One of the first feature that many company need is to provide information to client or provider, one of the way to do that is to open an extranet on which they can connect and find your latest documentation on product, technical documents.
In order to open one site you can add for each users of AD account but it can be expensive if you have many clients. SharePoint offer an other way to authenticate users called FBA (Forms Based Authentication) users and authorization will be stored in a dedicated database.
1. Create the database
From your SharePoint 2016 server go to the folder: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319"
Open and click on "Next/Suivant"
Select the first option and click next again:
Specify the server that will host the datadabse and the named instance if you have any, specify a name for the database "fba_extranet" in my case and click next.
The account use to connect to the SharePoint server will be used as admin for the database you can change the right after.
Click "next/suivant" and the base will be created, you can see the dase and the structure thanks to Management studio:
2. Create Extranet WebApplication
We will now create the SharePoint WebApplication that will host you extranet sites, from SharePoint central administration create a WebApplication
In claims authentication types chose "Enable Windows Authentication" "NTLM"
Set up you webApplication as you normally do and create it.
2.1 Extend the webApplication
The web application is now available but only your AD users can connect we will now extend the webApplication to make it available through an other url that will be dedicated for your client/provider users.
I've created my webApplication on port 82 my internal users will use that url to connect with SSO to the site using their windows account.
I will now decide that external users will connect on port 8282 but they will use FBA credentials.
Select your webApplication in SharePoint central administration and click on "Extend":
Give a name to your extension "Extranet - External users" in my case and a port "8282" for me
Unselect "Enable windows authentication" and select "Enable Forms Based"
Type of name for ASP.Net Membership provider and save it for later do the same for ASP.Net Role Manager:
You can also change the default sign in page if you want to add your company logo or message for your customer but we will not see it here.
Just set up the public Url and chose "Extranet" for the zone:
Please now go to step 2 of this article to see how to tell your SharePoint in which database your users are stored and how to install webParts that will help you manage your users and roles :
Step 2 configuration and install FBA Pack webparts