Sharepoint 2010 Form 身份认证的实现(基于AD)

转载 2010年08月06日 16:54:00

写之前,我发下感慨,我为了弄这个from认证花费了4天时间,而且每天都熬夜2点才睡觉,最后还是在和 foley 讨论下才真正成功实现了,这里form认证和2007不一样,它的用户是存在AD里面的,所以需要域服务器,外国的文章和MSND上也只提供了这种方式,现在我也没法实现2007那种SQL数据库保存用户的方法,因为在登录的时候会爆一个很BT得错误(经过多方努力,终于找到文档实现SQL保存用户了),好了我现在介绍怎么配置form认证:

 

一。进管理中心,创建一个应用程序,配置如下:

  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

二。填端口号,和选择form身份认证,以及填写成员和角色,其他都默认就可以了 

 

 

 三。使用SharePoint 2010 Management Shell在里面填写下面的代码

 

代码
$webApp = Get-SPWebApplication "http://cd-isbunet:82"
$webApp.UseClaimsAuthentication
= 1;
$webApp.Update()
$webApp.ProvisionGlobally()
$webApp
= Get-SPWebApplication "http://cd-isbunet:82"
$webApp.MigrateUsers($True)

 

http://cd-isbunet:82 是我刚才创建的应用程序,你需要改成你自己的

四。最重要的一步,修改管理中心,我们创建的应用程序,还有Web服务里面的SecurityTokenServiceApplication(2007是不需要配置这个的)这个3个地方的web.config

1.找到管理中心的<system.web></system.web>,配置如下:

这里先解释下里面的代码,你只需要替换

server="cd-isbunet.ncs.corp.int-ads"   //域控的地址
userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads"   //Users不用换 DC为你域的信息

groupContainer="DC=ncs,DC=corp,DC=int-ads"

connectionUsername="XXX/jiangly"  //换成自己的域管理员
connectionPassword
="123456" />

                                          

                                     

代码
<membership defaultProvider="AspNetSqlMembershipProvider">

<providers>

<!-- ADMembership-->

<add name="ADMembership"

type
="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server
="cd-isbunet.ncs.corp.int-ads"

port
="389"

useSSL
="false"

userDNAttribute
="distinguishedName"

userNameAttribute
="sAMAccountName"

userContainer
="CN=Users,DC=ncs,DC=corp,DC=int-ads"

userObjectClass
="person"

userFilter
="(&amp;(ObjectClass=person))"

scope
="Subtree"

otherRequiredUserAttributes
="sn,givenname,cn"

connectionUsername
="XXX/jiangly"

connectionPassword
="123456" />

<!-- ADMembership-->

</providers>

</membership >

<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled ="true">

<providers>

<add name="roleManager"

type
="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server
="cd-isbunet.ncs.corp.int-ads"

port
="389"

useSSL
="false"

groupContainer
="DC=ncs,DC=corp,DC=int-ads"

groupNameAttribute
="cn"

groupNameAlternateSearchAttribute
="samAccountName"

groupMemberAttribute
="member"

userNameAttribute
="sAMAccountName"

dnAttribute
="distinguishedName"

groupFilter
="(&amp;(ObjectClass=group))"

userFilter
="(&amp;(ObjectClass=person))"

scope
="Subtree"

connectionUsername
="XXX/jiangly"

connectionPassword
="123456" />



</providers>

</roleManager>

2.找到应用程序的<system.web></system.web>,配置如下:

 

代码
<machineKey validationKey="D35D48269B8B92E8A7D86FB64FBFCC4B2B4F1E3A0BFC43FB" decryptionKey="FEA7B512E6E390C18283E0D2E0542564F1E47E1F0A80F335" validation="SHA1" />
<membership defaultProvider="i">

<providers>

<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

<!-- ADMembership-->

<add name="ADMembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server
="cd-isbunet.ncs.corp.int-ads"

port
="389" useSSL="false"

userDNAttribute
="distinguishedName"

userNameAttribute
="sAMAccountName"

userContainer
="CN=Users,DC=ncs,DC=corp,DC=int-ads"

userObjectClass
="person"

userFilter
="(&amp;(ObjectClass=person))"

scope
="Subtree"

otherRequiredUserAttributes
="sn,givenname,cn"

connectionUsername
="XXX/jiangly"

connectionPassword
="123456" />

<!-- ADMembership-->

</providers>

</membership>

<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">

<providers>

<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

<!-- ADMembership-->

<add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server
="cd-isbunet.ncs.corp.int-ads"

port
="389"

useSSL
="false"

groupContainer
="DC=ncs,DC=corp,DC=int-ads"

groupNameAttribute
="cn"

groupNameAlternateSearchAttribute
="samAccountName"

groupMemberAttribute
="member"

userNameAttribute
="sAMAccountName"

dnAttribute
="distinguishedName"

groupFilter
="(&amp;(ObjectClass=group))"

userFilter
="(&amp;(ObjectClass=person))"

scope
="Subtree"

connectionUsername
="XXX/jiangly"

connectionPassword
="123456" />

<!-- ADMembership-->

</providers>

</roleManager>

3.找到SecurityTokenServiceApplication站台web.config,它里面没有<system.web></system.web>,你需要自己添加

 

代码
<system.web>
<!-- ADMembership-->

<membership>

<providers>

<!-- ADMembership-->

<add name="ADMembership"

type
="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server
="cd-isbunet.ncs.corp.int-ads"

port
="389"

useSSL
="false"

userDNAttribute
="distinguishedName"

userNameAttribute
="sAMAccountName"

userContainer
="CN=Users,DC=ncs,DC=corp,DC=int-ads"

userObjectClass
="person"

userFilter
="(&amp;(ObjectClass=person))"

scope
="Subtree"

otherRequiredUserAttributes
="sn,givenname,cn"

connectionUsername
="XXX/jiangly"

connectionPassword
="123456" />

<!-- ADMembership-->

</providers>

</membership>

<roleManager enabled ="true" >

<providers>

<!-- ADMembership-->

<add name="roleManager"

type
="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server
="cd-isbunet.ncs.corp.int-ads"

port
="389"

useSSL
="false"

groupContainer
="DC=ncs,DC=corp,DC=int-ads"

groupNameAttribute
="cn"

groupNameAlternateSearchAttribute
="samAccountName"

groupMemberAttribute
="member"

userNameAttribute
="sAMAccountName"

dnAttribute
="distinguishedName"

groupFilter
="(&amp;(ObjectClass=group))"

userFilter
="(&amp;(ObjectClass=person))"

scope
="Subtree"

connectionUsername
="XXX/jiangly"

connectionPassword
="123456" />

<!-- ADMembership-->

</providers>

</roleManager>

</system.web>

五。我们进管理中心-》应用程序管理-》打开用户策略-》添加域中的用户(如果没有找到,说明你的web.config里要修改的参数不对)

六。创建网站集,然后打开站点登陆,如果一切正常就能进入站点了

 

祝你成功!

 

这里特别感谢foley!

参考资料:

(1)http://www.microsofttranslator.com/bv.aspx?ref=Internal&from=en&to=zh-CHS&a=http%3a%2f%2fblogs.msdn.com%2fb%2frussmax%2farchive%2f2009%2f12%2f31%2fconfiguring-forms-based-authentication-for-claims-based-web-applications.aspx

(2)http://isharebook.com/forums/showthread.php/2649-Claims-Based-Identity-in-SharePoint-2010.html

(3)http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx

(4)http://xiangzhangjun2006.blog.163.com/blog/static/44140966201061334818612/

 

转自http://www.cnblogs.com/jlydboy/articles/1792112.html

正如作者所述,配置这个花了几天时间,也正因此或许面临的问题比较全面,也更有价值,特转此两篇,以备不时之需。

相关文章推荐

【GamingAnywhere源码分析之知识补充四】C操作Windows AD实现用户身份认证

C操作ldap服务器(这为Windows AD)实现用户身份的认证;RTSP通信协议流程。

[SharePoint 2010]为SharePoint 2010配置基于表单的身份认证

[SharePoint 2010]为SharePoint 2010配置基于表单的身份认证 总体来说SharePoint 2010与2007配置基于表单的认证的方法几乎一样,不过仍然有些区别,...

[SharePoint 2010]为SharePoint 2010配置基于表单的身份认证

   [SharePoint 2010]为SharePoint 2010配置基于表单的身份认证 总体来说SharePoint 2010与2007配置基于表单的认证的方法几乎一样,不过仍然有些区别...

FORM 身份认证实例

  • 2009年08月23日 20:21
  • 112KB
  • 下载

SharePoint 2013 BI 之 report service 身份认证模式

本文介绍SharePoint 2013 BI 之 report service 身份认证模式。

SharePoint 2013 配置基于表单的身份认证

前 言  这里简单介绍一下为SharePoint 2013 配置基于表单的身份认证,简单的说,就是用Net提供的工具创建数据库,然后配置SharePoint 管理中心、STS服务、Web应用程序的三处...

ASP.NET身份验证——Form身份认证

细说ASP.NET Forms身份认证 用户登录是个很常见的业务需求,在ASP.NET中,这个过程被称为身份认证。 由于很常见,因此,我认为把这块内容整理出来,与大家分享应该是件有意义的事。 ...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:Sharepoint 2010 Form 身份认证的实现(基于AD)
举报原因:
原因补充:

(最多只允许输入30个字)