I've set up FBA (Forms Based Authentication) on a SharePoint site a few other times, but never on Mysites.  Typically I follow Dan Attis's blog posting, which covers setting up FBA.  Dan also has another great post about setting up FBA with MySites.  Basically since MySites is tied to the Shared Service Provider, you have to setup FBA on both the SSP, and the site that hosts MySites.  I followed Dan's steps to the T but still ran into some issues.  Once I converted the SSP fully over to FBA, I wasn't able to get into all parts for configuring MySites that I needed, I would get errors telling me I didn't have permission.  What gives?  I followed Dan's steps, added an FBA account as an admin in the site, why would I be getting these errors?

So I backed out setting my SSP to FBA and set it back to Windows Auth and started taking a look at the permissions.  Everything looked fine.  Then I stumbled across the problem.  When your in your SSP and go to MySite Permissions, below is a screenshot of what a typical SSP MySite Permissions looks like.  Notice how you don't see your FBA admin account anywhere. 

image

So I added my FBA account and gave it the same permissions as my Windows Auth Admin account, switched my SSP back to FBA and viola!  I was able to now fully administer the SSP with my FBA admin account.  Notice how the spadmin account has the same permissions as my Windows Auth account.

image

 

Another thing to not here is the "everyone" group.  Dan talks about making this group in his posting, and it especially comes in handy when you want to do straight FBA with MySites.  I created the Everyone group and gave it the same permissions as the "NT Authority\Authenticated Users", which makes sense that you have to do this.  If you DIDN'T have an everyone group (or at least a group of users that COULD create MySites), you'd have no way for a FBA user to automagically create their mysite.  So by adding an "everyone" group and mimicing the "NT Authority\Authenticated Users" group, you now allow any authenticated FBA user to be able to create their MySite.

 

Here are the 2 links to Dan Attis's FBA walkthroughs.  They really are great resources and I can't thank Dan enough for posting them and helping everyone out most likely pulling his hair out discovering the secret of the SharePoint FBA.

Dan Attis's 2 part posting about FBA Part 1 : http://devcow.com/blogs/jdattis/archive/2007/02/23/Office-SharePoint-Server-2007-Forms-Based-Authentication-FBA-Walkthrough-Part-1.aspx

Dan Attis's 2 part posting about FBA Part 2 : http://devcow.com/blogs/jdattis/archive/2007/03/01/Office-SharePoint-Server-2007-Forms-Based-Authentication-FBA-w-MySites-Walkthrough-Part-2.aspx


Comments


United States anairat
February 3. 2009 10:29
anairat
i made the same thing as Dan says, but when i get into ssp admin, and try to add my spadmin (fba member user) it gives a red line under it inpite of that i add the connection string and fba role with membership into the web config for it!! i followed Dan from part1, and success then tp part 2, when i reached to this point (to add fba members into users and groups in ssp admin) i failed Frown please any idea

no site


February 11. 2009 07:01
Tom Dietz
Try running iisreset before trying to set the permissions for the SSP.

Also, you can try switching the authentication provider for the SSP  to Forms based, then add the spadmin as the Site Collection Admin (for the SSP).

I had the same problem and doing a combination of the above steps solved my problem.

http://tothepoint.inproc.com/http://tothepoint.inproc.com/


India Sanjay
March 18. 2009 04:54
Sanjay
Hi
I made the same thing as Dan says and got same issues as Tony Testa discussed here.
I implemented same work around as tony suggested here.
(SharePoint MySite Forms Based Authentication Missing Steps That Might Come In Handy)

Now Its showing MySite Link but not creating MySite for me.
please any idea.



no site


May 4. 2009 23:03
anairat
i solved this issue, Thanks for this great post Smile

http://www.infinitetiers.com/http://www.infinitetiers.com/


January 16. 2010 02:33
Bowling Trophies
If you want to always get the latest Nagoya news and information every time you log onto the internet, then you should most definitely set your home page to Nagoya news and information.

http://www.aaatrophy.com/Bowling-Trophies-|-AAA-Trophyhttp://www.aaatrophy.com/Bowling-Trophies-|-AAA-Trophy


January 21. 2010 20:19
white bathroom cabinet
Great posting dude.
your blog look more great by using blogengine platform.
I like it.
Happy posting.

Regards,
Sane

http://www.bathroomvanityfurniture.net/white-bathroom-cabinet.htmhttp://www.bathroomvanityfurniture.net/white-bathroom-cabinet.htm


January 25. 2010 07:17
cash advance
Positive thinking won't let you do anything but it will let you do everything better than negative thinking will.

http://cashusloans.com/payday-loans.htmlhttp://cashusloans.com/payday-loans.html


January 28. 2010 17:54
football shirt
Wow, I never knew that SharePoint MySite Forms Based Authentication Missing Steps That Might Come In Handy. That's pretty interesting...

http://www.soccerbox.com/http://www.soccerbox.com/


February 1. 2010 08:07
Loans in Virginia
The quality of your work, in the long run, is the deciding factor on how much your services are valued by the world.

http://superpaydayloan.com/state/Virginiahttp://superpaydayloan.com/state/Virginia


February 8. 2010 05:27
cash loans
A business that makes nothing but money is a poor kind of business.

http://cashusloans.com/no-fax/payday-loans-no-fax.htmlhttp://cashusloans.com/no-fax/payday-loans-no-fax.html


February 9. 2010 02:53
payday loans
I find that the harder I work, the more luck I seem to have.

http://fastloansus.com/http://fastloansus.com/

Search Blog

Blog Roll

    OPMLDownload OPML file

    Recent Comments

    Banners

    Theme Grabber
    Disclaimer
    The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

    © Copyright 2012 Tony Testa's World