posted on June 26, 2006 3:43 PM by Kurt

Couldn't find user error for Forms Authentication

(This is the first post in a series on Forms Authentication in SharePoint 2007.  I announced this series a little while ago over here)

One of the main problems I was having with SharePoint Forms Authentication was getting it to recognize and list users from my new authentication provider.  Once you switch authentication providers, you have to manually add the first authenticated user to SharePoint from the Central Administration.  The reason for this is quite simple: the normal administrator credentials you used before won't be recognized under the new provider - so you have no way to log into the site under the new provider.

But what I found was that after going to "Policy for Web Application" (the page where you manually add the first authenticated user), is that Central Administration can't list or recognize your new user names.  Being new to using ASP.NET provider model, I assumed I simply had the database set up incorrectly - not so.  I just missed one essential step: You must add the provider settings to BOTH the Web Application web.config and the Central Administration web.config.  I can't stress this last part enoguh.  If you don't add the provider settings to the central admin, you won't be able to access the new credentials store, and thus won't be able to add users.

Sounds pretty intuitive once you think about it (how else would Central Administration know about the new provider) and indeed SharePoint gives a warning about this (albeit a small one) on the left hand side when setting the provider on the Authentication Providers page: 

The membership provider must be correctly configured in the web.config file for the IIS Web site that hosts SharePoint content on each Web server. It must also be added to the web.config file for IIS site that hosts Central Administration. [Emphasis mine]

But to first time users of Forms Authentication in SharePoint (which we all are), this is a little counter-intuitive.  We kinda assume that adding the provider details for the individual Web Application is enough.  And indeed, I think the central admin web.config will become bloated with providers from every site that it's managing.  All in all, I think it's a poor choice to rely on the central admin web.config and not using the web.config of the individual sites, but I am sure there are specific reasons why MS chose this model.

I think I'll file this under "things you'll probably run into if you're doing SharePoint Forms Auth."  Next up in this series, the infamous "File Not Found" exception you will probably run into if you do Forms Authentication enough.

Comments

# re: Couldn't find user error for Forms Authentication

July 13, 2006 5:23 AM by Patrick Imboden
Hello.
Well I was trying to find out what youre saying about putting the providers in both web.config files, But I can't find out what you mean.
The only thing I did first was is put the the LocalSqlSerev Connection string in both config. Configured the Sites config to use forms and Set up the Sites config to make Forms authetication. Forms authetication is working
Now I would like to have the Users and Roles created with the ASP.Net Configuration Tool, to be listes in my site and in the Central Admin. What exactly do I have to put in my Config files?
Thanks for the help

# re: Couldn't find user error for Forms Authentication

October 25, 2006 11:47 AM by Joel
I also found that if you want to programatically add users etc using the object model, the provider information and connection string needs to also be in the ASP.NET 2.0 machine.config file. If you don't have this, the SPWeb.EnsureUser() method for instance will say it can't find (seemingly) valid users from your auth provider.