zoukankan      html  css  js  c++  java
  • Sharepoint 2010 Form 身份认证的实现(基于AD)

    写之前,我发下感慨,我为了弄这个from认证花费了4天时间,而且每天都熬夜2点才睡觉,最后还是在和 foley 讨论下才真正成功实现了,这里form认证和2007不一样,它的用户是存在AD里面的,所以需要域服务器,外国的文章和MSND上也只提供了这种方式,现在我也没法实现2007那种SQL数据库保存用户的方法,因为在登录的时候会爆一个很BT得错误(经过多方努力,终于找到文档实现SQL保存用户了),好了我现在介绍怎么配置form认证:

    一。进管理中心,创建一个应用程序,配置如下:

      

    二。填端口号,和选择form身份认证,以及填写成员和角色,其他都默认就可以了 

     

     三。使用SharePoint 2010 Management Shell在里面填写下面的代码

    代码
    $webApp = Get-SPWebApplication "http://cd-isbunet:82"
    $webApp.UseClaimsAuthentication
    = 1;
    $webApp.Update()
    $webApp.ProvisionGlobally()
    $webApp
    = Get-SPWebApplication "http://cd-isbunet:82"
    $webApp.MigrateUsers($True)

    http://cd-isbunet:82 是我刚才创建的应用程序,你需要改成你自己的

    四。最重要的一步,修改管理中心,我们创建的应用程序,还有Web服务里面的SecurityTokenServiceApplication(2007是不需要配置这个的)这个3个地方的web.config

    1.找到管理中心的<system.web></system.web>,配置如下:

    这里先解释下里面的代码,你只需要替换

    server="cd-isbunet.ncs.corp.int-ads"   //域控的地址
    userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads"   //Users不用换 DC为你域的信息

    groupContainer="DC=ncs,DC=corp,DC=int-ads"

    connectionUsername="XXX/jiangly"  //换成自己的域管理员
    connectionPassword
    ="123456" />

                                              

                                         

    代码
    <membership defaultProvider="AspNetSqlMembershipProvider">

    <providers>

    <!-- ADMembership-->

    <add name="ADMembership"

    type
    ="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

    server
    ="cd-isbunet.ncs.corp.int-ads"

    port
    ="389"

    useSSL
    ="false"

    userDNAttribute
    ="distinguishedName"

    userNameAttribute
    ="sAMAccountName"

    userContainer
    ="CN=Users,DC=ncs,DC=corp,DC=int-ads"

    userObjectClass
    ="person"

    userFilter
    ="(&amp;(ObjectClass=person))"

    scope
    ="Subtree"

    otherRequiredUserAttributes
    ="sn,givenname,cn"

    connectionUsername
    ="XXX/jiangly"

    connectionPassword
    ="123456" />

    <!-- ADMembership-->

    </providers>

    </membership >

    <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled ="true">

    <providers>

    <add name="roleManager"

    type
    ="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

    server
    ="cd-isbunet.ncs.corp.int-ads"

    port
    ="389"

    useSSL
    ="false"

    groupContainer
    ="DC=ncs,DC=corp,DC=int-ads"

    groupNameAttribute
    ="cn"

    groupNameAlternateSearchAttribute
    ="samAccountName"

    groupMemberAttribute
    ="member"

    userNameAttribute
    ="sAMAccountName"

    dnAttribute
    ="distinguishedName"

    groupFilter
    ="(&amp;(ObjectClass=group))"

    userFilter
    ="(&amp;(ObjectClass=person))"

    scope
    ="Subtree"

    connectionUsername
    ="XXX/jiangly"

    connectionPassword
    ="123456" />



    </providers>

    </roleManager>

    2.找到应用程序的<system.web></system.web>,配置如下:

    代码
    <machineKey validationKey="D35D48269B8B92E8A7D86FB64FBFCC4B2B4F1E3A0BFC43FB" decryptionKey="FEA7B512E6E390C18283E0D2E0542564F1E47E1F0A80F335" validation="SHA1" />
    <membership defaultProvider="i">

    <providers>

    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

    <!-- ADMembership-->

    <add name="ADMembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

    server
    ="cd-isbunet.ncs.corp.int-ads"

    port
    ="389" useSSL="false"

    userDNAttribute
    ="distinguishedName"

    userNameAttribute
    ="sAMAccountName"

    userContainer
    ="CN=Users,DC=ncs,DC=corp,DC=int-ads"

    userObjectClass
    ="person"

    userFilter
    ="(&amp;(ObjectClass=person))"

    scope
    ="Subtree"

    otherRequiredUserAttributes
    ="sn,givenname,cn"

    connectionUsername
    ="XXX/jiangly"

    connectionPassword
    ="123456" />

    <!-- ADMembership-->

    </providers>

    </membership>

    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">

    <providers>

    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

    <!-- ADMembership-->

    <add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

    server
    ="cd-isbunet.ncs.corp.int-ads"

    port
    ="389"

    useSSL
    ="false"

    groupContainer
    ="DC=ncs,DC=corp,DC=int-ads"

    groupNameAttribute
    ="cn"

    groupNameAlternateSearchAttribute
    ="samAccountName"

    groupMemberAttribute
    ="member"

    userNameAttribute
    ="sAMAccountName"

    dnAttribute
    ="distinguishedName"

    groupFilter
    ="(&amp;(ObjectClass=group))"

    userFilter
    ="(&amp;(ObjectClass=person))"

    scope
    ="Subtree"

    connectionUsername
    ="XXX/jiangly"

    connectionPassword
    ="123456" />

    <!-- ADMembership-->

    </providers>

    </roleManager>

    3.找到SecurityTokenServiceApplication站台web.config,它里面没有<system.web></system.web>,你需要自己添加

     

    代码
    <system.web>
    <!-- ADMembership-->

    <membership>

    <providers>

    <!-- ADMembership-->

    <add name="ADMembership"

    type
    ="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

    server
    ="cd-isbunet.ncs.corp.int-ads"

    port
    ="389"

    useSSL
    ="false"

    userDNAttribute
    ="distinguishedName"

    userNameAttribute
    ="sAMAccountName"

    userContainer
    ="CN=Users,DC=ncs,DC=corp,DC=int-ads"

    userObjectClass
    ="person"

    userFilter
    ="(&amp;(ObjectClass=person))"

    scope
    ="Subtree"

    otherRequiredUserAttributes
    ="sn,givenname,cn"

    connectionUsername
    ="XXX/jiangly"

    connectionPassword
    ="123456" />

    <!-- ADMembership-->

    </providers>

    </membership>

    <roleManager enabled ="true" >

    <providers>

    <!-- ADMembership-->

    <add name="roleManager"

    type
    ="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

    server
    ="cd-isbunet.ncs.corp.int-ads"

    port
    ="389"

    useSSL
    ="false"

    groupContainer
    ="DC=ncs,DC=corp,DC=int-ads"

    groupNameAttribute
    ="cn"

    groupNameAlternateSearchAttribute
    ="samAccountName"

    groupMemberAttribute
    ="member"

    userNameAttribute
    ="sAMAccountName"

    dnAttribute
    ="distinguishedName"

    groupFilter
    ="(&amp;(ObjectClass=group))"

    userFilter
    ="(&amp;(ObjectClass=person))"

    scope
    ="Subtree"

    connectionUsername
    ="XXX/jiangly"

    connectionPassword
    ="123456" />

    <!-- ADMembership-->

    </providers>

    </roleManager>

    </system.web>

    五。我们进管理中心-》应用程序管理-》打开用户策略-》添加域中的用户(如果没有找到,说明你的web.config里要修改的参数不对)

    六。创建网站集,然后打开站点登陆,如果一切正常就能进入站点了

    祝你成功!

    这里特别感谢foley!

    参考资料:

    (1)http://www.microsofttranslator.com/bv.aspx?ref=Internal&from=en&to=zh-CHS&a=http%3a%2f%2fblogs.msdn.com%2fb%2frussmax%2farchive%2f2009%2f12%2f31%2fconfiguring-forms-based-authentication-for-claims-based-web-applications.aspx

    (2)http://isharebook.com/forums/showthread.php/2649-Claims-Based-Identity-in-SharePoint-2010.html

    (3)http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx

    (4)http://xiangzhangjun2006.blog.163.com/blog/static/44140966201061334818612/

    转自http://www.cnblogs.com/jlydboy/articles/1792112.html

    正如作者所述,配置这个花了几天时间,也正因此或许面临的问题比较全面,也更有价值,特转此两篇,以备不时之需。

  • 相关阅读:
    CentOS7安装MySQL报错,解决Failed to start mysqld.service: Unit not found
    已知root用户密码并登录,修改mysql用户名密码方法
    修改完Apache的配置文件,重启Apache后,仍无法打开网页
    设置Apache(httpd)和Nginx 开机自启动
    Apache的网站,使用Nginx进行反向代理(1个IP绑定多个域名,对应多个网站)解决方案
    启动mysql遇到问题Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
    linux下启动mysql提示:Timeout error occurred trying to start MySQL Daemon
    在线上Linux下,PHP扩展安装(使用yum安装)
    在Linux下 MySQL错误 ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) 解决办法【很管用】
    mysql 如何删除数据库中所有的表
  • 原文地址:https://www.cnblogs.com/justinliu/p/5961776.html
Copyright © 2011-2022 走看看