SharePoint 2010: Create unique login page with forms based authentication

An awesome feature with SharePoint is the ability to use another authentication store for your users. This is especially helpful when you want to extend your site to an extranet or internet zone and you don’t want your external users in your company Active Directory. I walk through configuring and setting up CBA here. Once you’ve configured your web application to use FBA, the typical login page is plain. If you setup mixed mode (as in my example) the login page simply prompts for Windows or Forms authentication. Most users don’t understand the difference.

Seriously, what end user doesn’t know they’re using a Windows account? And my extranet users, seriously, they should know they’re forms…

Fortunately, we can change these options and give the user a little more to work with. For my example, I have my web application setup and I want my customers to login so we can collaborate on orders and projects. I would like a login page that is painfully obvious as to which how the user should login. We’ll dive into how to do so now. I walk through creating a new project with the end result being a feature. I prefer this method because it gives us the most flexibility with a code behind file. We could add CAPTCHA verification, or additional components as we need to make this work.

  • Open Visual Studio 2010, create a new Empty SharePoint Project, and name it CustomLoginPage.
  • Add the reference to Microsoft.SharePoint.IndentityModel. This isn’t available in the browser, you’ll have to browse to it at C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.IdentityModel\ 14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.IdentityModel.dll
  • Add a new application page, call it Login.aspx.
  • Replace the content of Login.aspx with the following, updating a few items as necessary (highlighted)
    <%@ Assembly Name="$SharePoint.Project.AssemblyFullName$" %> 
    <%@ Assembly Name="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %> 
    <%@ Assembly Name="Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %> 
    <%@ Import Namespace="Microsoft.SharePoint" %> 
    <%@ Import Namespace="Microsoft.SharePoint.WebControls" %> 
    <%@ Register Tagprefix="SharePoint" 
    Namespace="Microsoft.SharePoint.WebControls" 
    Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %> 
    <%@ Register Tagprefix="asp" Namespace="System.Web.UI" 
    Assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" %> 
    <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="CustomLoginPage.Login" MasterPageFile="~/_layouts/simple.master" %> 
    <asp:Content ID="contentHEAD" ContentPlaceHolderID="PlaceHolderAdditionalPageHead" runat="server"> 
    <style type="text/css"> 
    body 
    { 
    background-color: #d5d5d5; 
    background-image: url(images/ACME-Catalog.jpg); 
    background-position: center; 
    } 
    body #s4-simple-content 
    { 
    margin-left: 0px 
    } 
    .s4-simple-iconcont 
    { 
    display:none 
    } 
    h1 
    { 
    font-size:24px; 
    font-weight:bold 
    } 
    </style> 
    </asp:Content> 
    <asp:Content ID="Content1" ContentPlaceHolderID="PlaceHolderPageTitle" 
    runat="server"> 
    <SharePoint:EncodedLiteral runat="server" 
    EncodeMethod="HtmlEncode" ID="ClaimsFormsPageTitle" 
    Visible="false" /> 
    Acme Login 
    </asp:Content> 
    <asp:Content ID="Content2" ContentPlaceHolderID="PlaceHolderPageTitleInTitleArea" 
    runat="server"> 
    <SharePoint:EncodedLiteral runat="server" 
    EncodeMethod="HtmlEncode" ID="ClaimsFormsPageTitleInTitleArea" 
    Visible="false" /> 
    Log into the Acme Portal 
    </asp:Content> 
    <asp:Content ID="Content3" ContentPlaceHolderID="PlaceHolderSiteName" 
    runat="server" /> 
    <asp:Content ID="Content4" ContentPlaceHolderID="PlaceHolderMain" 
    runat="server"> 
    <table width="100%" cellpadding="0" cellspacing="30" border="0"> 
    <tr> 
    <td><h2>Customer Login</h2> 
    Enter your username and password below and click Sign In. 
    <asp:login id="signInControl" FailureText="<%$Resources:wss,login_pageFailureText%>" runat="server" width="100%"> 
        <layouttemplate> 
            <asp:label id="FailureText" class="ms-error" runat="server"/> 
            <table width="100%"> 
            <tr> 
                <td nowrap="nowrap"><SharePoint:EncodedLiteral ID="EncodedLiteral1" runat="server" text="<%$Resources:wss,login_pageUserName%>" EncodeMethod='HtmlEncode'/></td> 
                <td width="100%"><asp:textbox id="UserName" autocomplete="off" runat="server" class="ms-inputuserfield" width="99%" /></td> 
            </tr> 
            <tr> 
                <td nowrap="nowrap"><SharePoint:EncodedLiteral ID="EncodedLiteral2" runat="server" text="<%$Resources:wss,login_pagePassword%>" EncodeMethod='HtmlEncode'/></td> 
                <td width="100%"><asp:textbox id="password" TextMode="Password" autocomplete="off" runat="server" class="ms-inputuserfield" width="99%"/></td> 
            </tr> 
            <tr> 
                <td colspan="2" align="right"><asp:button id="login" commandname="Login" text="<%$Resources:wss,login_pagetitle%>" runat="server" /></td> 
            </tr> 
            </table> 
        </layouttemplate> 
    </asp:login> 
    </td></tr><tr> 
    <td><h2>Personnel Login</h2> 
    Acme Personnel can log in below. Login with your Acme account, i.e. acme\username.<br /><br /> 
    <a href="/_windows/default.aspx?ReturnUrl=<%=Request.QueryString["Source"] %>">click here to login</a></td> 
    </tr> 
    </table> 
    <div id="SslWarning" style="color:red;display:none"> 
    <SharePoint:EncodedLiteral runat="server" EncodeMethod="HtmlEncode" Id="ClaimsFormsPageMessage" /> 
    </div> 
    <script language="javascript" > 
    if (document.location.protocol != 'https:') { 
    var SslWarning = document.getElementById('SslWarning'); 
    //SslWarning.style.display = ''; //show the warning if applicable 
    } 
    </script> 
    </asp:Content> 

You’ll see that I’m overriding some of the CSS elements, this will let me customize this to exactly what I want.

  • Replace the content of Login.aspx.cs with the following
    using System; 
    using Microsoft.SharePoint.IdentityModel.Pages; 
    namespace CustomLoginPage 
    { 
    public partial class Login : FormsSignInPage 
    { 
    protected void Page_Load(object sender, EventArgs e) 
    { 
    } }} 
  • Deploy your feature.
  • Go to Central Administration > Manage Web Applications. Select your web application and click Authentication Providers
  • Click your zone that has Claims Based Authentication.
  • Scroll down a little to Sign In Page URL and enter the path to your custom page: ~/_layouts/CustomLoginPage/Login.aspx
  • Scroll to the bottom and click Save.
  • Close the Authentication Provider Window.
  • Now browse to your site, you should now see your new login page

So my login page went from

To

References

About these ads

36 thoughts on “SharePoint 2010: Create unique login page with forms based authentication

  1. Pingback: SharePoint 2010: Forms Based Authentication using Active Directory | David Lozzi's Blog

  2. logging in from a mobile device gives this error: Cannot access protected member ‘Microsoft.SharePoint.MobileControls.SPMobilePage.strReturnURL via qualifier of type……

    there is nothing on the web about this, any ideas?

    • I haven’t seen this happen. Are there other customizations on your site? If you create another zone for the web app and not use FBA, use windows instead, does it work then?

  3. Great post David – works as planned! Is there a way to allow users to login with a different windows account? The current link for windows login just reauthenticates the current user, I’m looking to allow them to login as a different user. Any insight would be appreciated. Thx

    • Hi Robert,

      For the link to login, try linking to

      /_layouts/accessdenied.aspx?loginasanotheruser=true&Source=targetUrltoSendAfterTheyLogin

      This is the URL for when a user clicks Sign In as Different User

  4. No joy :( – I tried

    /_layouts/accessdenied.aspx?loginasanotheruser=true&Source=

    all I got was a page refresh. Then I tried

    /_windows/default.aspx?ReturnUrl=&loginasanotheruser=true

    and things seem to be functioning as expected. I guess my question is… should they be :) Thanks again!

    • Ooohh… right since you’re in FBA, it prompts you to login. Sorry, I tried this on my NTLM site.

      If it works, I’d say you’re good to go!

    • I’m not familiar with this error, where is it occurring? If it’s regarding the web.config file, review it, make sure you put the elements in the right positions. Make sure you’re not missing a quote or a close bracket somewhere.

  5. David – thanks for the blog. It really help but I do have one issue and I’m not sure why. My company has many domains. If a users logs into Windows with domain XYZ but their SharePoint access is through domain 123 they will receive “Access Denied” when logging in – this is okay. When they click on “Sign-on as a Different Use” the loopback to the Custom Page but cannot login. Any ideas?

    • They should go back to the custom page so they can login as a valid user. But are you saying when they do, they can’t login using a valid user? If they close the browser and come in fresh, can they login using a valid user initially?

      • They do go back to the custom page and when they click on “Employee Login” for a second time it takes them to a blank page (no errors, nothing). They would then have to close and re-open the browser. I guess I need a way for them to login as a different user. i.e. when they click on Log in as a Different user they should get a prompt for their credentials.

      • Ah, understood. I don’t know off the top of my head on this one. I will have to test it out and see if I can recreate the issue. You may also want to post it on sharepoint.stackexchange.com, to get more feedback.

      • Thanks. I will post it at sharepoint.stackexchange.com I have a go around for now – changed security on IE to prompt for login

  6. David, Great article! Can you clarify whether Active Directory users (Windows users) should be able to login to SharePoint externally from outside our LAN over SSL? At present they can login when in the office using Windows Integration but when trying to login externally the page refreshes and goes blank. FBA users can login externally no problem.

    • Hi Dan,

      Thanks for the comment. Short answer is Yes. Windows authentication can and normally does work over SSL. When accessing the site from outside the network, make sure users are logging in as domain\username (unless you configured IIS differently), and disable friendly errors in IE (http://technet.microsoft.com/en-us/library/cc778248.aspx), this might give you more to work with. Also, check out the SharePoint logs for any errors and messages.

      If you want, you can email me at david at lozzi dot net, and I can work with you some more in figuring out the issue. Or you can post your issue to sharepoint.stackexchange.com.

      More on SharePoint’s extranets: http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=24079.

      Thanks – David

      • Thanks for the advice! When I went to retest with friendly errors disabled it miraculously started working I have since tested it in various browsers and it now works! Strange but good!

  7. Pingback: FBA Custom Login Mixed – Access Denied Loops Back to Login Page | Q&A System

  8. Hi Nice article , I am goggling for Forgot Password link which recovers password and send the new password to the email of active directory user, Any help would be appreciated.

    • This would be a highly custom piece, updating an AD password can get tricky. Unfortunately there’s not a quick and dirty fix, especially for AD accounts. Most SharePoint implementations are on networks where users have other methods of changing their passwords. If you’re familiar with C# and SharePoint solutions, you can see about adding the functionality. If you’re not, then see what you can find for a 3rd party solution.

      I’ve done something like this before. I will dig up my code and see about sharing it, I don’t know when though.

  9. Yes please…
    YEs im developer in c# but beginner to sharepoint, but would like to develop my own but dont know how and where to start…
    I need to develop 3 things, custom Login scrren for Windows authintication, (which should not include FBA option ), Forgot Password and change password, as far as I see playing with Active directory is not easy….

  10. Hi
    Im getting this error
    ‘CustomLoginPage.Login’ is not allowed here because it does not extend class ‘System.Web.UI.Page’.
    Any help would be appreciated…
    Thanks …

  11. Dear all,

    i have a question.

    i am using both FBA and Windows Authentication for a web application according to your steps.

    i have developed a login form instead of the default sharepoint web page. and if using VS2010, i can deploy it very well.

    then comes to the production environment, i use ps file to deploy that to the whole farm, using Install-SPSolution:

    Add-SPSolution -literalpath C:\CustomLoginPageEx.wsp
    Install-SPSolution -Identity CustomLoginPageEx.wsp -AllWebApplications -GACDeployment -Force

    the solution is well deployed, but when i go to the web application that using FBA and Windows authentication, i will receive a security exception error as below:

    ———————————————————————————————————————————————————————

    Security Exception
    Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

    Exception Details: System.Security.SecurityException: Request failed.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [SecurityException: Request failed.]
    System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0
    System.Web.UI.Util.GetTypeFromAssemblies(ICollection assemblies, String typeName, Boolean ignoreCase) +201
    System.Web.UI.TemplateParser.GetType(String typeName, Boolean ignoreCase, Boolean throwOnError) +323
    System.Web.UI.TemplateParser.ProcessInheritsAttribute(String baseTypeName, String codeFileBaseTypeName, String src, Assembly assembly) +10891548
    System.Web.UI.TemplateParser.PostProcessMainDirectiveAttributes(IDictionary parseData) +365

    ———————————————————————————————————————————————————————

    while after i have modified the web applicaton web.config trust level to Full, the login page can be used.

    but since Full is not so good, is there another to solve this?

    besides, i have set the VS project Assembly property to webapplication instead of GAC….., will that matter?

    thank you so much if you can help me solve this!!!!!!!

    Mezzo

  12. Nice articles, I followed the steps and got it working for the first time. I logged out and then tried sign in again, but I kept on receiving 402 Forbidden Error. Any idea what could be the cause

  13. Pingback: Custom logon page causes 401 on SharePoint 2013 | Question and Answer

  14. Got thru to the last step. Where exactly is: Login.aspx.cs?

    I can’t find it in the VS project files. I also can’t find it underneath the solution directory. I can find it if I search the entire C drive of the SHarePoint server (in fact it is in two places). So I don’t get it, am I supposed to do a computer hard drive search for it or should it be associated with the VS project? Thanks for your posts.

    • By the way, I followed the steps right up until the last one, could not find the login.aspx.cs file to edit (or had to do a hard disk search for it). And the error message that I get when I go to the site is: ‘CustomLoginPage.Login’ is not allowed here because it does not extend class ‘System.Web.UI.Page’.

    • The problem was that while I was creating a blank SharePoint project, it was a VB SharePoint project. I changed it to a Visual C# SharePoint 2010 Empty SharePoint Project — I assume that is correct? In any event, the error message that I am getting now is: Correlation ID 03ee6c67-be4d-42e5-a72e-4a129a273e25

      • Hi Bob,

        If you take the correlation ID, you can search the logs for the associated error message. Unfortunately, the ID alone doesn’t help.

  15. Hi, thanks for all the info. I am deploying this for SharePoint 2013 and thought i better mention, if no one else has yet, that the reference model is found at: “C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.SharePoint.IdentityModel\v4.0_15.0.0.0__71e9bce111e9429c” Since framework 4

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s