I recently began a quest, deciding how to use a domain that I purchased recently. I came upon the idea of using Tobias Zimmergren's Discussion web parts as a starting point for an online discussion for SharePoint Users. Not a huge undertaking, but it did present a problem. Account management for any public site can be difficult, considering SharePoint's structure it can be even more so. After weighing Active Directory in Creation Mode, Straight SharePoint Security and more universal authentication mechanisms, I decided to try out Windows Live Authentication. Two options that are under consideration are Facebook Connect and OpenID.
After deciding to go with Windows Live Authentication, I then set about researching options for using WLA with SharePoint. I came up with three options, the first being the Community Kit for SharePoint's solution which was released over two years ago and has not had a major release in a while. The second is a project by Wictor Wilen of the Swedish SharePoint Community which was announced this past April. The last is a trialware solution by Shetab Tech which is a commercial product with a price tag of $269.
CKS Windows Live Authentication
I downloaded and installed the solution and followed the instructions to configure it correctly. Following the instructions can be a little counter intuitive and while is sets up the default zone for windows live authentication, it may not be the desired result in a multi-zone installation. Once I got this up and running the only thing left to do was to enable anonymous access and set up user permissions. Being that this was my first attempt setting up Windows Live Authentication for SharePoint, I hit many snags and issues. Some are well known within the SharePoint Community including assembly caching, others involved correct parameters and web.config settings.
I have found that deviating from the instructions a bit is the easiest way to get CKS WLA up and running. I used the following web.config settings as opposed to the recommended instructions.
Recommended:
<membership defaultProvider="LiveID">
<roleManager defaultProvider="LiveRoles" enabled="true" cacheRolesInCookie="true" cookieName="liveroles">
I Used:
<membership>
<providers>
<add name="LiveID" type="CKS.WindowsLiveAuthentication.LiveMembershipProvider, CKS.WindowsLiveAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b5adbad25a892e4a" />
</providers>
</membership>
<roleManager>
<providers>
<add name="LiveRoles" type="CKS.WindowsLiveAuthentication.LiveRoleProvider, CKS.WindowsLiveAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b5adbad25a892e4a" enabled="true" cacheRolesInCookie="true" cookieName="liveroles"/>
</providers>
</roleManager>
Windows Live ID for SharePoint
After adding the solution and deploying to the server and configuration for this solution was a lot more straightforward and used an application page in Central Administration page. The process is pretty self explanatory but the documentation is robust for an open source project. Installation consists of activating a couple features at the site and farm level, the easiness of this installation is a major plus of using this project.
Short Comparison
| |
CKS Windows Live Authentication |
Windows Live ID for SharePoint |
|
Farm Configuration |
Application Page in Central Administration |
Command line with STSADM |
|
Site Configuration |
Application Page in Layouts |
Part of STSADM Command Line Setup |
|
Administration Web Parts |
N/A |
All Members, Last Logged In Members, Last Updated Members, New Members |
|
Security Groups |
Authenticated Live Users |
Authenticated Live User, Live Users, Unapproved Live Users, Locked Live Users |
Shetab WLA for SharePoint
This product looked interesting from its website, but this is actually a commercial product which put it out of the running for this no budget project. I think it deserved inclusion in this short list of Windows Live Authentication providers.
The Result
By far the Windows Live ID for SharePoint fit the billet for this project. The robustness of the solution and the ease of configuration made this one a win in my book. It would have been much easier if I had tried this solution first, but using CKS WLA first helped me understand the solution much more, and made installation much easier the 10th time around.
Recommendations
Most guides recommend installation on the default zone, the approach I took was to extend my zone into the internet zone. This is how I would recommend doing it in other secnarios, mainly because it enables integrated authentication on your main url which in my case is much better for development. Each situation is different, but this approach worked best, and I would recommend it again.
Article Resources