Raghu's SharePoint Corner: SharePoint2010 MAC FBA Authentication Issue

My blog has moved!

You will be automatically redirected to the new address. If that does not occur, visit
and update your bookmarks.

May 8, 2012

SharePoint2010 MAC FBA Authentication Issue

Recently we ran into an issue where Custom Forms Based Authentication was failing on MAC machine. The FBA was configured properly without any issues and is working like charm with Windows OS. Did few searches on Google and found that few of them have faced the issues but in a different scenario and following were the work around or fixes were suggested.

  •       Most of them have either wrongly configured Form Based Authentication and on proper configuration   it started to work.
  •      For few the Claims to Windows Token had stopped, and on restart of the services FBA started working.
  •      Few also suggested the performing an IISRESET on the server solved their issues.
  •     In some case the APP Pool Credentials for Security token services was wrong.

All the above 4 fixes where not valid in my scenario since FBA was working perfectly fine with windows OS.

In order to get to the root cause I had to go through the traditional approach of visiting event viewer and SharePoint logs. On analyzing the event viewer log it was found that the Secure Token Service was not getting generated for the users who were trying to log into the SharePoint 2010 site using FBA from Safari browser on MAC machine.

In order to get more exception details in the event viewer, add the following <serviceDebug includeExceptionDetailInFaults="True" httpHelpPageEnabled="True"/>   tag in web.config of Security Token Webservices which resides at the following location “C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken”

On restarting the services details of the exception was logged as follows.

Event: 8306, SharePoint Foundation
Task Category: Claims Authentication
Exception Details: An exception occurred when trying to issue security token: Object reference not set to an instance of an object.

On seeing this exception we re-visited the Custom Forms Login page which we had created for FBA.  On debug we noticed that the below link threw the above exception
SPClaimsUtility.AuthenticateFormsUser(Context.Request.UrlReferrer,txtusername.Text, txtpassword.Text);

It was certain that the issues was with Context.Request.UrlReferrer passed to the SPClaimsUtility.AuthenticateFormsUser method. In order to get this working we modified the way we were passing URL parameter to the below approach.

string siteUrl = SPContext.Current.Site.Url;
string extraneturl = siteUrl.ToString();
Uri extrametUri = new Uri(extraneturl);
bool status = SPClaimsUtility.AuthenticateFormsUser(extrametUri, txtusername.Text, txtpassword.Text); and FBA started working on MAC.

Hope this post would help anyone facing similar issue. Please feel free to drop any comment or any other alternate approach.


Anonymous said...

Thanks for providing the information. Could you please let me know where the code should be replaced. I dont find anuy code which is passing the URL.

Thank you

raghavendra hari shanbhag said...

We have used custom login page and FBA and on click of Sign In we need to use the code while authenticating users against FBA

Jay K said...

Raghavendra, you are a life saver buddy. You saved my day, I was pulling my hair as to why this one wasnt working. Apparently DMZ environments with UAG dont like Context.Request.UrlReferrer. Using SPContext.Current.Site.Url helped resolve the issue. Thanks a lot fo taking time and posting this.

raghavendra hari shanbhag said...

@Jay K: I am glad that it helped.