Form Based Authentication ( FBA ) for SharePoint

Forms-based authentication (FBA) provides custom identity management in Microsoft SharePoint by implementing a membership provider, which defines interfaces for identifying and authenticating individual users, and a role manager, which defines interfaces for grouping individual users into logical groups or roles. You can normally use FBA in extranet/internet scenario where users can access the application from outside the company domain. There have already been so many articles written on FBA configuration, so I am not going to repeat it here. I am going to summarize the series of activities and troubleshooting I performed in order to setup FBA in my environment.

The concept of configuring FBA remains almost the same in SharePoint 2007 and 2010/13 version. However there are a few things to note:

1. Web Application should be set for Claims based authentication in 2010/2013 while in 2007 you actually need to make sure that Authentication type for the zone is set to "Form".  Form authentication type is no longer available in SharePoint as it embraces a more open standard Claims based authentication. To learn more about Claims what this video.
2. The change in web.config files refer to 3 places in 2010/2013 - Web Application, Central Admin and Security Token Service. In 2007 they refer to Web Application, Central Admin and Shared Service Provider (SSP). Please note that SSP no longer exists in SharePoint and each sharepoint service is setup as a service application.

Here are the links to configure FBA:
For 2010/2013 follow this article. For 2007 refer to this one.

1. Managing Multiple Zones in the Web Application: There are scenarios where you need to maintain site for access to internal users (active directory) within the domain while make the same site available to internet world who just need FBA to access the site. In this case, you can extend the Web Application to separate zones. For example, Default zone can have NTLM (or kerberos) enabled while the web app can be extended to Internet zone which is configured to use FBA only. Also internet zone Web Application can be set at port 80 for internet accessibility. Please be careful where you do this for SharePoint Foundation version as I had issues maintaining both zone's behavior. However, I din't find this an issue for Enterprise and Standard version.
2. Managing Users and Membership: You don't want to write a stored procedure or do a hard entry in SQL database to create/manage FBA users. There are nice codeplex solutions available which can be utilized to manage FBA users. SharePoint 2013 FBA pack, SharePoint 2010 FBA pack and SharePoint 2007 FBA pack are just a few. Once you deploy the solution you will find additional links under site settings to manage users and memberships.
3. People Picker: Sometimes, I have seen cases where FBA users are not resolved in People picker control although FBA authentication works perfectly. Check the following in this case:

Make sure that Wild Cards are added in the Web Application config file

1. <PeoplePickerWildcards>
             <clear />
             <add key="SQL-RoleManager" value="%" />
             <add key="SQL-MembershipProvider" value="%" />
           </PeoplePickerWildcards>

  Change yellow highlighted values to the values you setup during FBA configuration.