Part 1 and Part 2 of this series on Forms Based Authentication in SharePoint began painting a mental picture of how FBA works. What might not be clear is how the user gets presented with a form for logging in. Here are a few words (and a couple of pictures) on that.
When you hit the landing page of a SharePoint site that is using FBA, you see a “Sign In” link in the upper right corner:This link takes you to an HTML form — the “F” in “FBA” — where you’ll enter your login credentials. You don’t have to edit any pages to cause this link to appear; you get it for free once you have done all the steps to configure your web application for FBA. (There are lots of configuration steps, though, so “for free” is debatable.)
So what about the form where you enter your credentials? Do you have to create it? No, you don’t. SharePoint comes out of the box with a login form, named login.aspx, which is located in the _layouts folder of your installation. (The full path to _layouts is
C:\Program Files\Common Files\Microsoft Shared\Web Server Extension\12\template\layouts.) The provided form is, understandably, simple:
Although you don’t have to create your own, you will probably want to. If you do create your own login form, what’s the magic that causes the “Sign In” link to display your form instead of SharePoint’s form? That happens in web.config, your application’s configuration file. Here’s the relevant section:
If you create your own login form, name it something other than login.aspx, put it in the _layouts folder, and edit this config entry to point to your file. Don’t edit the login.aspx in _layouts no matter how simple your change may be. A mistake in that file will affect all applications sharing this installation of SharePoint.