I've installed the FBA Pack and have my FBA set up as per the instructions provided and all installed fine but I would like to user the reset password feature on my custom login page so that users that forget their passwords can reset it then login using the temporary password provided. I put the page I created with the reset password web part on the same folder as my custom login page (_layouts) but when ever I click the link to reset my password the login page just refreshs and the user is not redirected to my reset password page. Is there a way to use the reset password web part before the user authenticates? Do I need to put my page somewhere other than _layouts? Thanks in advance for any help you can give to solve this.

I've actually done exactly what you describe, and I remember I had problems with the security on the application page, but for the life of me I can't remember what I did to correct it.  My only suggestion is to start with a blank, or "Hello World" application page, and make sure you can acces that correctly from the link, and then proceed to add in the Password Recovery web part.

Another alternative is to create a standard SharePoint page and give it anonymous access and add the web part to it.

Thanks for your reply. I created an application page with some basic content in the _layouts folder following the instructions on this post - http://blog.concurrency.com/sharepoint/allow-anonymous-access-to-sharepoint-application-pages-in-the-_layouts-directory/ and was able to access the page anonymously from a link on my custom login page but as soon as I add the password recovery web part the same behaviour as before happens (clicking the link to application page does nothing but redirect me back to the login page). I noticed in another discussion thread on here (topic: Membership Request Page on May 9th) another user was having the same issues and you mentioned that anonymous access needs to be turned on for the web app then set for Lists and Libraries. Is this the only way to access the password recovery web part anonymously? What if business rules dictate I can't activate any anonymous settings due to the sensitive nature of the content on my SharePoint environment? Thanks again for all your help....looks like a great tool and hope I will be able to use it in my environment.  

I looked some more into how I managed to get it working.  It turns out the problem is because the web parts inherit from Microsoft.SharePoint.WebPartPages.WebPart. I can't get even the simplest of web parts to display on an anonymous application page if they inherit from that (nor can I get any of the Microsoft web parts to display if they inherit from that as well).

Changing the web part to inherit from System.Web.UI.WebControls.WebParts.WebPart solves the problem.  I'll make the change in the next release. In the meantime the only way will be to use a standard SharePoint page and turn on anonymous access.  You can limit the anonymous access to that page only by putting it in it's own library and then only giving that library anonymous access. (Or you can grab the source and change the web part to inherit from System.Web.UI.WebControls.WebParts.WebPart)

Issue here: http://sharepoint2010fba.codeplex.com/workitem/309

Also, for other people trying to get anonymous application pages working, here's what I had to do:

Inherit from UnsecuredLayoutsPageBase

Override AllowAnonymousAccess and AllowNullWeb to return true

Set the master page to "~/_layouts/simple.master"

--- ASPX ---

<%@ Assembly Name="$SharePoint.Project.AssemblyFullName$" %>
<%@ Import Namespace="Microsoft.SharePoint.ApplicationPages" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="asp" Namespace="System.Web.UI" Assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Assembly Name="Microsoft.Web.CommandUI, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register TagPrefix="FBA" Namespace="Visigo.Sharepoint.FormsBasedAuthentication"
    Assembly="Visigo.Sharepoint.FormsBasedAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9dba9f460226d31d" %>
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ApplicationPage1.aspx.cs" Inherits="SharePointProject1.Layouts.SharePointProject1.ApplicationPage1" MasterPageFile="~/_layouts/simple.master" %>

<asp:Content ID="PageHead" ContentPlaceHolderID="PlaceHolderAdditionalPageHead" runat="server">

</asp:Content>

<asp:Content ID="Main" ContentPlaceHolderID="PlaceHolderMain" runat="server">
<FBA:PasswordRecoveryWebPart runat="server"  />
</asp:Content>

<asp:Content ID="PageTitle" ContentPlaceHolderID="PlaceHolderPageTitle" runat="server">
Application Page
</asp:Content>

<asp:Content ID="PageTitleInTitleArea" ContentPlaceHolderID="PlaceHolderPageTitleInTitleArea" runat="server" >
My Application Page
</asp:Content>

--ASPX.cs--

using System;
using Microsoft.SharePoint;
using Microsoft.SharePoint.WebControls;

namespace SharePointProject1.Layouts.SharePointProject1
{
    public partial class ApplicationPage1 : UnsecuredLayoutsPageBase
    {
        protected void Page_Load(object sender, EventArgs e)
        {
        }

        //override the allow anonymous property to true
        protected override bool AllowAnonymousAccess
        {
            get
            {
                return true;
            }
        }
        protected override bool AllowNullWeb
        {
            get
            {
                return true;
            }
        }
    }
}

The web parts have been updated to work with anonymous application pages in release 1.0.3.

I will reveal my ignorance here, and hope that, with your help, I can eliminate this lack of knowledge...

I've added the various web-parts you provide in a library of pages in my SP 2010 site. I have provided anonymous access to this library, and the pages (mostly) work fine (except that when accessing the Change Password web-part anonymously, only the title of the web part appears, but I'm not asking about that.)

Above, you mention web parts in application pages...

All the rest of our project is implemented in application pages (stored in a subfolder of the _layouts folder with our own .css and .master files in subfolders of that), except for a couple InfoPath forms. The pages I created which currently contain your webparts are (according to my understanding) site pages.

How does one insert a web part into an application page? This is how I really want to implement the web parts.

Also, related, I currently have my custom login page residing in the same subfolder within the _layouts folder as the rest of our .aspx pages, and have changed the path to the custom login page for the associated web app in Central Admin. This login.aspx page can be accessed anonymously without doing what you have described above, but none of the other application pages can be. Is this page made anonymous by SharePoint just because it is specified as the custom login page? And so I WILL have to do what you describe above for other application pages to be accessed anonymously?

I hope I've clearly communicated my situation.

Well, not only did I reveal my ignorance, but also my poor reading ability :-)

I see in your example that you show how to embed a webpart in an application page - using

<%@ Register TagPrefix="FBA" Namespace="Visigo.Sharepoint.FormsBasedAuthentication"
    Assembly="Visigo.Sharepoint.FormsBasedAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9dba9f460226d31d" %>

and

<FBA:PasswordRecoveryWebPart runat="server"  />

I'll give that a try and see what I get.

Yeah, if you copy all the code from my previous post it should work as an application page.  The main thing you need to get it to work is inherit from UnsecuredLayoutsPageBase (The login page already does) and set AllowAnonymousAccess and AllowNulllWeb.

As for the Change Password page - it grabs the user ID, so it does need to be logged in to function (which is why you're only seeing the title).

Good luck!

I keep getting a 302 and a challenge to authenticate when trying to use the Password Recovery control in a SharePoint Application Page:  UnsecuredLayoutsPageBase

I can get to to page fine anonymously, it just seems like the postback to itself gets a 302 and then throws it over to the Authenticate.aspx.  This is what Fiddler is telling me.

I've copied exactly what you had above.  It works fine if I authenticate first and then navigate to this page, so I know functionally, all is well.  It's just that anonymous access on postback.

I have AllowAnonymousAccess and AllowNullWeb both set to true in the code behind.

Are you using the code earlier in this post? What version of the FBA Pack are you using? I'm pretty sure I tested this in the latest version 1.2.0, so it should work with that version.  If you can't get it to work with 1.2.0 - try it with version 1.0.3 - it was tested and definitely works with that version.

I downloaded and installed from this site about 3 weeks ago, so I'm sure I'm using your latest (1.2).  Yes, I'm using the code from your previous post.

1.2 was only released about 3 weeks ago (Nov 21) - so i'd probably download and redeploy 1.2 over what you have. I believe I introduced a bug in 1.1, which caused it to not work anonymously (and you'd get the problems you described).

Okay, I'll try that.  Do I need to undeploy/redeploy or will the deploy script included do the proper upgrades, etc?

Just run the deploy script for the new version and it will undeploy the existing version and deploy the new version.

I redeployed everything and same issue.  :(

Try 1.0.3 - that definitely works with the code above - if not, i'd say there's something else going on in your environment.  Also, have you tried the 1.2.0 web parts on a standard anonymous access page? I know I tested that in 1.2.0.

I tried 1.0.3.  Same issue.  it must be on my side.  I'll keep trying to figure it out.  Thanks for your help.

So I'm trying it now within an anonymous sharepoint page and I'm getting this error in the logs.  I can send emails fine using the other FBA Pack web parts and this is a valid email address.

#160009: The e-mail address 'jordan.shane@gmail.com' is unknown. c4eff796-afed-4994-83c5-9a7f998609f7

One more detail, I'm running SharePoint 2010 Foundation with SP1 for all of this, if that is relevant.

SP1 should be fine. If this is the password recovery web part, then the error in the logs is because it can't find a user with that email address in the FBA database.  Check the user management page and make sure that the user exists.

Yes, this is the Password Recovery Web Part.  Yep, the user definitely exists and emails works from everywhere except this.  I'm running 1.2.0.  Hmm....

http://screencast.com/t/VlzRFIogt

Maybe this is a XSLT access issue instead?

12/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         E-Mail                         8gsf High     #160009: The e-mail address 'jordan.shane@gmail.com' is unknown. c4eff796-afed-4994-83c5-9a7f998609f712/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         General                       8kh7 High     Cannot complete this action.  Please try again. c4eff796-afed-4994-83c5-9a7f998609f712/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         General                       b9y3 High     Failed to open the file 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Resources\FBAPackPasswordRecoveryWebPart.en-US.resx'. c4eff796-afed-4994-83c5-9a7f998609f712/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         General                       b9y4 High     #20015: Cannot open "": no such file or folder. c4eff796-afed-4994-83c5-9a7f998609f712/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         General                       b9y4 High     (#2: Cannot open "": no such file or folder.) c4eff796-afed-4994-83c5-9a7f998609f7

You're right - with the full error message, it does look like the error message is coming back from the smtp server.  When you say the email works with the other web parts - does it work with this email address? I'm just wondering if relaying or something like that isn't configured properly on the smtp server (though if it were relaying i'd expect a 'cannot relay' message).  Maybe try removing this account and re-registering this email address with the membership request web part.

I'm seeing the same error message as well.  I dug into it a bit further and found that it works as expected for email addresses in my domain (test@mydomain.com), but throws the above error for email addresses outside of my domian (test@gmail.com)  I have asked our Exchange Administrator to review the relay settings to ensure it is configured to properly relay external emails.  I will post our findings when he gets back to me.

I didn't feel like it was the email server since it works everywhere else:  SharePoint Alerts, FBA New User Create feature, etc.  Only the forget password webpart was having issues.  I ended up just writing my own that did a postback and it worked fine.  I'm still not sure what the issue was.

You ended up just writing your own... Web Part?  Instead of using the provided one?

Yes, just a simple web part that did the same functionality.  Unfortunately it just didn't work for me.  Still not sure why.  The rest of the features worked great.

John, are you only having this error on the password recovery web part as well? Or do you also get an error with the membership request web part?

Yes, it only seems to occur on the password recovery web part.  Alerts, workflow, and other SharePoint emails are being sent to outside accounts.

Hi,

I had been experiencing the same problems as those faced by Jordan & John. During investigation I discovered the issue to be happening at the point the system tries to use the SharePoint object model to send an email - the password reset had already happened which was confirmed by monitoring the SQL tables in the aspnet database to see if the (encrypted) passwords had changed.

The workaround for me was to simply enable anonymous access to the claims authentication provider for the web in Site Collection Administration. Unless any further anonymous access is granted this still ensures the safety of your SharePoint sites from anon users.

Perhaps a suggested enhancement in a future release if this is a common problem might be to allow emails to be sent via the standard .NET object model rather than use the SP.SendEmail [sic] method. I realise this would require further configuration for the end user but there may be times where this is required.

Many thanks to the developers of this solution though, it's very, very good.

I think you hit the nail on the head Tobias. Thank you very much.

Usually when i'm testing, i'm either accessing as anonymous, or i'm logged in as a different user than the one that i'm recovering. (The web part really is meant to run as anonymous, because if you're logged in, obviously you don't need to recover your password).  I think if you're logged in and recover your own password, you'll essentially be logged out of SharePoint and no longer be able to send the email.  I'll update the code in the next release to elevate privileges before sending the email, which should fix this issue. I've raise the issue here:

http://sharepoint2010fba.codeplex.com/workitem/683

In the meantime, the work around is to run the web part anonymously.

From: ccoulson

I think you hit the nail on the head Tobias. Thank you very much.

Usually when i'm testing, i'm either accessing as anonymous, or i'm logged in as a different user than the one that i'm recovering. (The web part really is meant to run as anonymous, because if you're logged in, obviously you don't need to recover your password). I think if you're logged in and recover your own password, you'll essentially be logged out of SharePoint and no longer be able to send the email. I'll update the code in the next release to elevate privileges before sending the email, which should fix this issue. I've raise the issue here:

http://sharepoint2010fba.codeplex.com/workitem/683

In the meantime, the work around is to run the web part anonymously.

Hi,

Sorry to reopen an old post, just bored of banging my head against a brick wall now.

I've created the anonymous access page as outlined above, and I only installed the pack about 3 weeks ago, so I assume it has the updates you mention.

On this page that I've deployed, and activated, I can now access it without having to login, and have the password recovery control on it, and that's working as expected.

I also have the membership request control on, and while it appears to run on the page, as soon as I go to submit, it seems to do something then redirects me to the login page. (Copied below incase anyone can see whats happening)

http://admin-pc:16132/_login/default.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F%255Flayouts%252FSharePointProject3%252FPasswordRecovery%252Easpx&Source=%2F%5Flayouts%2FSharePointProject3%2FPasswordRecovery%2Easpx

No user is added to the database, in an unapproved state so I'm not sure what I'm doing wrong.

This is what I have in the content bit of the page:

<FBA:PasswordRecoveryWebPart runat="server"  />
<h1>User Registration</h1>
<FBA:MembershipRequestWebPart runat="server"  />

As you can see, it's very basic, out of the box, password recovery works, membership request doesn't. Do I need some sort of template in my membership request control?

Thanks in advance!

It sounds like SharePoint is catching one of the operations that's happening behind the scenes as needing authentication, so it's redirecting you to the login page. Try changing the Site Collection's anonymous access settings to Lists and Libraries:

 Go to ‘Site Settings’, ‘Site Permissions’. Click on ‘Anonymous Access’. From the ‘Anonymous users can access: ‘ dialog, choose ‘Lists and Libraries’ and click OK. 

This will still keep the site secured to members only, unless you specifically enable anonymous access for lists and libraries. 

This has worked for me in the past, when there were issues loading the xslt templates and no anonymous permission on the site.  Since your password recovery control is working, i'm not sure this will fix it for you - but something to try.

Great, Cheers Chris,

Sorry for the late reply, got taken off the project to work on something else.

Setting the 'List and Libraries' to anonymous solved the problem.

I was then getting 'Unknown error' on submission but after looking round the discussions, worked out it was an email issue. Downloaded smtp4dev (http://smtp4dev.codeplex.com/) as I'm on a Win 7 machine, which provides a useful smtp service and has solved all, membership is now working!

Thanks Again,
Bav 

 1

Do you get the warning if the file is closed when you compile? I find that Visual Studio will generate a lots of warnings for tags and other issues it doesn't recognize when the file is open.