FBA Roles and SharePoint Groups

sharepoint2010
codeplex

#1
I installed the FBA Pack and I have created roles, then added them to the appropriate SharePoint Permissions Group (ie: FBA Member > SiteName Members). Then I created FBA Users and assigned them to the FBA Member role.

But when I try to log in at that user, I am getting Access Denied.

Any thoughts on what I may be missing?

#2
It sounds like you're doing things properly. Can a user log in if they are added to the SharePoint group directly?

#3
If I add the FBA user to the SharePoint Group directly, yes, they can log in.

#4
That is strange then. Are you sure the RoleProvider is setup correctly in the SecureTokenService web.config?

#5
Here is the lines from the web.config file for SecureTokenService:

<system.web>
    <membership>
        <providers>
            <add name="sqlmember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="SqlConn" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" />
            <add name="aspnetmembership" connectionStringName="TeamsSqlServer" applicationName="TeamsSite" type="System.Web.Security.SqlMembershipProvider,               System.Web, Version=2.0.0.0, Culture=neutral,               PublicKeyToken=b03f5f7f11d50a3a" />
            <add name="FBAMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBAConn" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
        </providers>
    </membership>
    <roleManager enabled="true">
        <providers>
            <add name="sqlrole" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="SqlConn" />
            <add name="aspnetrolemanager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="TeamsSqlServer" applicationName="TeamsSite" />
            <add name="FBARoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBAConn" />
        </providers>
    </roleManager>
</system.web>

#6
Assuming the FBARoleProvider entry matches your web application web.config entry - i'd say this looks good - not sure why you're having issues. Maybe check your SharePoint log file to see if it has any relevant info?

#7
I've checked the logs and do not see anything. I have it installed on a Development system as well, but with the same issues.

#8
Did you add the user to the role in the FBA Pack Edit User page? If not, try that and let me know if the user can log in then.

#9
Not sure I understand what you are referring to. Could you explain and where to locate?

#10
Site Settings -> FBA User Management -> Edit a user.

#11
All three users that were entered into the FBA User Manager and have been assigned roles. I create 3 roles, FBA Member, FBA Owner, FBA Reader. Under FBA Roles, FBA Member shows 2 users in that role and FBA Owner shows 1.

#12
Ok - I wasn't sure if they had been assigned there, or outside of SharePoint. It sounds like you have everything configured properly. Are you sure that the proper name for the roleprovider is set in Central Admin - Web Application Management?

#13
For that particular web application, yes. ASP.NET Membership provider name FBAMembershipProvider & ASP.NET Role manager name FBARoleProvider.

#14
In IIS, there is a Provides icon, a .NET Provile, .NET Users and .NET Roles. FBAMembershipProvider is listed under .NET Users, FBARoleProvider is listed under .NET Roles, and nothing is listed under the .NET Profile. The only one listed under .NET Profile dropdown under Providers is AspNetSqlProfileProvider.

#15
It sounds all good - not sure why it wouldn't be working.

#16
Good Morning. Strange, it is working now and I did nothing to it since our conversations.

Thanks for all your help.