Forms Based Authentication Utility for SharePoint 2010

A few people asked me whether there is a way to upgrade and adapt the well known utility published at to recent SharePoint 2010. I did that task and here I’m publishing it as an example. The download is at the end of this article. I however started rather from the scratch with my Visual Studio 2010 solution. I made up my mind in this regard due to a couple of reasons. Firstly the upgraded original solution looked awfully in Visual Studio 2010. Secondly essential changes were required to accomplish this task, which I’m referring to below.

What is different in this solution package? The basic problem I was facing is that the Claims Based Membership Provider (SPClaimsAuthMembershipProvider class within Microsoft.SharePoint.dll) stopped supporting a couple of methods which worked in the earlier SharePoint 2007 version 12. Calling them  (GetUser, FindUserByName, FindUserByEmail) now will throw a not implemented method exception (Picture 1). This new restriction made a proper design somewhat challenging as there is no way to get exactly one user from the underlying membership database. Instead you have to load all users and filter them in the memory.


Picture 1 (Red Gate’s disassembler reveals the catch)

The former version of this provider loaded anyway all users each time you have asked for one particular.  Hence fore neither the old nor this new utility can deal with a large number of membership users. Due to the reason SharePoint 2010 is only 64 Bit, this looks like not a real obstacle while the number of users does not explode beyond several thousands.

Here the list of changes in this new version:

  1. Support for Security Question (RequiresQuestionAndAnswer property). The utility checks whether the underlying provider is configured to support this property and the concerned controls are grayed out or switched on appropriately.
  2. Supporting caching capability. This means the user can decide to use ASP.NET caching on the server which will lower database round-trips to the server (if SQL Provider).
  3. Supporting search for one particular user


Picture 2 (Site Collection’s Site Settings)


Picture 3 (Manage Forms Based Authentication Users)


Picture 4 (Find particular user – no wildcard support yet)


Picture 5 (Edit User; note support for Security Question)


Picture 6 (New User)


Picture 7 (Breadcrumb navigation support)


Picture 8 (Managing Roles)


Please note you have to adapt the deployment scripts to your current environment (the scripts are part of the download package). Simply uncomment the path to folder 14c if needed and insert your site-collection’s URL.


Picture 9 (Installation script)


Picture 10 (Uninstallation script)

Here goes the Download to the zipped wsp solution package (the Visual Studio Solution Source Code will be published later on this web site – I’m going to add a few comments for developers). Downloading the package you are accepting the Microsoft Shared Source Community License (SS-CL) Agreement. Please note there is no support for this solution. I however appreciate your posted comments in this regard.

This entry was posted in SharePoint 2010. Bookmark the permalink.

32 Responses to Forms Based Authentication Utility for SharePoint 2010

  1. Charlie Mills says:

    I really appreciate your work! I’m just struggling to get the solution to deploy. I cannot seem to get the Deploy script to work. Just get file not found for the .wsp! any thoughts?


  2. Charlie Mills says:

    Hi Stefan,
    Thanks for your article and work! really is appreciated. Im after some help implementing the solution, i can’t seem to get it to work.

    I set up FBA in sp2010 before deploying the solution, modify the enclosed deploy script and run it. The solution deploys to my site and shows up in site settings. However when i try and click manager fba users a get an unexpected error from SharePoint.

    correlation id: 11addaed-a8ba-424c-990e-487086a4afb3

    Cant seem to work out what it is. FBA is set up and working fine but perhaps i have missed something. Your help would be appreciated.


    • Stefan R. says:

      Hi Charlie, sorry for my late answer, I was busy in the last couple of days. In order to see what’s going on please check your ULS logging using the provided correlation ID. If you do not know how to do that search for a SharePoint UlsLogViewer download. There is a plenty of these tools in the internet.

      • Charlie Mills says:

        Hi Stefan apologies for not getting back to you, after fiddling around with the deployment scripts is got it to work. Not really sure what was wrong but its working now!

        Thank you very much!

  3. doctator says:

    Forms Authentication works fine. Tried web app with multiple authentication providers and an extended web app with forms only. We can view a list of users but this comes up when you try to edit or add a new user
    I get this error:

    System.Configuration.Provider.ProviderException: The configured Role Provider (WindowsTokenRoleProvider) relies upon Windows authentication to determine the groups that the user is allowed to be a member of. ASP.NET Role Manager cannot be used to manage Windows users and groups. Please use the SQLRoleProvider if you would like to support custom user/role assignment. at System.Web.Security.WindowsTokenRoleProvider.GetAllRoles() at Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider.GetAllRoles() at FBAUserRoleManager.Utils.ReadAllRolesAndAddToCache(Page page) at FBAUserRoleManager.Utils.GetAllRoles(Page page, Boolean force) at FBAUserRoleManager.Layouts.FBAUserRoleManager.CreateNewUser.Page_Load(Object sender, EventArgs e) at System.Web.Util.CalliHelpe… 28d9a5cf-7c0b-4e4e-9ea3-0b07a2457b09
    02/23/2011 22:08:22.87* w3wp.exe (0x0E18) 0x1310 SharePoint Foundation Runtime tkau Unexpected …r.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase.OnLoad(EventArgs e) at Microsoft.SharePoint.WebControls.LayoutsPageBase.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 28d9a5cf-7c0b-4e4e-9ea3-0b07a2457b09

    • doctator says:

      All fixed now. We had the SQLRole mapped to Windows rather than the SQL Provider. Congratulations and thanks for a great solution that saved our bacon when we were putting together a disaster recovery Sharepoint 2010 site for an organisation following the earthquake in Christchurch, NZ earlier this week.

      • Stefan R. says:

        Wow, that’s good to learn. Many thanks for the feedback.

      • silpa says:

        Can you please explain what do you mean SQLRole mapped to windows. I have same issue and Role management page is not loading and shows above error.


      • Vasudev says:

        Thanks Doctator, Your comment helped me solving an issue though I have not used FBA Management webpart.

  4. Saumil Mehta says:

    Hi Stefan,

    Thanks for the great app. I have one query…. the list shows only 5 items per page….is there any way to increase it to say 100 per page… it will decrease navigation considerably. Thanks!
    Saumil Mehta

    • Stefan R. says:

      Yes Saumil, it is possible to make the page-size customizable. I will soon post a new solution package. Check my blog within the next 24 hours. Kind regards

  5. Pingback: FBA 2010 Utility Update | Stefan's musings

  6. VJ says:

    Hi Stephan,

    Thanks for your great contribution!
    I wounder if you can guide/help me add “user self service” feature(s) into this solution, such as the most important, “change your password” or “reset my password”.

    • Stefan R. says:

      Hi VJ, it depends what you expect this self service should provide?

      • VJ says:

        Hi Stefan, thanks for your reply.

        I expect the same functionality as in out-of-the-box .net controls (“” and “”). Except that they’ll be on layout pages and all fields layed flat on the page (not steps as in the .net password recover control) just as you designed all other pages in your solution. Currently all .net controls mentioned above are doing thier job but throwing exceptions after all, I’m not being able to find the main cause, nor want to use them any longer after exploring your solution. Also, can you please upload your latest source code of the solution since you’ve made some modifications lately.

        I thank you so much for starting this, and I think you should take it to the codeplex to save the community :).

      • VJ says:

        The asp controls above has been removed in between the quotation I think because they had tags associated, I’ll list them below again:

        1. ChangePassword.
        2. PasswordRecovery.

      • VJ says:

        Hi Stephan,

        I’ve completed the additions of the following to the your solution:
        1. Password Recovery (accessible anonymously)
        2. View/Edit My Account Information (available for every user).

        I think you can tell what these pages do. Can I get your permission to republish your code with the modification I’ve made on another blog? Of course your blog will be referenced.


  7. VJ says:

    My apologies for misspelling your name, Stefan.

  8. Yash says:

    post publish wsp installation file, please guid next step to do, are there any paramters which needs to be reconfigured on a web.config level also? would be very helpful if you can share detailed installation/configuration manual with us. Many thanks.



  9. Geoff Payne says:

    Thank you for your work. As of 24 May 2011 your ZIP packages seem to be missing from the server. Please check this as we are eager to use your solution.

  10. Zoltanar says:

    Hi Stefan.
    Your solution seems to fill many gaps and is easy enough to get setup.
    I however have one question for you ; your FBA solution will work at the WebApp level. Can it be adapted at the Site Collection level?
    I need some FBA solution to allow a site collection admin to maintain his users, but be restricted only to his users. So Site Collection Admin for site A will not see user for site B, and so on.

    Thanks for your help.

    • Stefan R. says:

      Hi Zoltan, I have to check the code and refresh the topics you are asking for. Unfortunately I have left the company I forked for in the SharePoint area and in my new job I’m focused on different topics. Perhaps you could return in a couple of days to see my final statement on this issue.

      • zoltanar says:

        OK Thanks Stefan for the follow up.
        I am sure there are many people looking for this out there!


      • Stefan R. says:

        Hi once again. I have checked this topic and in my understanding your issue cannot be resolved. This is by design. The first problem to start with is the fact that FBA can be enabled in Central Administration per Web Application. Here you have to configure the ASP.NET Membership Provider’s name and the ASP.NET Role Manager’s name per Web Application (SPWebApplication). This means, the provider and manager names are unique and shared within that Web Application and lower level hierarchy Sites. All child hierarchy will have access to the pre-configured provider and the manager which cannot be altered on any lower level hierarchy.

        In the Code (C#) I’m using the System.Web.Security namespace’s MembershipUserCollection’s class GetAllUsers() method to read all users from the underlying (SQL) Membership Provider. There is no way to filter all those users based on Site Collection permissions as the underlying Membership Provider does not support such filtering. How to mark in the Membership Provider which user belongs to a particular Site Collection? The issue could only be resolved using unique Membership Providers per Site Collection (SPSite) level which this time is not supported by SharePoint 2010. So there are still chances I’m wrong, in that case please, anyone has an idea just let me know.

  11. Jason says:

    Genius! It works great! This is a great starting point to where we want to go with this, thanks!!

  12. zoltanar says:

    (Sorry, wanted to reply to the thread with your answer but I don’t see the “Reply” link for some reason…)

    So, thanks a lot Stefan for the detailed explanation about why it would not be possible at the SiteCollection Level. If by any chance I find something, I’ll let you know. For now, the only solution I found was with Bamboo software, but it is linked to AD, which I would like to stay away from for this case.

    Thanks again

  13. Can this work with SharePoint Online in Office 365 ?

    If not, what things need to be customized and configured. Our project needs a public portal where authentication for anonymous would be based on FBA.

  14. Brad says:

    Hi Stefan – Thanks for your hard work on this….it’s awesome and works great.

    I have a question, how would you quickly implement the UserProfiles in order to add additional fields to both the CreateUser.aspx page and the UserRoot.aspx page? Can you point me in the right direction.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s