Wednesday, November 20, 2013

Permission issue with subsite when using FBA with SharePoint

I recently ran into an issue with my SharePoint 2010 (though it appears to be an issue in 2013 as well) site that is using FBA (Forms Based Authentication). Here is the scenario. I have a SharePoint site that is root in FBA Web Application. I don't want to have to do all the configuration for each site I add so I want to create subsites for each new site I want to add. I want to have the root site not accessible to average users. I will give the users of each subsite the direct url to their site. They will not know the root site exists unless they hack the url in the browser. I am using the SharePoint 2010 FBA Pack, but I don't think that really matters (though I have not tried without it being installed). Regardless, the problem I am having is that when I add a user to one of the subsites it doesn't allow the user to log in and instead tells them access denied.

The problem is that the Master Page Gallery for the site collection needs to have the permissions changed. You can verify that this is the problem by

  1. Navigate to your Master Page Gallery (http://yourSPhostHere/_catalogs/masterpage/Forms/AllItems.aspx). 
  2. Once there you can get permissions on that library. Next Click the Check Permissions button and enter the user that is being denied access. If you see that they don't have access then this is likely your problem. 


The solution is simple. From the permissions for the Master Page Gallery do the following:

  1. Click the Grant Permissions button. 
  2. For Users/Groups textfield enter: All Authenticated Users
  3. For Grant Permissions  select Add users to a SharePoint group (recommended)
  4. Select Style Resource Readers from the drop down list.
  5. Click the OK button.
  6. Try to login again. This time it should work.

No comments: