SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously

SharePoint 2010 Forms Based Authentication Configuration Manager

SharePoint 2010 Forms Based Authentication Configuration Manager

  • Comments 29
  • Likes

I found myself getting really tired of constantly modifying configuration files when setting up forms based auth (FBA) in SharePoint 2010.  There's even more work now then there was in the previous release, because now we have an additional web.config file to modify - for the STS.  It was also a constant hassle when you fat finger some random part of a web.config change.  So, rather than continuing to complain about it, I wrote this little tool to help manage it for you.  You should read through the complete HowToUseIt.txt file that's included in the zip attached to this posting, but basically it allows you to create the entries for membership provider, role provider, wildcard search and connection string and push it out to all of the servers in your farm.  You can also read in the configuration settings from a web application and modify them, then push it back out to the same server, or use it as the basis of settings for a brand new server.  To get you started, I also include several sample membership and role provider configuration entries.  Just select the samples drop down and pick the item you want to create an entry for.  Modify the entry to suite your environment, provide the Url to the web application where the configuration changes should be made, and click the Apply Config button.  Under the covers it creates a custom SharePoint timer job that runs on each web front end and modifies the appropriate web.config file with the appropriate entries.  The timer job is part of a solution (wsp) that's included in the attachment - make sure you deploy it to the farm first before doing anything else.

I STRONGLY encourage you to make a backup of your central admin, STS, and web application web.config files before pushing out changes in case something happens you don't like.  I've tested this on quite a few web applications and in single server and multi-server farms so far without problems, but you never know.

It's already saved me a lot of time and hassle, hope it provides some value for you too.


UPDATE 6/15/2012:  I finally reproduced the error about node belonging to a different document context, and have fixed that.  A new build with that fix is attached.  Thanks for those of you that reported it.

  • Yes this is the same issue am facing,, if you get any solution please mail me. I am with this problem from 2 days..thanks

  • It sounds very interesting to me. I agree with you form based authentication was way easier to set up in SharePoint 2007 then it is in 2010.

    I have to try this out and will come back to you with a feedback.

    Appreciate your effort for the community.



  • Thank you! This is just the sort of tool I've been looking for right now too.

    Best Regards,


  • I am experiencing the following problem - the web.config files are modified, but only "Connection String" and "People Picker Wildcard" sections are added. The "Membership Provider" and "Role Provider" textboxes are filled, but these values appear in no web.config file.

    Do you have any idea what can cause such a problem?

  • Fantastic.  FBA web.config files are burning out the back of my skull


  • Outstanding.... This worked perfectly in my environment with custom membership and  role providers.  Thank you so much!

  • fixed my error, mind I am sitting here thinking its 2010 and we are still manipulating great long strings even if they are xml files

  • Any chance you can release the source code?


  • I've been inspired by this and created a slightly different version which directly updates the config files and is scriptable from Powershell.

    It's available on CodePlex:

  • NewBie Question. Can you pls be more verbose on how to deploy the FBAConfigFeature.wsp application? When I follow the instructions verbatim powershell throws an exception saying ..

    "The term 'add-spsolution' is not recognized as the name of a cmdlet" ... Any help??

  • I second the need for source code!! Merill, yours is great but it doesn't seem to apply the changes on every server in the farm. Looking in Reflector, this tool seems to use an SPJobDefinition to deploy the changes, does that work when you add a new server to the farm or do you have to re-deploy the Job??

  • Could you send me the source code!  Thanks very much.

  • Could you send me the source code!  Thanks very much.

    My Email is :

  • Hi.

    Nice work

    However there is one problem for the case when a target config file does not have system.web/membership section defined - this will cause an error that will prevent the config file from being updated...

    That's what I have encountered and that's a pity there are no sources provided


  • Some details on the error I described above.

    The error occurs only for STS web.config (since only in this case system.web,providers etc nodes are pre created) and the message is

    The node to be inserted is from a different document context

    Seems it's quite easy to fix

    Hope it helps someone

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment