Reza Alirezaei’s Blog

Will this work on a My Site that has been set up with FBA?

I’m trying to implement this code on an extranet setup with FBA. Do the snippets of code get pasted into the web.config’s in addition to the providers and connection strings setup for my FBA? If I do this I get an “An Unexpected Error Has Occurred.” Furthermore, do we need to register the assembly in our web config?

What I mean is, I have “my sites” set up with FBA however I need to open it up to anon users. There seems to be a restriction with my sites and anon users (no matter what, anon users can not view the public profile page of a My Site…..so I’m wondering if this solution will work for me. Essentially when someone hits it anonymously – it will log them in with an actual account that has been created in the data store (SQL in my case) and I can lock that user down to read only. I’m actually in the process of testing it now but I thought maybe you had encountered this scenario before. Seems like this will work in theory because if I login with my read only account using FBA I can see the public profile page fine. It just seems to be truly “anonymous” users it doesn’t like.

I ended up deploying both. Is there an easy way to undeploy the ASAX solution?

Alright looks like I got the errors to go away, but turns out now that it goes to the page but doesn’t log in as the Guest account. I did have to edit my group policy to enable the account in AD. Anything else need to do for the guest account?

What guest account then does this solution impersonate? Do I need to create a guest account in my FBA users called “Guest”?

Thanks for your help Reza. I just modified the global.asax and all is good, except the users actually have to click the “Sign In” button to get logged in as “Guest”. Do you know of anyway to auto-sign in a user without having to click on Sign in?

Hmm interesting. I’m running WSS 3.0 with SP1 and can’t seem to get it to work. Had a friend try also and it did not auto-login. I’m only using the Global.ASAX solution and deactivated the HTTP one since it wasn’t working for me at the time. I’ll keep messing with it.

So I am trying to impelement the ASAX solution but not having any luck. I deployed the solution file to the Sharepoint Server. I already had FBA set up so I just added an account called guest and copied the provided code into the global.asax page (since I’m doing mysites I did the mysite app and the ssp) but I’m confused on the connection string. Your comments to Bryan above indicate that he didn’t need to make any changes to his existing FBA connection string. Is that correct? Nothing happens and if I press the “login” button I just get an error that says “server could not log you in….check name password…try again”

Any ideas? Did I miss something. Maybe its just the Mysite implementation. So far I’ve learned everything with Mysites works different than a normal site collection.

Thanks

I setup this solution and the anonymous users are now logging in as guest. I have to problems now. The first problem is that when I submit a custom form from internet explorer, I receive the error message “The data source control failed to execute the insert command.”. I looked in the diagnostics logs and found this:

08/08/2008 12:58:33.40 w3wp.exe (0x0C98) 0x0D08 Windows SharePoint Services General 8kh7 High The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.
08/08/2008 12:58:33.40 w3wp.exe (0x0C98) 0x0D08 Windows SharePoint Services General 8nca Verbose Application error when access /Pages/e_2009_abstractSubmit.aspx, Error=The data source control failed to execute the insert command. at Microsoft.SharePoint.WebPartPages.DataFormWebPart.InsertCallback(Int32 affectedRecords, Exception ex) at System.Web.UI.DataSourceView.Insert(IDictionary values, DataSourceViewOperationCallback callback) at Microsoft.SharePoint.WebPartPages.DataFormWebPart.FlatCommit() at Microsoft.SharePoint.WebPartPages.DataFormWebPart.PerformCommit() at Microsoft.SharePoint.WebPartPages.DataFormWebPart.HandleOnSave(Object sender, EventArgs e) at Microsoft.SharePoint.WebControls.SaveButton.OnBubbleEvent(Object source, EventArgs e) at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) at System.Web.UI.WebControls.Button.OnCo…
08/08/2008 12:58:33.40* w3wp.exe (0x0C98) 0x0D08 Windows SharePoint Services General 8nca Verbose …mmand(CommandEventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

So, I test the form with the Administrator user and I am able to submit it. The odd thing is that I am also able to submit the form using the guest account in Firefox with no such errors like the ones above. If I disable the workflow on the list, both IE and Firefox submit the form fine.

The other issue I am having is that I am unable to remove the “Browse User Information” from the permission level that I created for the guest user because all pages then display an Access Denied message.

Any help would be greatly appreciated.

I have the HTTPModule working and logging in but I am not able to resolved the Guest Account in any zone or in People Picker as you show in Part 3. I had a similar problem with LiveID that I resolved by running the “stsadm.exe -o addwindowsliveauth” command twice. I would appriciate any suggestions to resolve this problem.

There are 2 other Quest accounts. The domain\guest and BUILTIN\guest. Why would it matter if I had dozens of guest accounts? Shouldn’t I be able to enter the MinimalMembershipProvider in the “Select People and Groups” dialog and have it resolve the quest account?
I would like to mention that I think your Guest Account Enabler is one of the better learning presentation I have seen especially since you added the packaging and deployment. Vary nice!!

I finally got the Guest user to resolve in the “Select People and Groups” dialog. I rebuilt everything on a cleanly built server. I think the problem was that I was working on a VHD virtual server that was shared with several other developers so it had its computer name changed in order to not have a name conflict on the domain. Thanks again for the great presentation.

Thanks to your great article I was able to finish my HttpHandler that directly adds authenticated users and user profile data to SharePoint using a similar Minimal Membership Provider. This eliminates the need to manually add the users using the SharePoint Central Administration page. If you don’t mind I would like to share my code with anyone that was looking for this functionality. You can find it at my blog How to directly add users and user profile data to the SharePoint Store using a Minimal Membership Provider.

Reza,

The Windows Live Authentication (WLA) SDK is designed to add authenticated users and profile data to a Membership Provider User Profile List. The problem is that SharePoint Lists will have performance issue when its filled with too many user entries.

I found that once a user is added to SharePoint, some of the user’s meta data(such extracting user’s email when sending an alter) can be looked up from the hidden user information list and not the Membership Provider User Profile List. When you manually go to add users in the SharePoint Central Administration page and enter the prefix Membership Provider name followed by the login name like LiveID:login_name, SharePoint normally searches the Membership Provider User Profile List for the user names. I found from my testing that once the user logs into SharePoint, some of the user’s metadata are saved and later is retrieved and if the user is not found, it then requests is served by the Membership Provider.

The only reason I was building a Membership Provider was to add an authenticated user to SharePoint. I didn’t need an addition Membership Provider User Profile because I already managed users from a different site. By stubbing out your Minimal Membership Provider I was able to work around SharePoint’s Forms Authentication Membership Provider requirement. I am still testing it but so far I have not found any problems. I will post back if I find any.

Burt
Burt’s ASP.NET Developers Blog

Our worldwide site has about 100,000 members which is more than a SharePoint List can handle. There is a good article by Joel Oleson Scaling to Extremely Large Lists and Performant Access Methods that reviews the findings by the paper “Working with Large Lists in Office SharePoint Server 2007” which evaluates performance characteristics of large SharePoint lists under different loads and modes of operation.

The added value is being able to add users automatically to SharePoint when the user logs in. Rather than build a complex SQL Membership Provider, I found it easier to add the user directly to SharePoint. I had no desire to add 100,000 users manually to SharePoint and did not want to build a complex SQL Membership Provider as a staging layer if it wasn’t necessary. So, I found an easy way to add the user directly to SharePoint and thereby simplify my code. Stubbing out the Membership Provider was merely a demonstration to show it could be done. adding users directly to SharePoint using your Minimal Membership Provider can also be done in much the same manner by using the AddUserToGroup() method from the web service UserGroup().

Please try out the code from my site, you may find it as interesting as I found your code example.

Burt

“Burt’s ASP.NET Developers Blog”

Reza

Sorry to take so long to get back to you. Your question about why I am not using the hidden “User Information List” set me on a discovery quest that I just now completed. The short answer is I am now using the WSS “User Information List” site collection.

When I started this project I did not know about this list so I put the user profile information in the MOSS User Profile database and eventually synchronize this information scheduler would update the WSS “User Information List” site collection which would show up in the People and Groups list. Know that I know how to programmatically update the WSS “User Information List” site collection I commented out the other code that saves to the MOSS profile database.

As far as the number of distributed users they are split up using site Variations based regions. I am not sure how this will impact performance yet. That is my next project. I’ll keep you posted of my findings.

I also renamed my blog article “Add Users to Groups in a Forms Authentication (FBA) SharePoint Site” [http://icodehead.blogspot.com].

Burt

Reza,

I completed my work on “How To Add Users to Groups in a Forms Authentication (FBA) SharePoint Site”. I wrote a routine to add 500,000 users to the Viewers group and also added user data to the AllUsers profile. It took about 6.5 hours to complete. I spent a day testing and have found no performance issues other than those normally associated with SharePoint.
Now I am starting work on a team build environment using MOSS 2007 and Team Foundation server and writing deployment scripts for installing GAC dll’s and Features. Thanks for all your help.

Burt
“Burt’s ASP.NET Developers Blog”

hello Reza,

i think i really don’t get it – and i thought i understood my FBA mode before…

my obvious question is one burt had before, which didn’t get answered:
“I’m trying to implement this code on an extranet setup with FBA. Do the snippets of code get pasted into the web.config’s in addition to the providers and connection strings setup for my FBA?”

Because if i add the code snippets (so got 2 connectionsstrings and 2 membership providers), what happens is as follows:

1) if i run my site (like http://www.abc.com), the login.aspx is loaded
2) no matter what i enter i get logged in
3) but i don’t have any access

there are 2 possible errors, but until now i didn’t got the solution:
1) if i set the MinimalMembershipProvider as DefaultProvider i can’t use my real Provider
2) i have to modify the connectionstring of the MinimalMembershipProvider – but i don’t know where it has to point to. Do i need to setup a real SQL DB or something equal for this?

really puzzled,
Johannes

Johannes

The reason you add the MinimalMembershipProvider and connectionStrings to both web.config files is so the People Picker will be able to find the Guest user when you assign it to a Sharepoint group that has Read permissions. The connectionStrings is just a dummy reference and not used.
I think the reason any login is working is because of the anonymous account. You can remove the anonymous access once you have:
1. Activated the “Guest Account Enabler” feature found under Site Actions > Site Settings > Site Collection Features.
2. Gone into the People Picker and assigned the Guest user to one of the Sharepoint groups that has Read permissions.

Burt
Burt’s ASP.NET Developers Blog

Something has gone fundamentally wrong, and I’m very much hoping for a nudge in the right direction. At present, I’m ready to tear the whole site down.

I followed all instructions to the letter, though may have missed some. I loaded the solutions using the bat file, and altered by web config files, but when I returned to the FBA extension site (which had worked for months), errors indicated it couldn’t find default.aspx, or I didn’t have rights to view. I never saw a web part loaded, but briefly saw a feature, which has since disappeared. App logs say SQL doesn’t have rights needed for OGKW, error 7888, the Virtual Directory for the Anonymous site doesnt have a Global ASAX file (the default directory does) and I’m apparently missing the articles indicating where to enter a guest account, and probably shouldn’t have loaded User1 on to the Machine account and anon access site, which I did as the LAOADP. I retracted the solution, then deleted, and wondering if I should reload the whole site and skip this, or what. Again, even a general direction to take would be appreaciated. The part is exactly what I need.

Only G__ Knows
Last Act of a Desparate Man…

Thank you for your example. before using your solution, I would like to know whether the work created in WOrkflow shrepoint Designer 2007? If it is then which of the two solutions for the FBA? Thanks

Thank you Reza Alirezaei

I need help/suggestion for the site.

https://abcd.com sharepoint site had
Home > Site Settings > Permissions > Anonymous Access
Anonymous users can access:

Entire Web site

Due to which our site Landing page was https://abcd.com/Pages/Default.aspx which is correct.

There was serious issue that Home > All Site Content ,Layouts , and other document library were accessible to anonymous users without authorization from google search and posed a strong security threat.

So I modified Home > Site Settings > Permissions > Anonymous Access

Anonymous users can access: to

‘Lists and libraries’ replacing ‘Entire Web site’

So anonymous access to Home > All Site Content and other document library was restricted.

But our default landing page when we open the site became Login.aspx

Client has requested us to restore back to default.aspx page as landing page to site.

I have tried two options to solve the above problem

1) Replace in Web.Config to

which solved our landing page issue but after we login it still showed login page and not moved to defaulpage having requisite menus.

2) Added ‘webconfig.xyz.xml’ file in C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG

when i run stsadm -o copyappbincontent to apply changes to site farm I got the following error

The web configration file, C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\webconfig.dlc.xml, does not have element “configuration/configSections/sectionGroup[@name=’SharePoint’]” or it is invalid.

I have followed Point 2 steps from below link.

http://technet.microsoft.com/en-us/library/ee191479.aspx

As site is Live I request you to give suggestion how to get default.aspx as landing page for my FBA sharepoint site.

Forgive me for this newbie question…but I’m confused over the instructions left by the Readme.txt while deploying this solution.

I’ve successfully deployed the solution for GAEHttpModule and activated the feature…but the readme asks me to add the following to the web.config:
-a connection string to an unknown database
-MinimalMembershipProvider which using the above connection string
-GuestModule HttpModule

I get a 500 error when I just cut & paste the code snippets from the ReadMe.txt into my web.config. Am I suppose to create a database that the connection string should point to? What am I missing to make this solution work?

@Prasanna
We are also getting the same error on one of our two web servers.

The other web server is fine. We are simply copying the web.config files from the good server to the bad server as this is a one time change, but I would be interested in knowing if there is a better solution of if someone has determined a reason for the problem.

Hi, I’m succesfully using your HttpHandler & SimpleMembershipProvider on a Sharepoint 2007 server.

Now I have the same need on a site built on Sharepoint 2010… I’m wondering if I could use the same solution or not?

@Elena
Does this solution work with SharePoint Server 2010?

@Burt
Update: I renamed my blog link above to How To Create and Add Users to Groups using an HttpModule for a Forms Authentication (FBA) SharePoint Site
Burt

hello Reza,
I want to attach a file to SharePoint list in anonymous mod but ask me a username and password.
can i use your solution to attach files without entering username and password.