External Collaboration ToolKit

The Community Kit for SharePoint is a set of best practices, templates, Web Parts, tools, and source code that enables practically anyone to create a community website based on SharePoint technology and share the work and ideas around to the community.

The community has created the Community Kit for SharePoint Forms Based Authenication (CKS FBA) SharePoint feature that will allow users (who don’t have Active Directory account) to register membership, manage  their login accounts and log into a extranet SharePoint site using their accounts. Users accounts are stored in a SQL server database. CKS FBA is a reusable security model that can be applied across to other websites that needs certain content to be secured and accessible to logged on members.

Installation

To setup and install the CKS Form Based Authenication (FBA) in SharePoint, follow these steps below. Note that there is a installation bug with one of the FBA feature which we need to modify later in step 6

1. Set up form base authenication in SharePoint (To do this follow the instruction from my blog).
2. Download the Beta release version CKS Forms Based Authentication Windows Solution Package (WSP) from Codeplex back inOctober 2008. Note however that you can also download the latest patch upgrade (ID 4664) here, which at the time of this writing, this patch that I’ve uploaded back to CKS is still waiting evaluation approval from the Codeplex community.
3. Unzip the zip file onto the file system of the SharePoint server and you will find 4 files. Deploy/Undeploy/Upgrade command files and the CKS.FBA.wsp solution file.
4. Copy the unzip files (in step 3) to the server farm where you will install the CKS WSP
5. Remote desktop to the server, and type ”deploy <site URL>” in DOS command. Then press enter. Note that if you have both an intranet and extranet URL site that shares the same content, then install the CKS.FBA WSP on the extranet URL site.
6. (Skip this step only if you’ve download the lastest patch of CKS FBA in step 2) Open the xml file C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\FEATURES\FBAManagementSelf\feature.xml and comment out the line below. <ActivationDependency FeatureId=”01AA8D8B-000A-4c35-8F4F-5D1280377650″ />
7. Go to the site and check that all the 3 Forms authenication feature is actived. Once the FBA features has been activated, you can begin using the FBA web parts.
8. Activate error logging for approving/rejecting pending new membership request from users. Go to Site Action->Site settings->Modify all site settings Then click on “FBA Membership Request Management” link. Go to Settings->List settings->Create column. Then add new column name “LastError” as a single line of text data type. Click Ok
9. Grant permission on the FBA email XML files located on the MOSS server farm by:

• Open IIS manager (Start | Control Panel | Administrative Tools | Internet Information Services Manager).
• Expand the “Application Pools” node
• Right click the application pool which your project is using, and then select “Properties”.
• Click “Identity” tab.
• Record down on paper (remember it) the user account.
• Open Windows Explorer and go to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\ folder.
• Righ click on the “FBA” folder and then select “Properties”
• Click the “Security” tab.
• Add the user acocunt in access list and check ALL permission

Setting up secure pages

1.  Create at least 3 SharePoint groups for the secured SharePoint site being:

• Administrators :-Users in this group has full control permission
• External Members :- Users in this group has read and contribute permission
• External Visitors :- Users in this group has read only permission

2. Create the following 8 public SharePoint pages (accessible to everyone) below to be located under the http://<domain name>/pages folder:

• Add User page :- This page (e.g. adduser.aspx) will allow new external user to request for a new membership registration, using the “Membership Request” web part. When a user has submitted their details for a new membership request, the person will be redirected to the successfull registration page.
• Cancel password page :- This page (e.g. cancelpassword.aspx) contains a message when external user cancels the process  of changing their existing password
• Cancel registration page :- This (e.g. cancelregistration.aspx) page contains a message when external user cancel their registration process to create a new membership account
• Change password page :- This page (e.g. changepassword.aspx) will allow existing logon user to change their existing password using the “change password” web part. When user clicks the cancel button, the person will be redirected to the cancel password page. A successful password change will redirect user to the successful change password page.
• Forgotten password page :- This page (e.g. forgottenpassword.aspx) will allow user to reset their existing forgotten password. The system will send a new temporary password via the user’s email address. User will need to login and change the temporary password to their prefer choice.
• Successfull login page :- This page (e.g. successfullogin.aspx) will be displayed when a user has succesfully logged into the secure site
• Successfull change password page :- This page (e.g. successfullpasswordchange.aspx) will be displayed after user has change their existing password to a new one.
• Successfull registration page :- this page (e.g. successfullregistration.aspx) will be displayed after a new external user has successfully submitted a new membership request.

3. Add the “login” web part on the default home page.

4. Create 3 links on the default home page being: i)Already registered? ii)Forgotten your password? & iii)Do you want to change your password?

5. Use the target audience feature to determine which SharePoint group (created in step 1) is required to access certain pages, contents and any subsites.