I am using FBA authentication model into one of SP WebApplications in our SP 2013 farm to give users outside the AD, accessibility to one of SPSite so they can access the lists & Libraries and run sharepoint apps ..
for that I installed & configured the components necessary to enable & manage the FBA users easily by following the steps in the great article made by Sean Earp
Configuring SharePoint 2013 Forms-Based Authentication with SQLMemberShipProvider
Now I am able to acess my SPsite using FBA users and see the Libraries & Apps inside the SharePoint site. and when I try to access one of the provider-hosted apps, the request redirected to the remote web using the FBA account correctly, but I didn't have any access to web-app or host-app from the remote website.
Is there any restriction to access sharepoint-hosted apps using FBA authentication model in SharePoint 2013.
You need to made some entry in your remote IIS site's web.config file.
Check below link. It might be helpful for you
http://www.sharepointpals.com/post/How-to-create-a-Provider-Hosted-Application-on-Form-Based-Authentication-WebApplication-in-SharePoint-2013
Related
I have a portal running using claim base authentication (windows and FBA) and enabled anonymous access , it was working fine until 19-06-2022 windows server 2016 ask for restart to install updates, after that the portal is still working only for anonymous access when try to login as FBA form login default page its just refresh without login, dont know why is that and can not login as FBA, also when try to login as windows authentication, its gives an error :
"System.ArgumentException: Exception of type
'System.ArgumentException' was thrown. Parameter name: encodedValue
at
Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String
encodedValue) ......."
After check windows update history the updates related to sharepoint is :
Security Update for Microsoft SharePoint Foundation 2013 (KB5002219)
Security Update for Microsoft SharePoint Enterprise Server 2013
(KB5002062)
those two updates are released in JUNE 14, 2022.
tried many old solutions all over the net and not fixed
tried to crate new empty web application with enable Windows and FBA authentication also not fixed the issue.
but web application works fine when disable FBA and just enable Windows authentication.
Any suggestion !?
Are you accessing your site via HTTPS/SSL? If not, that is probably the problem. Chrome made some changes to it's cookie handling a while ago, and when SharePoint released updates to handle them it broke the ability to login via FBA without SSL. All of the latest SharePoint updates require the site to be hosted with SSL for FBA login to work.
There is a Sharepoint 2013 installation which uses ADFS for authentication with the internal domain controller. The need is to write a console app/android app which can browse to a folder and then upload a document into sharepoint server. The problem I am facing is how to authenticate because the SAML 2.0 ECP profile which is required for non-browser based SAML authentication is not supported by ADFS. Is there any way in which the application can be written or is it not possible at all.
Check the code sample available here:
Remote Authentication in SharePoint Online Using the Client Object Model
The idea is to simulate a user browsing Sharepoint to retrieve the FedAuth authentication cookie, and then using this cookie in your app to perform other Sharepoint calls.
We have Sharepoint 2013 single server farm and another one server with ADFS 2.0
Now configure sharepoint site with below steps:
Install ADFS 2.0
Configure ADFS with the web application as a relying party
Configure SharePoint Server 2013 to trust ADFS as an identity provider
Configure the web application to use claims-based authentication.
Demonstrate SAML-based claims authentication from SharePoint web application
and it will working fine with sharepoint.
Now we add one provider hosted app with this sharepoint site but we get some error.
1. When deploy from VS2012 it will give an error
"Error occurred in deployment step 'Install app for SharePoint': The System Account cannot perform this action."
second way we are upload app file into app catalog and try to add this app in to sharepoint site.
Error : “Application error when access /_layouts/15/appInv.aspx, Error=This App is not installed on this site. at Microsoft.SharePoint.Lifecycle.SprocWrappers.GetAppInstanceById(SqlSession dbSessionWrapper, Guid siteId, Guid webId, Guid instanceId, Int32 lcid) at Microsoft.SharePoint.Administration.SPAppCatalog.GetAppInstance(SPWeb web, Guid appInstanceId) at Microsoft.SharePoint.ApplicationPages.AppInvPage.SetControlStateUsingAppInstanceId(String appInstanceId) at Microsoft.SharePoint.ApplicationPages.AppInvPage.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)”
This issue may be due to claim base authentication in sharepoint 2013 site. because this app will working fine in windows base authenication sharepoint site.
I faced the same issue but I was not using ADFS. For me the solution was to use another account for installing the High Trust Provider-Hosted app. The server farm account should not be used for other services. Try using another account that has required permissions.
Is it possible to use sharepoint as an authentication provider?
This is my setup:
Server A -> IIS web application loading custom dll's for different user providers
Server B -> Sharepoint 2007
Server C & D -> Multiple AD's
Sharepoint is configured to use multiple AD's as user provider
This is what I want to achieve:
A user enters his sharepoint credentials in the web application, this automaticly loads the dll (which I need to create)
This dll then forwards the credentials somehow to sharepoint and retreives some sort of user object.
The dll parses the sharepoint user object to it's own class and sends it back to the webapp.
Is this possible? If yes, what would be the best way to do this? I know sharepoint has webservices etc but I don't know if this could work.
All servers are in the same network, accessed locally so passing the credentials isn't a big problem.
UserGroup Web Service
Did you consider using the UserGroup Web Service, http://msdn.microsoft.com/en-us/library/websvcusergroup.aspx.
Available at http://sharepointserver/_vti_bin/UserGroup.asmx
It has the GetUserInfo method, http://msdn.microsoft.com/en-us/library/websvcusergroup.usergroup.getuserinfo.aspx
Authentication Web Service
There is also the Authentication Web Service, but it only return the login result, http://msdn.microsoft.com/en-us/library/websvcauthentication.aspx
Great for checking the validity of a user anyway.
Available at http://sharepointserver/_vti_bin/Authentication.asmx
So here is the scenario:
I have a MOSS 2007 box and I want my clients to be able to access a SharePoint site via the internet. I am told that I will be using an IPA and AD for authentication. However I have a DB outside of SharePoint that holds various business data and I want to use Web Services to access the data, manipulate it, and send it back to SharePoint via web parts.
The issue is that, from what I understand, I am going to have to authenticate the AD user every time a request to the Web Service happens. Obviously I dont want to do this every time because they have already authenticated to get onto the site, however I do want each call to have some form of security so its not open calls to my db. I do plan on having other applications access this service outside of SharePoint, so I dont want to have to reinstall the service for each application or even again.
Has anyone had to perform this task or something similar or do you have any suggestions on how to do this?
Thank you in advance and happy coding!
Why not just deploy the webservice to Sharepoint using a Sharepoint solution and a Feature.
That way it will be running under the sharepoint app pool and all authentication is done by sp.
Edit:
Seeing that SharePoint should not be in "control" (as stated in the comment), you should create the webservice, and run the application it's under in as using Windows Authentication. IMHO you should create a WCF Service. The, using the information found in this article you make the Service authenticate users against the AD usergroups they are in. see the "Security: Authentication" section of the article.
Then in Visual Studio you create a webpart and add a service reference to the project, pointing to your newly created Service. Have the webpart perform the needed logic (i.e. display data etc.)
Deploy the webpart to SharePoint using a SharePoint solution (.wsp files, created with WSPBuilder). Google for SharePoint + wspbuilder + tutorials. The solution should contain 1 feature to deploy the webpart. WSPBuilder integrates with VS and allows for the creation of WSPBuilde project. add a webpart feature item to the project (it will create the xml (deployment related) and code file for the webpart.