The Community Kit for SharePoint: Internet/Extranet Edition (CKS:IEE) is a tool that contains many useful pieces for both users and administrators of a publicly accessible SharePoint site and extends the already powerful Forms Based Authentication functionality of MOSS.
Here's the play-by-play for installing the CKS:IEE and creating an anonymously accessible Internet site that has FBA enabled for sub-sites using the CKS:IEE:
1) Go to the CodePlex site for the CKS:IEE project.
2) The CKS:IEE doesn't set up Forms Based Authentication so I needed to follow the post by Dan Attis: Office SharePoint Server 2007 - Forms Based Authentication (FBA) Walk-through - Part 1. If you haven't set up Forms Based Authentication yet, this is THE post to follow, as it gets FBA up and running with minimal complexity. I set my site up with the Collaboration Portal template, rather than the Blank Site that Dan used in his post.
Make sure you can browse to the site and login using the default MOSS FBA login page before you install the CKS:IEE solution.
3) Download FBAManagement.zip from the CodePlex site, extract all the files, and run deploy [your_site_url] from a command prompt. The wsp will be added to the solution store, deployed to the site specified, and the features will be activated.
4) Edit the default page of your site, add the Login Web Part to the page from the FBA Self Management group on the Add Web Part dialog.
Set the Chrome Type on the Login Web Page to None. This will hide the web part when a user is logged in.
5) I want to have the default page of the site be anonymous, so that when users go to the URL, they are presented with the home page, not the login page. To set up anonymous access, I followed Bil Simser's post Enabling anonymous access in SharePoint 2007. I had to close all browser windows after I followed Bil's steps to get it working right.
When I went back to the site, here's what I saw:
You'll notice that everything is visible to the unauthenticated user. Document Center, News, Reports, etc. When you first set up anonymous access, everything is accessible to the anonymous user, so you need to scale back the permissions on the sub-sites. This is accomplished by editing the permission on the sub-sites, and then turning off anonymous access.
a) Break inheritance by clicking 'Edit Permissions' in the Actions menu of the Site Permissions list of the sub-site.
b) Click the Anonymous Access link of the now visible Settings menu.
c) Click the radio button to allow anonymous users to access nothing.
I did this for all subsites, and here's how it looked when browsed by an unauthenticated user.
The View All Site Content link is still there in the Quick Launch, but you can deal with that later when you set up your custom master pages and page layouts.
6) The Login Web Part understands the QueryString values that are present in the URL if the user is trying to access a page they don't have permissions to (ie: ?ReturnUrl=%2fSearchCenter%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252fSearchCenter&Source=%2fSearchCenter) This way you can have a page that is managed via CMS services, and when the user logs in correctly, they will be taken to the page they were originally trying to access.
The first step for this to happen is to change the forms login page in the web.config for the site. Change the line
<forms loginUrl="/_layouts/login.aspx" />
<forms loginUrl="/Pages/login.aspx" />
Now, create a new page in the root site's Pages library named Login. Add some text like 'You are trying to access a page with invalid permissions, please try again.' and add the login web part. Should look something like this:
Publish the page.
That's it! We now have a publicly accessible site with Forms Based Authentication that has a default page with anonymous access, and a login page that is managed by SharePoint with CMS content placeholders on it, rather than the flat out-of-box login page.
I plan on having posts that explain using the other web parts included with the CKS:IEE, and I'm also looking to put a custom workflow on the Site Membership Review List. So stay tuned...