At some point in your company’s SharePoint usage, you will probably want to expand the usage of your Intranet sites to clients. Extranet deployment usually requires some additional server and license resources which can add to the expense of the Sharepoint deployment. Fortunately, SharePoint Server 2007 has the Authentication Zones feature, which allows you to setup different authentication methods for your employers and customers and minimize the additional hardware and software licenses required.
In this article we will be configuring forms based authentication with newest version of Microsoft Office SharePoint Server with Service Pack 2 on Windows Server 2008.
SharePoint authentication zones
By default, on SharePoint applications there is only one default zone configured, which corresponds to our LDAP (Active Directory) authentication mode. However, there are several other zones that can be used for authenticating site users (see screen below)
In this instance we will be configuring our Extranet zone with Forms Based Authentication, so our external users (clients/customers) would be using different credentials database. In most cases we do not want external users to have any accounts in the Active Directory as it will be a drain on resources to have an Active Directory only for these users. Therefore, in this scenario we will be using ASP .NET functionality to store user credentials in MS SQL Database.
Configure Extranet zones with users stored in a SQL Server Database
We need set the ASP .NET services engine to use a SQL Server database to store user credentials, as well as membership, profiles and the SQL Web event provider. To do this, you will need to run aspnet_regsql.exe located in theC:\Windows\Microsoft.NET\Framework\v2.0.50727 folder (or C:\Windows\Microsoft.NET\Framework64\v2.0.50727 for 64-bit OS’s).
After reading the application description in the first screen and clicking next, we then ensure that Configure SQL Server for application services is selected and click Next (see screenshot below).
Next, we enter our SQL Server credentials. This is a very useful feature because we can use the same SQL Server instance that is used for SharePoint to avoid the expense of purchasing an additional SQL Server license for external user authentication. Alternatively we could install the free SQL Server Express which is capable of handling Forms based credentials.
Next, confirm that the SQL Server credentials for ASP .NET services are correct, and click Next. By default, ASPNET_RegSQL.exe will be using the ‘aspnetdb’ database for storing user data.
Now we must configure the provider for membership, profiles and the role manager in SharePoint.
First we need to expand our Intranet site that is in the Default Zone (with default, Active Directory based Authentication). This is done in Central Administration / Create or Extend Web Application.
Select Extend an existing Web application and then select the web application we need to extend to external, SQL Server based users.
The most important part of the configuration forms after you select the correct application to extend, is on the screen below.
We need to enter the external host name that will be visible from every workstation, so it’s important to have a good domain for our extranet site as it will be probably used by our clients and customers. We may also need to enable anonymous authentication, but in this scenario we won’t be using that for our Extranet site.
At the bottom of the configuration, we need to select the correct zone for our newly extended site. Here we will select Extranet.
Before you accept these changes, ensure that NTLM authentication is selected, which is the only supported mode for Forms Based Authentication.