一。进管理中心,创建一个应用程序,配置如下:
二。填端口号,和选择form身份认证,以及填写成员和角色,其他都默认就可以了
三。使用SharePoint 2010 Management Shell在里面填写下面的代码
$webApp = Get-SPWebApplication "http://cd-isbunet:82"
$webApp.UseClaimsAuthentication = 1;
$webApp.Update()
$webApp.ProvisionGlobally()
$webApp = Get-SPWebApplication "http://cd-isbunet:82"
$webApp.MigrateUsers($True)
http://cd-isbunet:82 是我刚才创建的应用程序,你需要改成你自己的
四。最重要的一步,修改管理中心,我们创建的应用程序,还有Web服务里面的SecurityTokenServiceApplication(2007是不需要配置这个的)这个3个地方的web.config
1.找到管理中心的<system.web></system.web>,配置如下:
这里先解释下里面的代码,你只需要替换
server="cd-isbunet.ncs.corp.int-ads" //域控的地址
userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads" //Users不用换 DC为你域的信息
groupContainer="DC=ncs,DC=corp,DC=int-ads"
connectionUsername="XXX/jiangly" //换成自己的域管理员
connectionPassword="123456" />
| <membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <!-- ADMembership--> <add name="ADMembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="cd-isbunet.ncs.corp.int-ads" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads" userObjectClass="person" userFilter="(&(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" connectionUsername="XXX/jiangly" connectionPassword="123456" /> <!-- ADMembership--> </providers> </membership > <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled ="true"> <providers> <add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="cd-isbunet.ncs.corp.int-ads" port="389" useSSL="false" groupContainer="DC=ncs,DC=corp,DC=int-ads" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(&(ObjectClass=group))" userFilter="(&(ObjectClass=person))" scope="Subtree" connectionUsername="XXX/jiangly" connectionPassword="123456" /> </providers> </roleManager> |
2.找到应用程序的<system.web></system.web>,配置如下:
| <machineKey validationKey="D35D48269B8B92E8A7D86FB64FBFCC4B2B4F1E3A0BFC43FB" decryptionKey="FEA7B512E6E390C18283E0D2E0542564F1E47E1F0A80F335" validation="SHA1" /> <membership defaultProvider="i"> <providers> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <!-- ADMembership--> <add name="ADMembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="cd-isbunet.ncs.corp.int-ads" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads" userObjectClass="person" userFilter="(&(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" connectionUsername="XXX/jiangly" connectionPassword="123456" /> <!-- ADMembership--> </providers> </membership> <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <!-- ADMembership--> <add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="cd-isbunet.ncs.corp.int-ads" port="389" useSSL="false" groupContainer="DC=ncs,DC=corp,DC=int-ads" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(&(ObjectClass=group))" userFilter="(&(ObjectClass=person))" scope="Subtree" connectionUsername="XXX/jiangly" connectionPassword="123456" /> <!-- ADMembership--> </providers> </roleManager> |
3.找到SecurityTokenServiceApplication站台web.config,它里面没有<system.web></system.web>,你需要自己添加
| <system.web> <!-- ADMembership--> <membership> <providers> <!-- ADMembership--> <add name="ADMembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="cd-isbunet.ncs.corp.int-ads" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads" userObjectClass="person" userFilter="(&(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" connectionUsername="XXX/jiangly" connectionPassword="123456" /> <!-- ADMembership--> </providers> </membership> <roleManager enabled ="true" > <providers> <!-- ADMembership--> <add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="cd-isbunet.ncs.corp.int-ads" port="389" useSSL="false" groupContainer="DC=ncs,DC=corp,DC=int-ads" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(&(ObjectClass=group))" userFilter="(&(ObjectClass=person))" scope="Subtree" connectionUsername="XXX/jiangly" connectionPassword="123456" /> <!-- ADMembership--> </providers> </roleManager> </system.web> |
五。我们进管理中心-》应用程序管理-》打开用户策略-》添加域中的用户(如果没有找到,说明你的web.config里要修改的参数不对)
六。创建网站集,然后打开站点登陆,如果一切正常就能进入站点了
祝你成功!
这里特别感谢foley!
参考资料:
(2)http://isharebook.com/forums/showthread.php/2649-Claims-Based-Identity-in-SharePoint-2010.html
(4)http://xiangzhangjun2006.blog.163.com/blog/static/44140966201061334818612/