Step-by-step Forms-Based Authentication (FBA) on SharePoint 2010

This is an A-Z guide that helps you setup a web application with Forms-Based Authentication (FBA) in SharePoint Foundation 2010, using Claims-Based authentication. It uses MS SQL Server to store users. The SharePoint server is running in Windows Server 2008 R2. Although this guide uses SharePoint Foundation 2010, the same steps apply to SharePoint Server 2010.

In this guide, you’ll create a SQL Server database to hold users and roles, create a SharePoint Web Application that uses FBA, configure IIS and the web.config files for the Web App, Central Admin and the Security Token Service, create a test user in the database and test your setup.

Click here to read the entire article →

List of all databases used by a SharePoint 2010 farm

Someone recently asked me how to get a listing of databases used by a farm, with the server instance name and database names.

There are ways to retrieve this info from Central Administration, but PowerShell makes your life much easier:

Get-SPDatabase | select name, databaseconnectionstring

Where the Data Source element in the Connection String contains the exact DB server instance used by the farm.

Using SharePoint Powershell from PowerShell ISE

Whoever has worked with PowerShell probably came to the same conclusion: this stuff is potent and powerful!

The ‘standard’ SharePoint 2010 Management Shell does have some drawbacks.

Working with a Command-Prompt-like environment does not appeal to everyone, especially those used to visual IDE’s like Visual Studio. Fortunately, PowerShell v2 comes with PowerShell ISE, a more visual experience that makes it much easier to work with scripts. This is available by default on Windows 7 and can be enabled as a feature on Windows Server 2008, using the following PowerShell command:

Add-WindowsFeature PowerShell-ISE

You can now find PowerShell ISE shortcuts in the Start Menu.

However, when you start PowerShell ISE, you’ll find that it only works with Windows cmdlets. For PowerShell ISE to work with SharePoint cmdlets, you’ll only need to add a PowerShell Snapin, using the following command.

Add-PSSnapin Microsoft.SharePoint.PowerShell

After this, you’ll be able to access the SharePoint commandlets, whose noun all start with “sp”.

Now if you’re like me, you’ll always want these SharePoint cmdlets available from PowerShell ISE. Zubair Alexander posted a way of doing this earlier this year on his blog.

  1. You can check if a PowerShell profile is available for your current identity using the Test-Path $profile command. This will return true if a profile is present and false if not.
  2. You can create a new profile for your identity by using the following command:
    Test-Path $profile
    if (!(test-path $profile)) {new-item -type file -path $profile -force}

    This will perform a “Create Directory” operation on the target destination folder C:\Users\<username>\Documents\WindowsPowerShell, and add a file titled “Microsoft.PowerShellISE_profile.ps1” to this folder.

  3. Now, use PowerShell ISE to open the newly created .ps1 file
  4. Add the command
    Add-PSSnapIn Microsoft.SharePoint.PowerShell

    (and any other commands you want to automatically run when you open PowerShell ISE) to the file and press Save.

  5. Restart PowerShell ISE. You’ll now find you’ll be able to access all SharePoint cmdlets directly, each time you run PowerShell ISE on this machine.

Adding filters to System.Nullable types in BCS

It took me a while to find the solution for this problem, which was eventually handed to me by Dmitry Kaloshin, so I’ll share it here:

Filters in BCS are very handy, and often necessary, for reducing the amount of items when working with External Data, such as an External Data Column based on an External Content Type.

When you’re working with an external content type that has input parameters of the .NET Type System.Nullable<System.Int32>, you may run into the same problems I had.

A sample input parameter for a Read List operation, i.e. from a WCF Service, that has the System.Nullable .NET Type, may look like this:

Initial paramtere properties

If you’d want to add a Comparison filter for this input parameter, you’d probably set it up like this:

Comparison Filter

When you click OK, you’d see an Error message in the Errors and Warning list at the bottom of the page.

Error message with Filter on System.Nullable input parameter

The error reads “The filter field data type System.Nullable<System.Int32> does not match data type System.Int32 on data source element [[Element name]]“.

It seems like SharePoint BCS is unable to cope with Nullable Int .NET data types, which would be odd, as they’ve been around in the .NET Framework since version 2.0.

The solution is to set the Filter Field property of the Filter to <<none>>. Since the Filter Configuration dialog is started from the Element properties panel, the Element to filter is still linked to this filter.

Solution: Set Filter Field to None

Press OK to close the Dialog and press Finish to close the Read List dialog.

Save your changes to the Business Data Connectivity Metadata Store, and you’re done.

Welcome to the new home for my blog!

Welcome all, to, the new home for my blog about SharePoint 2010, Office, and all other things connected to business productivity.

This blog used to be on blogspot, hardly being maintained and posted on. But I intend to use this new version of my blog much more.

Follow me on twitter to keep up to date with any new posts on this blog – whenever I publish a new article, it’ll automatically appear on my timeline, complete with a personal shortened URL of the domain (oh the vanity!)

Changing the identity for a SharePoint 2010 Application Pool

There might be a situation where you want to alter the identity for the IIS application pool under which your SharePoint 2010 web applications are running.

You might be tempted to navigate to the IIS settings and alter the identity in there:

This is not recommended.

It’s best practice to run application pools under a domain user account, i.e. SP_ServiceApps. This account is best managed using Managed Accounts.

To change the identity for an application pool, log into Central Administration and follow these steps:

  1. Go to Security and under General Security, click Configure Service Accounts.
  2. Select the application pool from the components drop-down listbox (1)
  3. Select the managed account (2) that you want to use as
    the identity for this application pool, or register a new managed
    account in SharePoint 2010, using the Register a new managed account link.
  4. Click the OK button.
  5. You’ll be warned that this action requires an IIS reset on all servers, click OK.
  6. Perform a iisreset /noforce on all WFE servers in the farm.

Advanced Editing mode in SharePoint Designer 2010

Ever wondered what the difference is between editing page layouts in default mode or advanced mode in SharePoint Designer 2010?

Editing page layouts in default mode is possible when you include a Web Part Zone in your page layout. Editing page layouts in advanced mode allows you to customize anything on the page layout page. Advanced mode is restricted to Site Collection Administrators.

If you find yourself editing a page where certain parts are locked for editing, like in the following example:

Simply go into advanced mode, by clicking the button in the ribbon (Home tab, Editing section).

You’ll now be able to edit all code on the page layout page:



Automatic salutation for contacts in CRM 4.0

I was asked to bring more uniformity in the use of the Salutation attribute in CRM. In this case, the field is used to contain the Dutch equivelant of “Mr” and “Mrs”. But there should be an option to give a contact a different or additional salutation.

Here’s how it’s resolved:

Initial Contacts formInitially, the Contacts from holds the Salutation text field. We want to reuse this field, but make it more consistent.

On the 2nd tab (Details), there is a dropdown listbox for Gender:

Gender ddlbThis attribute is optional and contains two values, Male and Female.

First we move the Gender field to tab General, section Name.

moved genderNext, open the field properties and go the the event tab:

field propertiesEdit the onChange event and add the following code:

// Declare saltutation constants
var maleSalutation = "De Heer";
var femaleSalutation = "Mevrouw";

// Retrieve the gender of the contact, if it is empty, then
var lookupvalue = 0;
if (crmForm.all.gendercode.DataValue != null)
    lookupvalue = parseInt(crmForm.all.gendercode.DataValue);

// Fill the Salutation field if it is empty or filled with one of the salutations
if (crmForm.all.salutation.DataValue == null || crmForm.all.salutation.DataValue == "" || crmForm.all.salutation.DataValue == maleSalutation || crmForm.all.salutation.DataValue == femaleSalutation)
        case 1:
            crmForm.all.salutation.DataValue = maleSalutation;
        case 2:
            crmForm.all.salutation.DataValue = femaleSalutation;
            crmForm.all.salutation.DataValue = "";

Enable the event and add the fields “Gender” and “Salutation” to the dependent fields.

After you publish the changes, the Salutation field will update to contain one of the the chosen values defined in maleSaltutation and femaleSalutation, whenever the gender attribute changes, unless a different salutation is provided:

end result

Modifying the Account form to hold visiting and postal address in MS Dynamics CRM 4.0

I was asked to modify the Accounts Form in Microsoft Dynamics CRM 4.0, to better match the company and Dutch way of working with addresses. Among others, I wanted to show both the visiting and postal addresses for a company in the same screen.

The Account Form already had some minor modifications; such as making the Primary Contact and Relationship Type recommended values. The Account also already shows a section ‘Address’ with it’s most important attributes. As there was no shipping to customers, attributes such as Shipping Method and Freight Terms could be left out.

The main problem with the current form was the fact that there is only one address on the form, while most accounts have (at least) two addresses that need to be recorded: it’s visiting and postal address (which can be the same, but often differ). One solution could be to use the “More Addresses” list, but these are ‘generic’ address entities that are linked to the account. What many don’t know is that an account has additional address fields which can hold this information.

Here’s how you go about altering the Account form:

rename address section

Go to SettingsCustomizationCustomize Entities, open th account entity and then open the main application form. Next, remove the unwanted attributes from the form and rearrange it.

rename address section

Rename the address section to Visiting Address.

add new sectionThen add a new section below the visiting address: Postal Address.

add fields to sectionSelect the fields from the Address2 collection that you want to use in the Postal Address, in my case these were the same fields as the visiting address.

rearrange fieldsThe fields will be added in the same order in which they are listed in the Add Fields dialog so they’ll have to be rearranged.

rearranged and renamed fieldsRearrange and rename the fields to suit your purpose.

Both addresses also have an Address Name attribute. This field is (often) used to display the organisation name when printing an address. I want it to be equal to the Account Name by default, but still allow the users to modify it to their exact needs. To make this easy, I implemented a client-side script that runs on the OnSave event for the

// Retrieve the name of the account, if it is empty, then use an empty string
var lookupvalue = "";
if ( != null)
    lookupvalue = String(;

// Fill the Visiting and Postal Address Name fields ('address1_name' and 'address2_name') if they are empty
if (crmForm.all.address1_name.DataValue == null || crmForm.all.address1_name.DataValue == "")
    crmForm.all.address1_name.DataValue = lookupvalue;

if (crmForm.all.address2_name.DataValue == null || crmForm.all.address2_name.DataValue == "")
    crmForm.all.address2_name.DataValue = lookupvalue;

OnSave event codeMake sure you enable the event.

Set dependencies

It’s also wise to set the dependencies for the script, so the fields cannot be removed.

Now when a user saves the form, the Address Name fields for the visiting and postal addresses will be filled with the (mandatory) Account Name field. The Address Name fields are not read-only, so users can override this setting. If they already did fill the fields, they will be left untouched.

In this case, CRM is also used in Dutch, so I’ll have to provide translations for the renamed and added form elements.

Dutch versionThis is what the form looks like in Dutch, before translating. Export Labels for Translation and open them in Excel or your favorite Xml editor.

Translating itemsTranslate the labels. The ones for the Address 2 fields will be empty initially.

End result in DutchAnd here’s the end result in Dutch. All that’s left now is to define the address types for Address 2 (and for the visiting address, if required).