info on these scripts

e.      Adding users/role via web app

                                                                           i.      In VS.Net 05 Create a new web app

                                                                         ii.      Add connection strings to your authentication DB within the configuration tabs of your web config

1.       <system.web>

    <compilation debug=”false”/>

   <authentication = “forms” />

</system.web>

<connectionStrings>

 <add name=”MyFormsAuthServer” connectionString=”server=servername;database=authDBName;integratedsecurity=SSPI” />

</connectionStrings>

                                            I.            From within Visual Studio à Project Menu à ASP.Net Configuration

                                          II.            On the web form that pops up, use the UI to create your users and roles

                                        III.            Now onto the REAL FUN!

2.       Extending the forma authentication web app 

                                            I.            Open the MOSS Central Admin console. In Application Management, Create or Extend Web Application à Extend Existing Web Application.

1.       Make sure the internal web application that you want to expose is selected

2.        Set the web app name and port approrpriately

Note: Take some forethought in the name and ports you use. With some planning you can use these to make life easier or make your IIS and MOSS admin consoles a mess.

3.       Set allow anonymous to “yes”

4.       Choose the correct Zone (probably extranet or Internet), do not choose default.

5.       Click “ok”

                                          II.            Now that your site is extended into the new zone, in the MOSS central admin console click the Authentication providers link in the Application security section

3.       Add the forms authentication provider to web app web config

                                       i.                  Navigate to the web config for your extended site (created in step 2.)

                                     ii.                  Just after the configsections section insert the connection string for your forms authentication provider.

<connectionStrings>

    <add name="ConnectionString" connectionString="server=serverName ;database=FormsAuthDBName;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />

 </connectionStrings>

                                    iii.                  Now scroll down to the system.web section and add the following sections:

<membership defaultProvider="AcAspNetSqlMembershipProvider">

      <providers>

 <add name="AcAspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"  connectionStringName="ConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"  maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>

      </providers>

    </membership>

    <!-- role provider -->

    <roleManager enabled="true" defaultProvider="AcAspNetSqlRoleProvider">

      <providers>

 <add name="AcAspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ConnectionString" applicationName="/" />

      </providers>

    </roleManager>

                                                                       iv.      Now repeat the same steps on the web config within your MOSS Central administration console, with one exception. The “defaultProvider” will need to be changed in the Cental Admin web config to “AspNetWindowsTokenRoleProvider.” If you do not do this, your central administration will no longer allow you to authenticate.

                                                                         v.      If after doing this, your Central admin site crashes when you try to bring it up.

1.       Check the make sure your changes are properly formed in the web config.

2.       Check your connection string and make sure it is valid

3.       Enable full “ugly” error messages on your central admin web application. This will give you the full text of whatever error was made in the config changes. (9 times out of ten there is something with the connection to the DB).

4.       Configure forms authentication on your extended site

                                                                       I.               You should see the zone you extended your web app listed, click on it

                                                                     II.               Select your authentication type

                                                                   III.               Check the “enable anonymous access”

                                                                   IV.               Click OK

5.       Set forms authentication user as secondary site administrator

                                                         i.      From within the SharePoint central administration console à  application management section à click Site Collection administrators.

                                                       ii.      Make sure your site collection is selected. You will note the one on the port that was extended and assigned extranet zone is NOT listed in the listing. It is for lack of a better term, a second window into the one it was extended from. So we are making the administrator settings on the one we extended.

                                                      iii.      Add your forms authentication user to the secondary site administrator column.

1.       This will allow this user to access the site via forms auth and add in the other forms authentication users.

2.       If the site cannot resolve the forms auth username in the secondary site administrator then you have not properly modified the Central administration site web.config

6.       Additional Notes

                                                  I.            When trying to add forms auth users to your form auth site, you will need to log into the forms auth site. The integrated site knows nothing about those users as it does not have the forms auth provider info in its web config.

                                                II.            When configuring SSL for these sites, you will want to take care to look into alternate access mappings. I have seen this create a serious issue. Basically, if you set this up, then apply SSL, and suddenly your forms auth site tries to resolve to your integrate security site as soon as your users enter their credentials, you will need to work on your alternate access mappings.

                                              III.            It is likely your folks using Forms auth will have issues saving and checking out documents on your portal. You will fix this with a combination of enabling client integration in the extranet zone for the FBA provider and checking the  “Sign me in automatically” box on the login page.  

MOSS Link/Book Directory

                I am finding frequent cause to share these with lots of folks on a continuous basis. So I thought I would focus this entry on the best links I have around MOSS and some common items I have had to look up.   This is not the full list I have but it is some of the best most common ones I hit. I will continually update this post to try to keep it up to date as I am adding new links and books as I hit them.

Links

1.       Developing a MOSS 2007 VPC 

http://www.pptspaces.com/sharepointreporterblog/Lists/Posts/Post.aspx?List=7537e639%2Db4e5%2D48b6%2D97c0%2Da75e44ee9be3&ID=28

-          Absolutely the best walkthrough I have ever seen on creating a MOSS VPC.

2.       Integrating MS AJAX with MOSS

-          http://sharepoint.microsoft.com/blogs/mike/Lists/Posts/Post.aspx?ID=3

-          http://weblogs.asp.net/jan/archive/2007/02/26/using-the-ajax-control-toolkit-in-sharepoint.aspx

-          Excellent walkthrough of some of the issues you will encounter with utilizing AJAX within a MOSS portal. This technology is awesome for getting your web parts to post back separately from the entire site.

3.       Debugging WSS 3.0 errors

-          http://blog.thekid.me.uk/archive/2007/02/15/a-solution-to-quot-an-unexpected-error-has-occurred-quot-in-wss-v3.aspx

-          Unless you are perfect, you will run into the “An unexpected error has occurred” message from WSS 3.0 (especially if you are playing with custom web parts). Since this error usually gets you absolutely nowhere, the solution to get more info is to push in what this guys suggests. Your MOSS/WSS 3.0 site will give you standard Asp.Net error messages (note:  I hope I do not have to remind every how BAD this would be to do on a production server).

4.       Managing Sites and Site Collections

-          http://office.microsoft.com/en-us/sharepointserver/HA101577811033.aspx

-          Good abbreviated walkthrough on planning your site and site collection layouts

5.       Mapping CMS 2002 API’s to MOSS

-          http://msdn2.microsoft.com/en-us/library/aa480228.aspx

-          For those of you who need to run your CMS 2002 into MOSS, this could prove helpful

6.       MS CMS Assessment tool download

-          http://www.microsoft.com/downloads/details.aspx?FamilyId=360D0E83-FA70-4C24-BCD6-426CAFBCC627&displaylang=en

7.       Sharepoint upgrade site

-          http://www.sharepointupgrade.com/default.aspx

-          Good landing page for getting information on your upgrade planning and process.

8.       WSS 2.0 Prescan tool information

-          http://blogs.msdn.com/joelo/archive/2007/04/13/don-t-be-afraid-of-prescan-part-1.aspx

-          http://blogs.msdn.com/joelo/archive/2007/05/01/your-friend-prescan-what-it-does-part-2.aspx

-          I hit this guys site a LOT when first using PreScan.exe. he provides a lot of good detailed info on what it does and how to manage some common issues with it.

9.       Developing Custom Web parts in MOSS

-          http://www.datasprings.com/default.aspx?tabid=775

-          Very simple run through on developing a custom web part gives you a good start.

10.   MOSS branding – generating a feature

-          http://www.heathersolomon.com/blog/articles/servermstpageforsitecollect_feature.aspx

-          Great chunk of info on master page branding and a path for pushing them into a feature to be easily deployed to production MOSS servers.

11.   Creating BDC Entities

-          http://msdn2.microsoft.com/en-us/library/bb410048.aspx

-          From MS’ How-To series. Very cool walkthrough.

Books

1.       Microsoft Office SharePoint Portal Server 2007 Administrators Companion

-          http://www.microsoft.com/MSPress/books/9537.aspx

-          This is the MOSS bible. I do not go near a client site without this puppy by my side or on my HD. There is just so much info in here around installing, configuring, customizing, etc  MOSS, WSS 3.0. If you are going to implement MOSS this should be part of your library.

2.       Inside Microsoft Windows SharePoint Services 3.0

-          http://www.microsoft.com/MSPress/books/9692.aspx

-          Another must have book,  covers a lot of stuff that your SharePoint developers will absolutely need such as using Workflow foundation, Code Access Security, CAML, and a lot more.

3.       Professional Web Parts and Custom Controls

-          http://www.wrox.com/WileyCDA/WroxTitle/productCd-076457860X.html

-          Great book on web parts and custom controls which can be used in MOSS. Covers using AJAX, and some other common issues you will come across while coding your web parts.