Integrating SharePoint Server 2007 with Community Server Membership Databases

  • Article

Summary: Learn how to use Community Server accounts with SharePoint 2007 sites. This article walks through how to integrate the Community Server membership database together with the role-based security of Microsoft Office SharePoint Server 2007. (6 printed pages)

Hans Hugli, Microsoft Corporation

November 2007

Applies to: 2007 Microsoft Office System, Microsoft Office SharePoint Server 2007, Windows SharePoint Services 3.0

Contents

  • Business Scenario

  • Getting Started

  • Modifying ASP.NET Web.config Files

  • Enabling Forms-Based Authentication on Windows SharePoint Services

  • Adding a Community Server Administrator to the SharePoint Site

  • Adding Community Server Roles to SharePoint Security Groups

  • Conclusion

  • About the Author

Business Scenario

The business scenario discussed in this article is how to enable Community Server site users to log on to sites that are running Microsoft SharePoint Products and Technologies, by using the same credentials they use to log on to their Community Server site. Much of this article is based on Steve Peschka's post on the official Microsoft SharePoint Products and Technologies blog. I recommend reading through his blog to get a better understanding of how this works by using SharePoint Products and Technologies. The blog entry describes how to integrate the membership database of Community Server with the security model used in SharePoint Products and Technologies. This article assumes a limited knowledge of Community Server, SharePoint Products and Technologies, and Microsoft ASP.NET.

Getting Started

Community Server 2007, by Telligent Systems Inc., is built by using Microsoft ASP.NET. It relies extensively on the membership services feature of ASP.NET. Similarly, the latest release of SharePoint Products and Technologies also relies extensively on ASP.NET. Because of this commonality, you can integrate their security models. Initially, this might not seem to be an easy task. Having limited knowledge in ASP.NET 2.0 myself, I thought that I had to write a custom membership provider. I was happy to discover that I was wrong.

Community Server uses the membership and role providers in ASP.NET. ASP.NET includes the System.Web.Security.SqlMembershipProvider class and the System.Web.Security.SqlRoleProvider class. These classes communicate with an ASP.NET membership database that is usually created by using the command-line tool, aspnet_regsql.exe. For more information, see Creating the Application Services Database for SQL Server. For this walk through, I use the membership database created in Community Server. The first step is to determine how to modify Microsoft Windows SharePoint Services 3.0 to use forms-based authentication for the users and roles contained in the Community Server membership database.

Modifying ASP.NET Web.config Files

Locate the web.config file of the SharePoint site that you want to use forms-based authentication. By default, the path of this file is the following: local_drive:\inetpub\wwwroot\wss\VirtualDirectories\80.

Next, locate the web.config file for SharePoint Central Administration.

To locate the webconfig file for SharePoint Central Administration

  1. At a command prompt, type inetmgr to launch Internet Information Services (IIS).

  2. In IIS, expand the node computer_name (local computer).

  3. Expand Web Sites.

  4. Right-click SharePoint Central Administration, and then click Properties.

  5. Click Home Directory.

  6. Under Local Path, note the location of the web.config file. For example, local_drive:\inetpub\wwwroot\wss\VirtualDirectories\7552.

    The number, 7552 in this example, indicates the port number on which this site runs.

After locating these two web.config files, add the following XML to both files immediately after the <SharePoint> section and before the <system.web> section. If there is already a <connectionString> section, insert the <add> element contents to the existing section. The following XML example points to a database located on the local computer. The database instance runs on Microsoft SQL Server 2005 Express Edition (MSDE).

  <connectionStrings>
    <add name="AspNetSqlProvider" connectionString="Data Source=.\SQLEXPRESS;database=CommunityServer;Trusted_Connection=True" />
  </connectionStrings>

The following example shows how to point to a database on a remote computer.

<add name="AspNetSqlProvider" connectionString="Data server=myRemoteServerName;database=
  CommunityServer;Trusted_Connection=True" />

Next, add the following XML to the <system.web> section of the web.config file of the SharePoint site.

    <membership defaultProvider="AspNetSqlMembershipProvider">
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add connectionStringName="AspNetSqlProvider"
passwordAttemptWindow="10"
           enablePasswordRetrieval="false" enablePasswordReset="true" 
           requiresQuestionAndAnswer="true" applicationName="Community_Server_application_instance"
           requiresUniqueEmail="false" passwordFormat="Hashed" 
           description="Stores and retrieves membership data from the SQL Server database" 
           name="AspNetSqlMembershipProvider" type=
             "System.Web.Security.SqlMembershipProvider,
           System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

    <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
      <providers>
        <remove name="AspNetSqlRoleProvider" />
        <add connectionStringName="AspNetSqlProvider" applicationName=" Community_Server_application_instance" 
           description="Stores and retrieves role data from the local SQL Server database"
           name="AspNetSqlRoleProvider" type=
             "System.Web.Security.SqlRoleProvider, 
           System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>

Add the following XML to the <system.web> section of the web.config file of SharePoint Central Administration.

    <membership defaultProvider="AspNetSqlMembershipProvider">
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add connectionStringName="AspNetSqlProvider" passwordAttemptWindow="10"
           enablePasswordRetrieval="false" enablePasswordReset="true" 
           requiresQuestionAndAnswer="true" applicationName="Community_Server_application_instance"
           requiresUniqueEmail="false" passwordFormat="Hashed" 
           description="Stores and retrieves membership data from the SQL Server database" 
           name="AspNetSqlMembershipProvider" type=
             "System.Web.Security.SqlMembershipProvider,
           System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

    <roleManager enabled="true" defaultProvider=
      "AspNetWindowsTokenRoleProvider">
      <providers>
        <remove name="AspNetSqlRoleProvider" />
        <add connectionStringName="AspNetSqlProvider" applicationName="Community_Server_application_instance" 
           description="Stores and retrieves roles data from the local Microsoft SQL Server database"
           name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, 
           System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=
             b03f5f7f11d50a3a" />
      </providers>
    </roleManager>

Community_Server_application_instance is the name of the Application instance for Community Server. By default, this is usually "dev".

To determine the Community_Server_application_instance name

  1. In Community Server, start SQL Server Management Studio and examine the aspnet_Applications table.

  2. From the ApplicationName column, select the appropriate application name.

    Note

    You must define this value correctly to ensure that Community Server user names and roles are discoverable in Windows SharePoint Services.

The only difference between the two code examples is the defaultProvider for role manager. This ensures that we can continue to use Windows authentication for SharePoint Central Administration but make Community Server Users discoverable in the People Picker control for the SharePoint site.

After you save the files, you must reset IIS. To do so, in a Command Prompt window, type IISRESET /RESTART.

Enabling Forms-Based Authentication on Windows SharePoint Services

The next step is to enable forms-based authentication for the SharePoint site by using SharePoint Central Administration.

To enable forms-based authentication

  1. Click Start, point to All Programs, point to Microsoft Office Server, and then click SharePoint 3.0 Central Administration.

  2. Click Application Management.

  3. In the Application Security section, click Authentication Providers.

  4. Under Zone, click Default.

  5. Choose Forms.

  6. In the text boxes, type the MembershipProvider (typically AspNetSqlMembershipProvider) and RoleProviders (typically AspNetSqlRoleProvider), defined in the Membership and Role Manager sections respectively in the XML above, and then click Save.

When you save the changes, Windows SharePoint Services automatically adds an Authentication section to the web.config file for the SharePoint site indicating to IIS to use forms-based authentication instead of the default Windows authentication.

Adding a Community Server Administrator to the SharePoint Site

Next, we add a Community Server administrator to manage the SharePoint site. If there is not one already, create a user in the Community Server site to act as the administrator for the SharePoint site. The user does not have to have any special roles defined. I used the built-in Community Server Admin account.

To add a Community Server Administrator to the SharePoint site

  1. Click Start, point to All Programs, point to Microsoft Office Server, and then click SharePoint 3.0 Central Administration.

  2. Click Application Management.

  3. In the Application Security section, click Policy for Web application.

  4. In the list of Web applications, select the Web application on which you want to operate.

  5. Click Add Users.

  6. From the Zone list, select Default, and then click Next.

  7. In the Users box, type the user name of the administrator account that you created in Community Server.

  8. Press Enter or click the check box to resolve the user. If the user name does not resolve, check the web.config settings and connectionString values.

  9. After the name resolves, select Full control, and then click Finish.

Adding Community Server Roles to SharePoint Security Groups

Adding individual users to SharePoint security groups manually is time-consuming and creates unnecessary and redundant overhead for site administrators because typically there is already a security group that defines a set of users. The latest release of SharePoint Products and Technologies treat ASP.NET roles as security groups. For example, we can add the Community Server "Registered Users" role to the "Home Visitors" group of the SharePoint site. This assigns any member of the Community Server "Registered Users" role to the "Home Visitors" group. Members of the "Registered Users" role would then have read and view access to the SharePoint site.

To grant access for Community Server users to the SharePoint site

  1. In Internet Explorer, browse to the SharePoint site.

    Note

    The first time that you go to the site, a forms-based dialog box is displayed.

  2. Log on to the SharePoint site by using the Community Server account to which you assigned full control: the "admin" account with the password assigned to it.

  3. Type the user name and password for the administrator account.

  4. Click Site Actions.

  5. Click Site Settings and then click People and Groups.

  6. In the list of security groups, select Home Visitors.

  7. Click New.

  8. In the Users text box, type Registered Users and then press Enter.

    Note

    If you move the mouse over the name, the following is displayed: aspnetsqlmembershipprovider:Registered User.

  9. After the name resolves, click OK.

  10. Test the access with a Community Server user account from the "Registered Users" role. Log on to the SharePoint site. You should see the read-only version of the SharePoint site.

Conclusion

Community Server is a great example of software that is built on top of the ASP.NET flexible membership services. The ASP.NET membership services enables their software to easily interoperate with other products that also use membership services, in this particular case SharePoint Server 2007. The ASP.NET RoleProvider model abstracts Role assignments away from the IT department and to someone closer to this task, so that the IT department can focus on larger issues.

About the Author

Hans Hugli has worked for various Microsoft Technical Evangelism teams for the past 10 years. He currently contributes to the Uberdemo team in the Developer and Platform Evangelism group helping to create concept demos. Hans is passionate about putting together Microsoft products in new ways that show "the whole is greater than the sum of its parts." One of his current projects is coordinating the MIX08 Sandbox and creating a great user experience.

Disclaimer:Community Server 2007 by Telligent Systems Inc. is not a product of Microsoft.