SharePoint 2010基于Ad登陆的方法

于 2012-11-25 22:22:42 发布
阅读量1.1k 收藏
点赞数
分类专栏: MOSS
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/duanchuanttao/article/details/8223651
版权

1)打开管理中心---管理 Web 应用程序,此时你可以点击Ribbon菜单中的新建,来新建一个新的Web应用程序,将其配置成Form登陆模式。点击新建后,进行如下配置:

1。验证选择基于声明的身份验证,如下图:

2.声明身份验证类型,这里启用基于窗体的身份验证(FBA),注意成员身份提供程序名填:ADMembership;角色管理器名称:roleManager

完成以上配置后,点击确定。然后根据要求在此web应用程序里新建一个站点集,我的站点集url是:http://win-20110701:82/

2)开始--所有程序---Microsoft SharePoint 2010 Products---SharePoint 2010 Management Shell,打开sharepoint shell.输入以下命令:
$webApp = Get-SPWebApplication "http://win-20110701:82/"
$webApp.UseClaimsAuthentication = 1;
$webApp.Update()
$webApp.ProvisionGlobally()
$webApp = Get-SPWebApplication "http://win-20110701:82/"
$webApp.MigrateUsers($True)
注意:输入一行语句后,就按Enter,依次完成上述6条语句的输入。另外将上面的http://win-20110701:82/换成你自己的站点集url。最后效果如下图(注意截图是我网上找的):

3)打开IIS(运行里输入inetmgr 然后回车即可)

1.修改管理中的Web.config,在iis里找到管理中心对应的站点,右击选择浏览,如下图:

注意,修改前备份该Web.config。在里面找到<system.web></system.web>节点,将对应的节点修改成如下内容:

<!--********************roleManager********************-->
    <roleManager defaultProvider="AspNetWindowsTokenRoleProvider"  enabled ="true">
      <providers>
        <add name="roleManager"
            type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            server="WIN-20110701.jj.com"
            port="389"
            useSSL="false"
            groupContainer="DC=jj,DC=com"
            groupNameAttribute="cn"
            groupNameAlternateSearchAttribute="samAccountName"
            groupMemberAttribute="member"
            userNameAttribute="sAMAccountName"
            dnAttribute="distinguishedName"
            groupFilter="(&amp;(ObjectClass=group))"
            userFilter="(&amp;(ObjectClass=person))"
            scope="Subtree"
            connectionUsername="jj\administrator"
            connectionPassword="123abc.."/>
      </providers>
    </roleManager>
    <!--********************membership***********************-->
    <membership defaultProvider="AspNetSqlMembershipProvider">
      <providers>
        <!-- ADMembership-->
        <add name="ADMembership"
            type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            server="WIN-20110701.jj.com"
            port="389"
            useSSL="false"
            userDNAttribute="distinguishedName"
            userNameAttribute="sAMAccountName"
            userContainer="CN=Users,DC=jj,DC=com"
            userObjectClass="person"
            userFilter="(&amp;(ObjectClass=person))"
            scope="Subtree"
            otherRequiredUserAttributes="sn,givenname,cn"
            connectionUsername="jj\administrator"
            connectionPassword="123abc.." />
        <!-- ADMembership-->
      </providers>
    </membership >

注意:红色的内容应该换成你自己的内容。我的主机名是WIN-20110701,因为就一台电脑,所以域也安装在此电脑上了。域名是jj.com

域管理员是jj\administrator,密码是123abc..另外,如果你的域名是xx.com.cn类似这样的,如下:

你可以改成userContainer="CN=Users,DC=xx,DC=com,cn"

2.修改http://win-20110701:82/站点对应的webconfig,同上一样,还是在iis里右击对应的站点,选择浏览.(修改前注意备份)。找到<system.web></system.web>,配置如下:
<membership defaultProvider="i">
      <providers>
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
        <!-- ADMembership-->
        <add name="ADMembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            server="WIN-20110701.jj.com"
            port="389" useSSL="false"
            userDNAttribute="distinguishedName"
            userNameAttribute="sAMAccountName"
            userContainer="CN=Users,DC=jj,DC=com"
            userObjectClass="person"
            userFilter="(&amp;(ObjectClass=person))"
            scope="Subtree"
            otherRequiredUserAttributes="sn,givenname,cn"
            connectionUsername="jj\administrator"
            connectionPassword="123abc.." />
        <!-- ADMembership-->
      </providers>
    </membership>
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
      <providers>
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
        <!-- ADMembership-->
        <add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            server="WIN-20110701.jj.com"
            port="389"
            useSSL="false"
            groupContainer="DC=jj,DC=com"
            groupNameAttribute="cn"
            groupNameAlternateSearchAttribute="samAccountName"
            groupMemberAttribute="member"
            userNameAttribute="sAMAccountName"
            dnAttribute="distinguishedName"
            groupFilter="(&amp;(ObjectClass=group))"
            userFilter="(&amp;(ObjectClass=person))"
            scope="Subtree"
            connectionUsername="jj\administrator"
            connectionPassword="123abc.." />
        <!-- ADMembership-->
      </providers>
    </roleManager>

 注意替换红色的部分,原理同修改管理中心webconfig一样。

3.配置SecurityTokenServiceApplication站点的web.config。

添加如下节点:

<system.web>
    <!-- ADMembership-->
    <membership>
      <providers>
        <!-- ADMembership-->
        <add name="ADMembership"
                  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                  server="WIN-20110701.jj.com"
                  port="389"
                  useSSL="false"
                  userDNAttribute="distinguishedName"
                  userNameAttribute="sAMAccountName"
                  userContainer="CN=Users,DC=jj,DC=com"
                  userObjectClass="person"
                  userFilter="(&amp;(ObjectClass=person))"
                  scope="Subtree"
                  otherRequiredUserAttributes="sn,givenname,cn"
                  connectionUsername="jj\administrator"
                  connectionPassword="123abc.." />
        <!-- ADMembership-->
      </providers>
    </membership>
    <roleManager enabled ="true" >
      <providers>
        <!-- ADMembership-->
        <add name="roleManager"
            type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            server="WIN-20110701.jj.com"
            port="389"
            useSSL="false"
            groupContainer="DC=jj,DC=com"
            groupNameAttribute="cn"
            groupNameAlternateSearchAttribute="samAccountName"
            groupMemberAttribute="member"
            userNameAttribute="sAMAccountName"
            dnAttribute="distinguishedName"
            groupFilter="(&amp;(ObjectClass=group))"
            userFilter="(&amp;(ObjectClass=person))"
            scope="Subtree"
            connectionUsername="jj\administrator"
            connectionPassword="123abc.." />
        <!-- ADMembership-->
      </providers>
    </roleManager>
    <!-- ADMembership-->
  </system.web>

注意用你自己的内容替换上面的。这里就不红色标注了。

段传涛
关注
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值