Windows Authentication in sharepoint 2013

Similar Messages

• Clientside authentication in sharepoint 2013 using spservices

  Hi,
  Can anyone give me solution for Clientside authentication  in sharepoint 2013 using spservices 

  Hi Dennis,
  I want to check credentials
  for user dynamically  in Client object Model or spservices.I know that we can pass username and password through Network credentials using Client object Model,but i passed statically(username,password).
  Do have any solution regarding this.
  Please provide me  any links or solution for this problem.

• Kerberos Authentication between Sharepoint 2013 Foundation - SSRS 2012 - Oracle 11g failing with ORA-12638: Credential retrieval failed

  I have set up SharePoint 2013 Foundation, SharePoint Reporting Services and SQL Server 2012 in a single server. I then created a Data Connection to Oracle 11g. Upon testing the connection, it throws the error “ORA-12638: Credential retrieval failed”.
  Given below are the steps of installation and configuration.
  Installation till basic authentication:
  The installation has been done in a
  single server.
  Installed SQL Server 2012 (Developer version).
  Selected only the following features:
  Database Engine Services
  Analysis Services
  Reporting Services – SharePoint
  Reporting Services Add-in for SharePoint Products
  Management Tools – Basic
  - Management Tools - Complete
    2. Installed SQL Server 2012 SP1.
    3. Installed SQL Server 2012 SP2.
    4. Installed SharePoint Foundation 2013.
    5. Created web application (without Kerberos; we did not even create the SPNs).
        The application pool has been configured to use Reporting Services account since it is a single server installation. This account has been registered as a managed
  account.
    6. Created Site Collection.
    7. Verified that Reporting Services is not installed.
    8. Installed SharePoint Reporting Services from SharePoint 2013 Management Shell.
    9. Verified that Reporting Services is installed.
   10. Created a new SQL Server Reporting Services Service Application and associated the Web Application to the new SQL server Reporting Services Service Application.
    11. Verified that SQL Server Reporting Services Service Application and its proxy have started. Reset IIS.
    12. Created a Site.
    13. Created a Data Connection library with “Report Data Source” content type.
    14. Created a Report Model library with “Report Builder Model” content type.
    15. Created a Report library with “Report Builder Report” content type.
    16. Uploaded an SMDL to the Report Model library.
    17. Added the top level site to Local Intranet instead of as a Trusted Site in the browser settings.
    18. Able to create and save a report using Report Builder.
  Hence, basic authentication is working and SSRS is able to connect to Oracle database.
  Next we have to configure Kerberos settings between SharePoint and SQL Server.
  Implementation of Kerberos authentication
  In the Report Server machine, opened the file C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\WebServices\Reporting\rsreportserver.config  and added the Authentication Types of RSWindowsNegotiate
  and RSWindowsKerberos.
   2.  Set up the following SPNs.
                 a) SQL Server Database Engine service (sqlDbSrv2):
                  setspn -S MSSQLSvc/CER1110:1433 CERDEMO\sqlDbSrv2
                  setspn -S MSSQLSvc/CER1110.cer.demo.com:1433 CERDEMO\sqlDbSrv2
               In the Delegation tab of the account, selected "Trust this user for delegation to any service (Kerberos only)".
  b) Account: SharePoint Setup Admin account (spAdmin2)
       setspn -S HTTP/CER1110:9999 CERDEMO\spAdmin2
                  setspn -S HTTP/CER1110.cer.demo.com:9999 CERDEMO\spAdmin2
                  In the Delegation tab of the account, selected "Trust this user for delegation to any  service
  (Kerberos only)".
  c) Account: SQL Server Reporting Service account (sqlRepSrv2)
                     setspn -S HTTP/CER1110 CERDEMO\sqlRepSrv2
                     setspn -S HTTP/CER1110.cer.demo.com CERDEMO\sqlRepSrv2
                     In the Delegation tab of the account, selected "Trust this user for delegation to any service
  (Kerberos only)".
    3. Configure the Web Application to use “Negotiate (Kerberos)”.
    4. Logged in as SharePoint Administrator to the SharePoint server and opened the top level site in the IE browser.
       The Event Viewer logged the login process for the SharePoint Administration account as
  Negotiate and not Kerberos.
    5. Implemented Kerberos for Oracle database and client.
       Able to connect to the Oracle database via Kerberos authentication using SQL Plus.
    6. Turn on Windows Firewall.
    7. While testing the site's data connection using Kerberos settings, got the error
  “Can not convert claims identity to windows token. This may be due to user not logging in using windows credentials.”
        Note: The Data Connection for basic authentication still worked.
    8. Created a Claims to Windows Token Service account (spC2WTS2).
    9. Started the Claims to Windows Token Service.
   10. Registered the Claims to Windows Token Service account as a Managed Account.
   11. Changed the Claims To Windows Token Service to use the above managed account.
   12. Verified that the Claims to Windows Token Service account (spC2WTS2) is automatically added to the WSS_WPG local group on the SharePoint box.
        Note: The Reporting Services service account is also a part of the WSS_WPG local group.
   13. Added the Claims to Windows Token Service account (spC2WTS2) to the Local Admin Group on the machine having the SharePoint App Server.
   14. In the SharePoint box, added the Claims to Windows Token Service account (spC2WTS2) in the Act as part of the operating system policy right.
   15. The Claims to Windows Token Service account (spC2WTS2) has the WSS_WPG group configured.
        When the C2WTS service was configured to use the managed account Claims to Windows Token Service account (spC2WTS2) earlier, the spC2WTS2 account was automatically
  added to the WSS_WPG local group on the SharePoint box. The WSS_WPG group in turn is configured in c2wtshost.exe.config file.
   16. Verified that the Reporting Services account is a managed account and part of the WSS_WPG group.
   17. Earlier Service Application Pool - SQL Server Reporting Services App Pool service was associated with the SharePoint Admin account.
        Changed this to associate the Reporting Service account with the Service Application Pool - SQL Server Reporting Services App Pool service.
   18. Changed the delegation of the Reporting Service account to constrained delegation with Protocol Transitioning. This is because we are transitioning from one authentication scheme (Claims) to another (Windows Token).
        For this, the delegation has been changed to "Trust this user for delegation to specified services only". Also, selected the sub radio button "Use
  any authentication protocol". Selected the Oracle Kerberos service as the service to which this account can present delegated credentials.
        Note: The Reporting Service account already had an HTTP SPN.
   19. Next, the goal was to make the Claims To Windows Token Service account match the Reporting Service account.
         For this, we created a fake SPN for the Claims To Windows Token Service account since the delegation tab was missing.
         The delegation has been changed to "Trust this user for delegation to specified services only". Also, selected the sub radio button "Use any
  authentication protocol". Selected the Oracle Kerberos service as the service to which this account can present delegated credentials.
   20. Restarted the SharePoint server.
   21. Tested the data connection with the Kerberos settings again.
         Got the error
  “ORA-12638: Credential retrieval failed”.
  Can anyone tell me what is wrong with this setup?

  http://www.freeoraclehelp.com/2011/10/kerberos-authentication-for-oracle.html
  Problem4: ORA-12638: Credential retrieval failed
  Solution:  Make sure that SQLNET.KERBEROS5_CC_NAME is set in sqlnet.ora and okinit has been run before attempting to connect to the database.
  Do check 
  http://webcache.googleusercontent.com/search?q=cache:5a2Pf3FH7vkJ:externaltable.blogspot.com/2012/06/kerberos-authentication-and-proxy-users.html+&cd=5&hl=en&ct=clnk&gl=in
  If this helped you resolve your issue, please mark it Answered. You can reach me through http://itfreesupport.com/

• Form Based Authentication in SharePoint 2013: Getting The remote server returned an error: (500) Internal Server Error

  Hi
   I configured forms based authentication mode in Sharepoint 2013 site. When i tried to log in with windows authentication prompt it throws the following error
  The remote server returned an error: (500) Internal Server Error
  [WebException: The remote server returned an error: (500) Internal Server Error.] System.Net.HttpWebRequest.GetResponse() +8548300 System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +111 [ProtocolException:
  The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+msbin1). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first
  1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  How to fix this issue?
  Regards,
  Siva

  Did you create a new web application or modify an existing web application?
  I would start by checking the ULS logs, maybe there is an incorrect setting within one of the web.config files, or SQL permissions.
  Also, as suggested above, check application pools are running.
  This blog post is a great guide for setting up FBA, check it through to make sure you haven't missed any steps:
  http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx

• Windows 7 with SharePoint 2013 Foundation and Visual Studio 2013

  Hi,
  I am begginer with Sharepoint 2013 Foundation. 
  My company installed Sharepoint 2013 Foundation on a virtual Server. I installed
  Visual Studio 2013 on my local computer. Also i created a developer site.
  Based on http://msdn.microsoft.com/en-us/library/office/jj220047(v=office.15).aspx#RDOverview I installed Office
  Developer Tools for Visual Studio 2013 on my local computer. 
  I am trying to remotely develop apps
  with Visual Studio 2013. In the option What SharePoint site do you want to use for debugging your App? i put the url
  of developer site.
  First of all, i had to choose if the apps will be SharePoint-hosted or Provider-hosted apps. Based on http://msdn.microsoft.com/en-us/library/office/fp142379(v=office.15).aspx and http://msdn.microsoft.com/en-us/library/office/fp142381(v=office.15).aspx,
  i decided to followed SharePoint-hosted because is the only type that applies to SharePoint 2013 Foundation.
  I followed the steps of http://msdn.microsoft.com/en-us/library/office/fp142379(v=office.15).aspx, which is the quide for How to:Create a basic SharePoint-hosted app. In Step 10 for deploy my app i get the following error: 
  Error occurred in deployment step 'Install app for SharePoint': Failed to install app for SharePoint. Please see the output window for details.
  What is the problem?
  Also, the visual studio need to be installed on the server where sharepoint was installed?
  Moreover, do I need app catalog for testing and deploy apps?
  thanks, Aphrodite

  Hi,
  According to your post, my understanding is that you have an issue about creating app.
  Per my knowledge, the issue is caused that you don’t configure the app catalog URLs from the central administration.
  It means that we should create an App site catalog site collection to hold our Apps.
  More reference:
  http://www.sharepoint-journey.com/app-development-in-sharepoint.html
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Windows Updates for SharePoint 2013 Environment

  Hi
  I created a visual machine for SharePoint 2013 development by following steps mentioned below.
  --Install Winows Server 2008 R2
  --SQL Server 2008 R2
  --SP2 for SQL Server 2008 R2
  --SP1 for Winows Server 2008 R2 
  --Sharepoint 2013 Pre-Requisites
  --Sharepoint 2013 Setup
  --Sharepoint 2013 Designer
  --Installed March and August 2013 Cumulative Updates for SharePoint 2013
  --Installed SP1 for SharePoint 2013
  I want to ask do i need to install Windows Updates after installing different updates as i mentioned above because everty now and then windows updates message keep pops up and i did'nt install windows updates yet.
  Why is it necessary or what impact window updates would have on my environment if i need to do it??

  Windows Updates cover security updates as well as stability improvements, and so on. You're simply patching SharePoint and SQL in the above case.
  It should be noted that any SharePoint patches that come down through Windows Update need to be manually handled as you'll need to run the Config Wizard (e.g. MS14-022 and MS14-050 which are SharePoint updates).
  When you're installing SharePoint 2013, you only need to install SP1 if that is your target. There is no requirement to install March 2013 or August 2013.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Forms based authentication in sharepoint 2013 using custom membership provider

  I am developing  FBA  for SP2013 using custom membership provider using the following link 
  http://benredl.wordpress.com/2012/10/03/creating-forms-based-authentication-and-user-profiles-in-sharepoint-2013-using-custom-membership-and-role-providers-and-a-custom-user-profile-synchronization-utility/
  the feature i am trying to develop is that the user is created using a homegrown asp.net  application which uses sql server 
  and then When that user goes to SP2013 he should be able to login with the username and password created using the homegrown asp.net application 
  my questions are following 
  If I follow the article in the link should i be taking the assembly(dll) and deploying it to GAC or will VS2013 automatically do it
  Do I have to implement  FindUserByEmail and FindUserByName methods ?
  if the connectionstring for an asp.net application is in the web.config file  where would the connection for the sqlserver go if this application is for SharePoint 
  TIA

  Hi TIA,
  try this it contains the code for you and it is ready
  http://sharepoint2013fba.codeplex.com/
  Kind Regards, John Naguib Technical Consultant/Architect MCITP, MCPD, MCTS, MCT, TOGAF 9 Foundation

• Windows authentication of Sharepoint Page viewer Web Part applications

  Hi,
  I am working on a new Sharepoint portal which will have Page viewer Web Parts hosting asp.net applications. The standalone applications those are hosted are using windows authentication. my requirment is, when the client logs in to sharepoint need to authenticate
  all web parts with same user credentials so that then don't need to log in again. those asp.net applications are hosted as standalone also out side sharepoint. Can some one advise me how to do that?..
  Thanks
  Ram

  We havent tried that.  We changed the link in the web part to access an html page that claims that the report is loading.  It states in the html that if the page doesnt load to "click here" which redirects to the crystalreportviewer.  Its a temp fix for it.  One thing we are looking at is the 64 bit version of the Sharepoint integration kit.  That may contain a reportviewer webpart.
  Thanks for the reply.
  Brian

• Migrate User from Classic mode to Forms Authentication in SharePoint 2013

  Hi All,
  I have upgraded a SharePoint 2010 classic mode site to SharePoint 2013 claims authentication. I have executed the command MgrateUser($true) and the user account is updated to Claims mode and I am able to login to the site.
  Now I have extended the site to use forms authentication against Active Directory. How do I update the accounts to Form Authentcation mode using Powershell, is there any command available.
  Thanks & Regards
  pankaj

  Okay, I would suggest instead to use Web Application Proxy and ADFS 3.0 (using an NTLM connection to SharePoint). This way you get your forms experience for those users who require it (or all, your choice) and you do not have to change anything with SharePoint.
  More info here: http://thesharepointfarm.com/2014/02/sharepoint-and-the-web-application-proxy-role/
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Implement Kerberos authentication in SharePoint 2013

  We are building a new SharePoint 2013 environment with Kerberos authentication. I have been looking for a Microsoft provided document which can be considerd for planning this implementation. I am new to Kerberos and so far understood that, I
  need to involve a Domain admin along with SharePoint admin to implement this. However I need to provide clear cut steps to both the parties.
  Also as this is a development environment we are building, do I need to plan for a hostname, public IP etc ?  
  Thanks, Bivsworld

  There is a lot of information here:
  http://technet.microsoft.com/en-us/library/ee806870(v=office.15).aspx
  Most of it boils down to simply this:
  Register the SPN to the user account running the service, e.g. the user running the SQL Server service would have the SQL SPN registered:
  setspn -A MSSQLSvc/sqlserver.company.com:1433 domain\s-sqlserveruser
  setspn -A MSSQLSvc/sqlserver:1433 domain\s-sqlserveruser
  For a SharePoint Web Application (regardless if it is SSL or not):
  setspn -A HTTP/webAppUrl.company.com domain\s-webapppooluser
  And so on. It becomes more complex if you need to implement delegation, or if you have users in multiple domains, or cross forest (as constrained delegation does not work cross-domain, and no type of delegation works cross-forest). In addition, Kerberos
  does not work across the Internet (as clients cannot contact the KDC to get a Kerberos ticket).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Slowness Issues with Windows Authentication in SharePoint Foundation 2010 sites

  All, 
  We are having a strange issue with SharePoint Foundation 2010 sites where sites are very slowly loading when accessed via windows based authentication where as the extended sites in  forms authentication are loading normally.
  There were no error logs or even SharePoint logs also except the images load time is showing with different load times.
  Attached are the patches that were updated to the server that may be issue but not sure. Can some one please share your thoughts.
  SQL connectivity b/w the server is good.there are no n/w issues except that the users are using the sites with a different domain other than the domain in which the servers were hosted.
  There is a trust b/w the two domains.This was never changed and there were no issues in the last 2 years.
  Thanks keshav,Share point Developer

  we do have trusted domains
  Inder : It would be better if you run that command again now.
  Inder: How many AD server do you have
  Inder: Do you notice the login request go to nearest AD server. 
  and https sites. Please share your thoughts.
  Inder: All the certificate have intermedite certificates. You need to logon to each SP server, and install
  these certificates on trusted root authority 
  If this helped you resolve your issue, please mark it Answered

• Forms Authentication in Sharepoint 2013, _vti_bin/authentication.asmx error

  I'm getting this error when using CSOM in a FBA web application that is configured agains't a custom FBA provider. I'm getting this error when site is configured for Forms, if a disable forms with windows auth I can get web url. Probably would be a configuration
  error if anyone can helpme...
  I'm getting the error when Forms is configured: Server was unable to process request. ---> Could not retrieve the IIS Settings. Parameter name: context
  Here is my CSOM code:
  using (ClientContext context = new ClientContext("http://10.34.116.35:41443"))
  context.AuthenticationMode = ClientAuthenticationMode.FormsAuthentication;
  context.FormsAuthenticationLoginInfo = new FormsAuthenticationLoginInfo("carles", "test");
  Web web = context.Web;
  context.Load(web);
  MessageBox.Show(web.Url);
  context.Dispose();
  Thanks

  Solved,  internally CSOM calls authentication.asmx webservice if FormsAuthentication is set ... this webservice was throwing the exception... testing the web service in the server login worked against my membership... has to be a silly thing and YES
  it was simply calling the api replacing the ip of the server with the host of the web application. Hope helps someone in the future. 

• Authentication Method in Sharepoint 2013

  Hello ,
  I have migrate SharePoint 2010 site to SharePoint 2013 using DB Attach method. Content DB was 100 % mount with error.  I have ignore all the errors . 
  But When Open SharePoint 2013 Site ,It is throwing access denied error . 
  Just wanted to know , before upgrading Content DB Is it required to upgrade Service Applications ? 
  How can I upgrade Service Application ??  

  Did you migrate your users from Classic mode to Claims mode?
  Migrate from classic-mode to claims-based authentication in SharePoint 2013
  You would also like to check the following thread with similar issue.
  Error:
  Access Denied on an upgraded content database from 2010 to sharepoint 2013 - claims based auth misery
  Amit

• Classic mode web application in SharePoint 2013 Error occurs

  while creating Classic web applicatiuon using powershell commands following error occure
  PS C:\Users\centraluser> New-SPWebApplication -Name "SharePoint - 100" -Applicat
  ionPool "SharePoint100" -AuthenticationMethod "NTLM" -ApplicationPoolAccount (Ge
  t-SPManagedAccount "wse\centraluser") -Port 100 -URL "http://w8-sp13-en"
  WARNING: The Windows Classic authentication method is deprecated in this
  release and the default behavior of this cmdlet, which creates Windows Classic
  based web application, is obsolete. It is recommended to use Claims
  authentication methods. You can create a web application that uses Claims
  authentication method by specifying the AuthenticationProvider parameter set in
   this cmdlet. Refer to the http://go.microsoft.com/fwlink/?LinkId=234549 site
  for more information. Please note that the default behavior of this cmdlet is
  expected to change in the future release to create a Claims authentication
  based web application instead of a Windows Classic based web application.
  log4net:ERROR XmlConfigurator: ConfigureFromXml called with null 'element' param
  eter
  log4net:ERROR XmlConfigurator: Failed to find configuration section 'log4net' in
   the application's .config file. Check your .config file for the <log4net> and <
  configSections> elements. The configuration section should look like: <section n
  ame="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" /
  >
  New-SPWebApplication : Object reference not set to an instance of an object.
  At line:1 char:1
  + New-SPWebApplication -Name "SharePoint - 100" -ApplicationPool
  "SharePoint100" - ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ~~~
      + CategoryInfo          : InvalidData: (Microsoft.Share...PWebApplication:
     SPCmdletNewSPWebApplication) [New-SPWebApplication], NullReferenceExceptio
    n
      + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSPWeb
     Application
  PS C:\Users\centraluser>

  use of classic mode authentication, also known as Windows classic authentication, is discouraged in SharePoint 2013 according to
  MSDN.
  Office Web Apps can be used only by SharePoint 2013 web applications that use claims-based authentication. Office Web Apps rendering and editing will not work on
  SharePoint 2013 web applications that use classic mode authentication. If you migrate SharePoint 2010 web applications that use classic mode authentication to SharePoint 2013, you must migrate them to claims-based authentication to allow them to work with
  Office Web Apps. For more information, see Use Office
  Web Apps with SharePoint 2013.
  I would suggest to create claims based web application. Any specific reason you are looking for Classic mode?
  Raghavendra Shanbhag | Blog: www.SharePointColumn.com
  Please click "Propose As Answer " if a post solves your problem or "Vote As Helpful" if a post has been useful to you.
  Disclaimer: This posting is provided "AS IS" with no warranties.

• What do I need to upgrade to Sharepoint 2013 Server

  Hello Community
      At this point using Sharepoint 2010 Server and the UI I have built an intranet
  consisting of a 2 server farm (DC and Sharepoint 2010 Server both on Windows 2008 Server).
      But the goal is to move up to Sharepoint 2013 Server which might not be a
  straight forward upgrade.
      So the question is what version of Windows Server does Sharepoint 2013 Server
  use,  how do you copy the Windows 2008 Server DC and Sharepoint 2010 Server onto
  the Windows Server version that Sharepoint 2013 Server will run on?
      Thank you
      Shabeaut

  Shabeaut,
       Just to elaborate a little more, there's not a direct version upgrade from SharePoint 2010 to SharePoint 2013, like there was in previous versions.  The only way to directly transfer or copy content from SharePoint 2010 is by the
  database attach method, which is basically copying the content database files from SP2010's SQL server to the SQL server used by your SP2013 farm.
      There are many differences in the architecture between SP2010 and SP2013, so a good amount of research and planning is involved as well as a much larger recommended server farm.  Start with reading the TechNet article posted by Paul Stork
  to start getting an idea of the actual steps, but upgrading from SP2010 to SP2013 is a major effort.
  have fun,
  Tony