FBA Claims Super User Halloween Gotcha

I’ve been working with Claims Authentication a lot recently and I’m still tripped up by some of the basics, it would appear. Yesterday, on Halloween, I received an access denied error on my web application after configuring it for Forms Based Authentication. I had previously migrated it to windows claims, but this was my first try moving an existing web application from windows claims to FBA Claims.

The error in the ULS was misleading:

Cannot get Role Manager with name aspnetsqlroleprovider. The role manager for this process was not properly configured. You must configure the role manager in the .config file for every SharePoint process.

After searching all my web.config files for the word aspnetsqlroleprovider I realized I was on a wild goose chase. The culprit was the “Claims Super User Settings” as I will phrase it. I’d dealt with it before when moving the same web application from windows integrated to window claims authentication, but thought I’d properly addressed it the second time around until I got this error.

If you receive an access denied after changing claims authentication settings, take a minute to re-read Configure object cache user accounts in the TechNet SharePoint 2010 Server Operations section. In the case of my FBA implementation, I tried the PowerShell method first, but still received the error afterwards. It wasn’t until I configured the User Policy as described in the reference above that resolved the error.

Claims References

2 Comments
  1. Also got the error after the PowerShell method…very frustrating to say the least. I am still having some issues, if you find anything let me know i searched the forums at sharepoint.microsoft.com and colligo.com and still have nothing. I ll check back here for updates 🙂

  2. Heather,

    Did you follow the Central Administration steps and still receive the access denied? In my limited testing, the manual steps combined with the PowerShell statements have done the trick.

    Thanks for reading,

    Tom

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.