OK, we have discussed the steps of configuring your SharePoint site to use FBA , I've configured it many and many times , but there was a case where it was required that the Web Front End for our site will be on two servers , ok a little detail i found that when you deploy your site in several WFEs you need to configure in three places
1- Your Central Admin Application pool
2- your STS (Security Token Service).
3- In each WFE
so what, I configured them all as usual , every thing is fine , testing the login page , oooooooooooooooops an error page (NOT SHAREPOINT ERROR) ASP.NET error page, ok calm down enable custom error , and i got - Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) +1161013- what is this ??? , I assumed that the error was not ASP its SharePoint ,opened the LOGS file and i found that the user i created from the central admin sever , couldn't be verified by the WFE as i configured my ASPMembership provider to encrypt the passwords, And of course as we all know that the password is encrypted by the machine-key which differs from one machine to the other , ok there is a solution for this issue , open your web.config on one of your WFEs , find the "machineKey" tag it looks like the following <machineKey validationKey="424B56AB4FC235300974BB13CE70F69987166E4F690DFF0F" decryptionKey="FED66B56701EB68F15C714D84DC8C7434F2445167DE802E8" validation="SHA1" /> copy it and paste it to all the WFEs using your site , Now all the WFEs are Decrypting-Encrypting using the same key. Mission Accomplished !!!!
1- Your Central Admin Application pool
2- your STS (Security Token Service).
3- In each WFE
so what, I configured them all as usual , every thing is fine , testing the login page , oooooooooooooooops an error page (NOT SHAREPOINT ERROR) ASP.NET error page, ok calm down enable custom error , and i got - Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) +1161013- what is this ??? , I assumed that the error was not ASP its SharePoint ,opened the LOGS file and i found that the user i created from the central admin sever , couldn't be verified by the WFE as i configured my ASPMembership provider to encrypt the passwords, And of course as we all know that the password is encrypted by the machine-key which differs from one machine to the other , ok there is a solution for this issue , open your web.config on one of your WFEs , find the "machineKey" tag it looks like the following <machineKey validationKey="424B56AB4FC235300974BB13CE70F69987166E4F690DFF0F" decryptionKey="FED66B56701EB68F15C714D84DC8C7434F2445167DE802E8" validation="SHA1" /> copy it and paste it to all the WFEs using your site , Now all the WFEs are Decrypting-Encrypting using the same key. Mission Accomplished !!!!
Hi Islam, I'm having the same problem that you talk in this post and I checked the we.config of the site tha I have set the FBA configuration but the machineKey tag is the same in both web.config of the WFE.
ReplyDeleteMy question if I have to check another web.config such as the SecurityTokenApplication or the Sharepoint Centrar Administration.
Thanks.
Augusto
Hello El Melli, What we have done is updating the web.config only for the web application we need to enable FBA on
Delete