This project has moved. For the latest updates, please go here.

FBA Roles and SharePoint Groups

Aug 7, 2013 at 4:53 PM
I installed the FBA Pack and I have created roles, then added them to the appropriate SharePoint Permissions Group (ie: FBA Member > SiteName Members). Then I created FBA Users and assigned them to the FBA Member role.

But when I try to log in at that user, I am getting Access Denied.

Any thoughts on what I may be missing?
Coordinator
Aug 7, 2013 at 5:41 PM
It sounds like you're doing things properly. Can a user log in if they are added to the SharePoint group directly?
Aug 7, 2013 at 5:44 PM
If I add the FBA user to the SharePoint Group directly, yes, they can log in.
Coordinator
Aug 7, 2013 at 5:54 PM
That is strange then. Are you sure the RoleProvider is setup correctly in the SecureTokenService web.config?
Aug 7, 2013 at 6:10 PM
Here is the lines from the web.config file for SecureTokenService:

<system.web>
    <membership>
        <providers>
            <add name="sqlmember" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="SqlConn" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" />
            <add name="aspnetmembership" connectionStringName="TeamsSqlServer" applicationName="TeamsSite" type="System.Web.Security.SqlMembershipProvider,               System.Web, Version=2.0.0.0, Culture=neutral,               PublicKeyToken=b03f5f7f11d50a3a" />
            <add name="FBAMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBAConn" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
        </providers>
    </membership>
    <roleManager enabled="true">
        <providers>
            <add name="sqlrole" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="SqlConn" />
            <add name="aspnetrolemanager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="TeamsSqlServer" applicationName="TeamsSite" />
            <add name="FBARoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBAConn" />
        </providers>
    </roleManager>
</system.web>
Coordinator
Aug 7, 2013 at 8:49 PM
Assuming the FBARoleProvider entry matches your web application web.config entry - i'd say this looks good - not sure why you're having issues. Maybe check your SharePoint log file to see if it has any relevant info?
Aug 7, 2013 at 9:17 PM
I've checked the logs and do not see anything. I have it installed on a Development system as well, but with the same issues.
Coordinator
Aug 7, 2013 at 9:32 PM
Did you add the user to the role in the FBA Pack Edit User page? If not, try that and let me know if the user can log in then.
Aug 7, 2013 at 10:07 PM
Not sure I understand what you are referring to. Could you explain and where to locate?
Coordinator
Aug 7, 2013 at 10:08 PM
Site Settings -> FBA User Management -> Edit a user.
Aug 7, 2013 at 10:11 PM
All three users that were entered into the FBA User Manager and have been assigned roles. I create 3 roles, FBA Member, FBA Owner, FBA Reader. Under FBA Roles, FBA Member shows 2 users in that role and FBA Owner shows 1.
Coordinator
Aug 7, 2013 at 10:15 PM
Ok - I wasn't sure if they had been assigned there, or outside of SharePoint. It sounds like you have everything configured properly. Are you sure that the proper name for the roleprovider is set in Central Admin - Web Application Management?
Aug 7, 2013 at 10:19 PM
For that particular web application, yes. ASP.NET Membership provider name FBAMembershipProvider & ASP.NET Role manager name FBARoleProvider.
Aug 7, 2013 at 10:24 PM
In IIS, there is a Provides icon, a .NET Provile, .NET Users and .NET Roles. FBAMembershipProvider is listed under .NET Users, FBARoleProvider is listed under .NET Roles, and nothing is listed under the .NET Profile. The only one listed under .NET Profile dropdown under Providers is AspNetSqlProfileProvider.
Coordinator
Aug 8, 2013 at 2:38 AM
It sounds all good - not sure why it wouldn't be working.
Aug 8, 2013 at 3:52 PM
Good Morning. Strange, it is working now and I did nothing to it since our conversations.

Thanks for all your help.