I have configured FBA for one my site. After quick testing everithing looked good but when real users started to use site they were getting random SharePoint exception screens or "you do not have permission to the site" screen. But after error they can simply navigate to the site and they can open it normally. In SharePoint logs I found multiple "An exception occurred when trying to issue security token: The security token username and password could not be validated." But when I am trying to reproduce the issue this is not easy. I can try to login 20 times with different users and everithing works good but finally I can see those error screens couple times after hard testing. What could be wrong with FBA configuration?
Site FBA config:
<membership defaultProvider="i"> <providers> <remove name="FBA" /> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="FBA" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBADB_Prod" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" /> </providers> </membership> <roleManager cacheRolesInCookie="false" defaultProvider="c" enabled="true"> <providers> <remove name="FBARoles" /> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="FBARoles" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" connectionStringName="FBADB_Prod" /> </providers> </roleManager>
Centralize Admin config:
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"> <providers> <add name="FBARoles" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBADB_Prod" applicationName="/" /> </providers> </roleManager> <membership defaultProvider="FBA"> <providers> <add name="FBA" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBADB_Prod" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" applicationName="/" /> </providers> </membership>
SecurityTokenServiceApplication app config:
<membership defaultProvider="FBA"> <providers> <add name="FBA" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBADB_Prod" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" applicationName="/"/> </providers> </membership> <roleManager enabled="true" defaultProvider="FBARoles"> <providers> <add name="FBARoles" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBADB_Prod" applicationName="/"/> </providers> </roleManager>
Connection string:
<connectionStrings> <add connectionString="Server=PRODSQLSRV;Database=FBADB_Prod;Integrated Security=true" name="FBADB_Prod" /> </connectionStrings>
Oleg