Adding FBA User in SharePoint with SharePoint and SQL on Different Servers

Question

I have a SharePoint 2013 multi tenant environment, configured to use FBA in Azure. Since it is in multi tenant mode, the DB names are dynamic and identified based on the tenant name, since it follows a naming convention. All the OS's are Windows Server 2012 R2. SQL Server is 2014 version. I have a Farm admin account called sp_farm. This has all the required privileges. My SQL connection string in my SharePoint web.config and STS web.config files are in the following format.

add name="ConStringName" connectionString="data source="Sql-Server-Name;Trusted_Connection=true;Integrated Security=true;Initial Catalog=TenantDB_{1}" providerName="System.Data.SqlClient"

With this, I am able to generate a token for the user, which means, I am able to authenticate the user. Hence I am able to validate the user against the membership DB and hence there is no connection or permission issue, here.

However, this user will get Access Denied, since the user is not added to SharePoint yet. I am trying to add the user through SharePoint UI, but it is unable to resolve the user and not letting me add. I tried through a sample layout page, which just has web.EnsureUser line of code and I am passing the user name in the proper format i:0#.f|CustMemProvider|username. But it is throwing an exception, saying it is not able to find the user. I tried with a SQL user in the connection string, but no luck.

The interesting observation is that, this works like a charm, if the SQL server and SharePoint server are inside the same machine. I am confused and frustrated. I was completely misled because of this, because, I was so far thinking that this is an environment issue. Can anyone please help?

Answer 1

I could solve this by creating a SQL Login. But this SQL Login was not able to login to SQL Management studio, which was the fundamental issue. This was because of the Named Pipes disabled in the Configuration. I enabled it. Also, in Azure, the SQL server is configured only for Windows Authentication. I had to change it to use both Windows and SQL authentication. With these 2 settings, the SQL login was able to login to SQL Management studio and this fixed the issue.

Answer 2

If you can authenticate the user on the login page, but can't resolve the user within SharePoint, then I think you have an issue with one or more of your .config files.

The authentication uses the membership provider/db settings from the Security Token Service .config file. Within SharePoint itself, it uses the settings from the web application's web.config file (or machine.config file). Compare between the config files, and I think you'll find a difference in the membership provider setup or db connection string.