What is Forms-Based Authentication (FBA)? FBA is an authentication method that uses the ASP.NET membership and role provider, and stores user credentials in a back-end database. For those of us who implemented SharePoint 2007 Extranet environments with FBA, we are still having nightmares. Fortunately for us, our friends at Microsoft have made improvements with the latest release.
Most SharePoint environments use Windows Authentication to authenticate their users so they can access their SharePoint sites, but there are situations where this is not always advised. More specifically, for Extranet environments, the majority of organizations do not like the idea of having external user accounts within their internal domains.
When this situation arises, there are two options: FBA, and setting up a second domain with a two-way trust to the internal domain. Looking at these two options, FBA is much easier and less costly to implement. Unfortunately, when using FBA with the previous releases of SharePoint, Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0, there were several limitations. With this latest release, SharePoint Server 2010 and SharePoint Foundation 2010, these limitations have been eliminated:
• A single Web application can use both Windows Authentication and FBA. This is important, as you no longer have to “extend” your Web application, eliminating issues when linking to or accessing content.
• Users with Office 2010 will no longer have Office/FBA compatibility issues when accessing content in SharePoint 2010 environments. This will allow users to have use of all the integration capabilities of Office 2010 applications with SharePoint 2010 solutions.
It may not seem like much, but these are two very important things to consider when implementing an authentication method other than Windows Authentication. Now that these two issues are no longer a concern, using FBA for Extranet environments will be a bit more enticing, not to mention easier for us IT Pros!
For additional information on Forms Based Authentication, please take a look at some of these resources:
• http://technet.microsoft.com/en-us/library/cc262350.aspx
• http://technet.microsoft.com/en-us/library/ee806890.aspx
• http://blogs.msdn.com/b/spidentity/archive/2010/01/04/claims-based-authentication-cheat-sheet-part-1.aspx
• http://msdn.microsoft.com/en-us/library/bb975135(v=office.12).aspx
Chris Caravajal is a consultant with SharePoint911.