Skip Ribbon Commands
Skip to main content

Cleveland SharePoint User Group

:

Group Discussion:MOSS 2007 FBA with Active Directory (add all users) :FlatUse SHIFT+ENTER to open the menu (new window).Open MenuOpen Menu

Group Discussion
Post
Started: 8/7/2009 5:45 AM
MOSS 2007 FBA with Active Directory (add all users)
Hello,
I am trying to create a single zone internet site that uses forms based authentication (FBA) to authenticate against my existing Active Directory domain.  I am able to successfully:
  • add site collection administrators from both windows and the AD Membership Provider
  • log into the site via the admin accounts
  • go to site settings > Permissions > and Add individual users to a group. (the people picker shows both accounts from the AD Domain and the AD Membership Provider) 
If I add users from AD Membership Provider individually, I am able to log in to the site as these users... and maneuver as expected.

However, I cannot find a way to bulk add all users from my AD Membership Provider (which is really all users from my AD domain).  Adding the NT AUTHORITY\authenticated users group allows me to log in as a user in the group, but then I immediately see a permission denied page, and a link to log in as a different user.

If I change the authentication provider to Windows Authentication, I am able to log in with any user in the AD Domain and maneuver through the site as one would expect.

Any suggestions will be very much appreciated. 

Thanks in Advance.


Matt
Posted: 8/8/2009 1:26 PM
In order to add groups, such as Domain Users, with FBA, you need to use a role provider.  ASP.net offers a free MEMBERSHIP provider (for USER accounts) out of the box, but not a free ROLE provider (for GROUP accounts).  You either need to develop one or check Codeplex/etc for something someone has already started for you.
 
Your only other option, if you don't wish to use the Role Provider, is to figure out a way to automate the process of adding every user (e.g. a C# console app that uses SharePoint API and Active Directory API, runs nightly/hourly, and just keeps updating every user into the site).

-TRN