Forms Based Authentication (FBA) Tips in SharePoint 2010

Recently with a client that had enabled FBA for SharePoint 2010 and was having issues getting the User’s information due to the format and problems with connecting SharePoint user to Membership Provider user. After a bit of checking, turns out they had a) not understood the format of the user name being returned and b) didn’t know about naming in FBA.

First off is the format of the name – when pulled from either the Membership Provider or SharePoint, the format is something like: i:0#.f|MyFBA|MyLogin – for the translation:

i:0#.f = A placeholder (seems to be always 0)
MyFBA = the name of the provider
MyLogin = the actual login name of the user

Second was the naming of the provider itself – as it turns out, they had used two different names when they created the Membership Provider and the name they gave it in SharePoint and SharePoint’s web.config.

When accessing SharePoint (the SPUser object), the name SharePoint will return is in the provider format of : i0#.f|membership provider name from the web.config|user login – the provider name in this case is the name supplied when the site is created.

However my client had used a different name when creating the provider using the ASP tool – thus when returning the User from the Membership provider, the format is the same but the name is different: i0#.f|membership provider name ASP configuration|user login. This of course, makes comparison a bit difficult as you may imagine.

The problem is that once this is set up, the only way to change it is via Central Administration – Web Applications – Manage Web Applications. Click to select the site,  select it, then click Authentication Providers in the ribbon. From the pop-up, select the Default link, and then from there you can change the names.

HOWEVER BE FOREWARNED – if you change the name of the provider, it will mess up the users in SharePoint internally (those already created have the original provider name); this means you have to delete ALL USERS from SharePoint and add them back – not for the faint of heart.

For code, the following routines should help you.

To get the SharePoint User:

public SPUser ReturnCurrentSPUser()
{
SPWeb site = SPContext.Current.Web;
SPUser currUser = null;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite ElevatedsiteColl = new SPSite(site.Site.ID))
{
using (SPWeb ElevatedSite = ElevatedsiteColl.OpenWeb(site.ID))
{
currUser = site.CurrentUser; //not the ElevatedSite.CurrentUser
}
}
});
return currUser;
}

To get the “real” login name from the Membership Provider:

public string ReturnCurrentUserLogin()
{
string LoginName = "";
SPClaimProviderManager ClaimManager = SPClaimProviderManager.Local;
if (ClaimManager != null)
{
try
{
LoginName = ClaimManager.DecodeClaim(SPContext.Current.Web.CurrentUser.LoginName).Value;
}
catch (Exception NotMembershipUser)
{
string WhyErr = NotMembershipUser.Message.ToString();
LoginName = "";
}
}
return LoginName;
}

To get the “Formated” User Name:

public string ReturnCurrentUserClaimLogin(string UserLoginName, string ProviderName)
{
string userName = null;
SPClaimProviderManager ClaimManager = SPClaimProviderManager.Local;
if (ClaimManager != null)
{
try
{
SPClaim claim = new SPClaim(SPClaimTypes.UserLogonName, UserLoginName, "http://www.w3.org/2001/XMLSchema#string", SPOriginalIssuers.Format(SPOriginalIssuerType.Forms, ProviderName));
userName = ClaimManager.EncodeClaim(claim);
}
catch (Exception NotMembershipUser)
{
string WhyErr = NotMembershipUser.Message.ToString();
userName = "";
}
}
return userName;
}