"Access Denied" error after setting up Form Based Authentication for SharePoint site using Active Directory as a datastore

  • Article

 

Recently I faced very interesting scenario where I have configured everything as mentioned in this article https://blogs.msdn.com/echarran/archive/2006/09/11/749707.aspx for the Forms Authentication using Active Directory Membership Provider. After doing so, whenever I tried to login I was getting “Access Denied” error and was not able to login via any user. To check the configuration validity in Web.Config of my web application I did the following:

1. Opened Central Administration Web site.

2. Clicked on the Application Management tab, and then clicked on Policy for Web application.

3. Ensured that the correct Web application is selected; it is displayed in the upper-right corner. Clicked Add Users.

4. In the Zones list, clicked the appropriate zone for which I was setting up the FBA.

5. On the Add Users page, clicked the address book icon to open the People Picker dialog box

6. In the People Picker dialog box, typed the username (user from membership datastore) in the Find box, and then clicked the search button.

7. I was not getting any user in the result which meant that there is some problem in web.config file.

I looked at the Authentication Provider page carefully and here is what I figured out which was missing in my configuration:

Above screen says that you need to do the same configuration in Central Admin site’s web.config as well. That was the missing part. I did the same modification in the Central Admin’s web.config which I did it for my web application.

I followed the steps 1 – 7 listed above and this time was I was seeing the users. You should also notice that the account name is displayed in the format that SharePoint uses internally to keep track of it: MembershipProviderName:accountName. In this scenario, that means the account name for username is ADProvider:username.

Then I did few additional steps:

1. Double-clicked username to add it to the Add box, and then clicked OK.

2. Selected Full Control

3. Click Finish to save the changes.

Logged-in back to my web application using the FBA and with the same user, this time I was able to login without any error.

Hope this will be useful to someone who is also facing similar issue.

Cheers !!!!