I've set up FBA (Forms Based Authentication) on a SharePoint site a few other times, but never on Mysites.  Typically I follow Dan Attis's blog posting, which covers setting up FBA.  Dan also has another great post about setting up FBA with MySites.  Basically since MySites is tied to the Shared Service Provider, you have to setup FBA on both the SSP, and the site that hosts MySites.  I followed Dan's steps to the T but still ran into some issues.  Once I converted the SSP fully over to FBA, I wasn't able to get into all parts for configuring MySites that I needed, I would get errors telling me I didn't have permission.  What gives?  I followed Dan's steps, added an FBA account as an admin in the site, why would I be getting these errors?

So I backed out setting my SSP to FBA and set it back to Windows Auth and started taking a look at the permissions.  Everything looked fine.  Then I stumbled across the problem.  When your in your SSP and go to MySite Permissions, below is a screenshot of what a typical SSP MySite Permissions looks like.  Notice how you don't see your FBA admin account anywhere. 

image

So I added my FBA account and gave it the same permissions as my Windows Auth Admin account, switched my SSP back to FBA and viola!  I was able to now fully administer the SSP with my FBA admin account.  Notice how the spadmin account has the same permissions as my Windows Auth account.

image

 

Another thing to not here is the "everyone" group.  Dan talks about making this group in his posting, and it especially comes in handy when you want to do straight FBA with MySites.  I created the Everyone group and gave it the same permissions as the "NT Authority\Authenticated Users", which makes sense that you have to do this.  If you DIDN'T have an everyone group (or at least a group of users that COULD create MySites), you'd have no way for a FBA user to automagically create their mysite.  So by adding an "everyone" group and mimicing the "NT Authority\Authenticated Users" group, you now allow any authenticated FBA user to be able to create their MySite.

 

Here are the 2 links to Dan Attis's FBA walkthroughs.  They really are great resources and I can't thank Dan enough for posting them and helping everyone out most likely pulling his hair out discovering the secret of the SharePoint FBA.

Dan Attis's 2 part posting about FBA Part 1 : http://devcow.com/blogs/jdattis/archive/2007/02/23/Office-SharePoint-Server-2007-Forms-Based-Authentication-FBA-Walkthrough-Part-1.aspx

Dan Attis's 2 part posting about FBA Part 2 : http://devcow.com/blogs/jdattis/archive/2007/03/01/Office-SharePoint-Server-2007-Forms-Based-Authentication-FBA-w-MySites-Walkthrough-Part-2.aspx


Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2017 Tony Testa's World