FBA Roles and SharePoint Groups

bfry24 · August 7, 2013, 3:53pm

I installed the FBA Pack and I have created roles, then added them to the appropriate SharePoint Permissions Group (ie: FBA Member > SiteName Members). Then I created FBA Users and assigned them to the FBA Member role.

But when I try to log in at that user, I am getting Access Denied.

Any thoughts on what I may be missing?

ccoulson · August 7, 2013, 4:41pm

It sounds like you're doing things properly. Can a user log in if they are added to the SharePoint group directly?

bfry24 · August 7, 2013, 4:44pm

If I add the FBA user to the SharePoint Group directly, yes, they can log in.

ccoulson · August 7, 2013, 4:54pm

That is strange then. Are you sure the RoleProvider is setup correctly in the SecureTokenService web.config?

bfry24 · August 7, 2013, 5:10pm

Here is the lines from the web.config file for SecureTokenService:

<system.web>

    <membership>
        <providers>
            <add name="sqlmember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="SqlConn" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" />
            <add name="aspnetmembership" connectionStringName="TeamsSqlServer" applicationName="TeamsSite" type="System.Web.Security.SqlMembershipProvider,               System.Web, Version=2.0.0.0, Culture=neutral,               PublicKeyToken=b03f5f7f11d50a3a" />
            <add name="FBAMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBAConn" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
        </providers>
    </membership>
    <roleManager enabled="true">
        <providers>
            <add name="sqlrole" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="SqlConn" />
            <add name="aspnetrolemanager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="TeamsSqlServer" applicationName="TeamsSite" />
            <add name="FBARoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBAConn" />
        </providers>
    </roleManager>

</system.web>

ccoulson · August 7, 2013, 7:49pm

Assuming the FBARoleProvider entry matches your web application web.config entry - i'd say this looks good - not sure why you're having issues. Maybe check your SharePoint log file to see if it has any relevant info?

bfry24 · August 7, 2013, 8:17pm

I've checked the logs and do not see anything. I have it installed on a Development system as well, but with the same issues.

ccoulson · August 7, 2013, 8:32pm

Did you add the user to the role in the FBA Pack Edit User page? If not, try that and let me know if the user can log in then.

bfry24 · August 7, 2013, 9:07pm

Not sure I understand what you are referring to. Could you explain and where to locate?

ccoulson · August 7, 2013, 9:08pm

Site Settings -> FBA User Management -> Edit a user.

bfry24 · August 7, 2013, 9:11pm

All three users that were entered into the FBA User Manager and have been assigned roles. I create 3 roles, FBA Member, FBA Owner, FBA Reader. Under FBA Roles, FBA Member shows 2 users in that role and FBA Owner shows 1.

ccoulson · August 7, 2013, 9:15pm

Ok - I wasn't sure if they had been assigned there, or outside of SharePoint. It sounds like you have everything configured properly. Are you sure that the proper name for the roleprovider is set in Central Admin - Web Application Management?

bfry24 · August 7, 2013, 9:19pm

For that particular web application, yes. ASP.NET Membership provider name FBAMembershipProvider & ASP.NET Role manager name FBARoleProvider.

bfry24 · August 7, 2013, 9:24pm

In IIS, there is a Provides icon, a .NET Provile, .NET Users and .NET Roles. FBAMembershipProvider is listed under .NET Users, FBARoleProvider is listed under .NET Roles, and nothing is listed under the .NET Profile. The only one listed under .NET Profile dropdown under Providers is AspNetSqlProfileProvider.

ccoulson · August 8, 2013, 1:38am

It sounds all good - not sure why it wouldn't be working.

bfry24 · August 8, 2013, 2:52pm

Good Morning. Strange, it is working now and I did nothing to it since our conversations.

Thanks for all your help.