Forms Based Authentication ( FBA) in WSS 3.0 / MOSS 2007

1. Configure SharePoint Central Admin 

  • Login to SharePoint Central Admin

  • Go to Application Management / Application Security / Authentication Providers and Change the Web Application to the one which needs to be configured for Forms Based Authentication

  • Click zone / default, change authentication type to forms and enter ActiveDirectoryMemebershipProvider under membership provider name ( for example , "ADMembershipProvider") and save this change

2.Update the web.config of SharePoint Central admin site

under <configuration> node

<add name="ADConnectionString" connectionString="LDAP://DynamicsAX.local/CN=Users,DC=DynamicsAX,DC=local />

under <system.web> node

<membership defaultProvider="ADMembershipProvider">
<add name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,Version=,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"
connectionUsername="xxx" connectionPassword="yyy"

replace the connectionstring to the one matching your encvironment and replace"xxx" with domainname\username and "yyy" with password


3.Update the web.config of SharePoint Web application

  •  Repeat step 2 for the web.config of the SharePoint webapplication to be configured for Forms Based Authentication

  •  Change the authentication in web.cconfig to
    <authentication mode="Forms">
        <forms loginUrl="/_layouts/login.aspx"></forms>

For more details

Comments (18)

  1. Tony says:

    Do you know if we lose any Microsoft Office coupling capabilities when using Forms Authentication?

  2. Mey M says: talks about how you can do client connection with FBA. lists some issues/work arounds.

  3. Jignesh says:


    Very good explanation but I have this question.

    What I’m trying to do is write a custom membership provider that authenticates the users via a custom web service. The Membership Provider doesn’t communicate with the SQL server at all it communicates with the web service for all of its operations and the WS in-turn connects to the SQL server.

    I have implemented most of the methods and properties (some still throw not implemented exception) and ValidateUser and Initialize methods do get called (in debug mode). The issue I’m running into is GetUser never gets called when I try to Search for users in MOSS administration site to add users into the site or set site collection administration using the people picker.

    Since my provider is not directly communicating with backend system directly, I do not have connectionString in the web.config file. Could that be the issue ?

    Here’s the web.config setting



                                                   <remove name="AspNetSqlMembershipProvider"/>

                                                <add name="MembershipTest" passwordAttemptWindow="10" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true"

    requiresUniqueEmail="false" applicationName="MyTest"

    type="DEMembershipProvider.Custom.CustomAuthenticationProvider, DEMembershipProvider, Version=, Culture=neutral, PublicKeyToken=116c9f5eed79bbc1" />



    This is the only update to the config file both in the application and central admin.

    Thanks a lot in advance.

  4. shahj99 says:

    Well, well well…. Found the fix for the issue I posted earlier.

    <membership> should be changed to :

    <membership defaultProvider="MembershipTest">

    defaultProvider is required otherwise the People Picker wouldn’t search.

  5. nikos.msk says:


    I made all settings as described in this article but every time I got 403 error in browser with eventlog error

    Object reference not set to an instance of an object.


      at Microsoft.Dynamics.WebParts.SessionItem.Init()

    When I access sharepoint pages without axapta components, everything works perfect! But axapta beb parts failed to initialize.

    Thanks for any suggestions!

  6. Raúl. says:

    Hi all,

    I’ve followed all the steps.

    The active directory authentication seems to validate, but after that…


    What about the axapta validation?

    Does axapta business connector need the "Domain" before the Username to login?

    Any suggestion?

  7. SShah says:

    Hey Raul,

    I am facing same issue as your where i am getting Access Denied error . were you able to find solution for this?

  8. Rahul Sharma says:

    Hi Raul and SShah,

    We are also facing the same problem. could you suggest the solution if you have any.



  9. parvesh says:

    Hey Rahul,

    You will need to mention the admin of your site collection, map an AD user to your site collection and it should work



  10. I had an issue this week that I was unable to sign in to my personal WSS site. for some reason the popup

  11. Gerhard says:

    I have done all the required things, about the FBA doesn’t work.

    I get the login page "_layouts/login.aspx" but after click Login,I get the message "Page or Site not found"

    I don’t no what is the problem? The configuration parameters in the web.config?

  12. Chris says:

    I’ve the authentication set up for my SharePoint site, but it seems it won’t resolve usernames in the Central Administration when trying to change the Site Collection Administrators. I’ve googling for this, but haven’t found anything much relevant to this particular problem. Any ideas on what to look for?

  13. Bram v says:

    Is it possible to combine FBA and Domain based Authentication on one site in WSS 3.0?

    We are using the web based interface for external partners but would like to have domain based for our own users.

  14. Ram says:

    Please any one can suggest how to

    configure search for a site which was a Form Based Authentication .

  15. Wes Brower says:

    Getting an unexpected error has occured with this any thoughts?

  16. TNA says:

    I had no trouble, i have an article which outlines the process

  17. Jesse says:

    Well, in my experiences in FBA world, when you get access denied or you cannot get the user resolve in the Policy for Web Application in Central is because there is something wrong with the web.config file. Also, be very careful how you create your membership providers.

  18. Vivek says:


    I am trying to set up the Active Directory authentication for my share Point site as well.

    I have made all the changes as described here.

    I updated Central Admin and my Extended Site's web.config. I got this error.

    User objects cannot be created in the specified container. (C:InetpubwwwrootwssVirtualDirectoriesVPATEL-SRV-test3031web.config line 64)

    When I remove the changes in my site's web.config i get the unknown error.

    Can you please help me?



Skip to main content