写之前,我发下感慨,我为了弄这个from认证花费了4天时间,而且每天都熬夜2点才睡觉,最后还是在和 foley 讨论下才真正成功实现了,这里form认证和2007不一样,它的用户是存在AD里面的,所以需要域服务器,外国的文章和MSND上也只提供了这种方式,现在我也没法实现2007那种SQL数据库保存用户的方法,因为在登录的时候会爆一个很BT得错误(经过多方努力,终于找到文档实现SQL保存用户了),好了我现在介绍怎么配置form认证:
一。进管理中心,创建一个应用程序,配置如下:
二。填端口号,和选择form身份认证,以及填写成员和角色,其他都默认就可以了
三。使用SharePoint 2010 Management Shell在里面填写下面的代码
代码
$webApp.UseClaimsAuthentication = 1 ;
$webApp.Update()
$webApp.ProvisionGlobally()
$webApp = Get - SPWebApplication " http://cd-isbunet:82 "
$webApp.MigrateUsers($True)
http://cd-isbunet:82 是我刚才创建的应用程序,你需要改成你自己的
四。最重要的一步,修改管理中心,我们创建的应用程序,还有Web服务里面的SecurityTokenServiceApplication(2007是不需要配置这个的)这个3个地方的web.config
1.找到管理中心的<system.web></system.web>,配置如下:
这里先解释下里面的代码,你只需要替换
server="cd-isbunet.ncs.corp.int-ads" //域控的地址
userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads" //Users不用换 DC为你域的信息
groupContainer="DC=ncs,DC=corp,DC=int-ads"
connectionUsername="XXX/jiangly" //换成自己的域管理员
connectionPassword="123456" />
代码
< providers >
<!-- ADMembership -->
< add name ="ADMembership"
type ="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server ="cd-isbunet.ncs.corp.int-ads"
port ="389"
useSSL ="false"
userDNAttribute ="distinguishedName"
userNameAttribute ="sAMAccountName"
userContainer ="CN=Users,DC=ncs,DC=corp,DC=int-ads"
userObjectClass ="person"
userFilter ="(&(ObjectClass=person))"
scope ="Subtree"
otherRequiredUserAttributes ="sn,givenname,cn"
connectionUsername ="XXX/jiangly"
connectionPassword ="123456" />
<!-- ADMembership -->
</ providers >
</ membership >
< roleManager defaultProvider ="AspNetWindowsTokenRoleProvider" enabled ="true" >
< providers >
< add name ="roleManager"
type ="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server ="cd-isbunet.ncs.corp.int-ads"
port ="389"
useSSL ="false"
groupContainer ="DC=ncs,DC=corp,DC=int-ads"
groupNameAttribute ="cn"
groupNameAlternateSearchAttribute ="samAccountName"
groupMemberAttribute ="member"
userNameAttribute ="sAMAccountName"
dnAttribute ="distinguishedName"
groupFilter ="(&(ObjectClass=group))"
userFilter ="(&(ObjectClass=person))"
scope ="Subtree"
connectionUsername ="XXX/jiangly"
connectionPassword ="123456" />
</ providers >
</ roleManager >
2.找到应用程序的<system.web></system.web>,配置如下:
代码
< membership defaultProvider ="i" >
< providers >
< add name ="i" type ="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<!-- ADMembership -->
< add name ="ADMembership" type ="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server ="cd-isbunet.ncs.corp.int-ads"
port ="389" useSSL ="false"
userDNAttribute ="distinguishedName"
userNameAttribute ="sAMAccountName"
userContainer ="CN=Users,DC=ncs,DC=corp,DC=int-ads"
userObjectClass ="person"
userFilter ="(&(ObjectClass=person))"
scope ="Subtree"
otherRequiredUserAttributes ="sn,givenname,cn"
connectionUsername ="XXX/jiangly"
connectionPassword ="123456" />
<!-- ADMembership -->
</ providers >
</ membership >
< roleManager defaultProvider ="c" enabled ="true" cacheRolesInCookie ="false" >
< providers >
< add name ="c" type ="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<!-- ADMembership -->
< add name ="roleManager" type ="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server ="cd-isbunet.ncs.corp.int-ads"
port ="389"
useSSL ="false"
groupContainer ="DC=ncs,DC=corp,DC=int-ads"
groupNameAttribute ="cn"
groupNameAlternateSearchAttribute ="samAccountName"
groupMemberAttribute ="member"
userNameAttribute ="sAMAccountName"
dnAttribute ="distinguishedName"
groupFilter ="(&(ObjectClass=group))"
userFilter ="(&(ObjectClass=person))"
scope ="Subtree"
connectionUsername ="XXX/jiangly"
connectionPassword ="123456" />
<!-- ADMembership -->
</ providers >
</ roleManager >
3.找到SecurityTokenServiceApplication站台web.config,它里面没有<system.web></system.web>,你需要自己添加
代码
<!-- ADMembership -->
< membership >
< providers >
<!-- ADMembership -->
< add name ="ADMembership"
type ="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server ="cd-isbunet.ncs.corp.int-ads"
port ="389"
useSSL ="false"
userDNAttribute ="distinguishedName"
userNameAttribute ="sAMAccountName"
userContainer ="CN=Users,DC=ncs,DC=corp,DC=int-ads"
userObjectClass ="person"
userFilter ="(&(ObjectClass=person))"
scope ="Subtree"
otherRequiredUserAttributes ="sn,givenname,cn"
connectionUsername ="XXX/jiangly"
connectionPassword ="123456" />
<!-- ADMembership -->
</ providers >
</ membership >
< roleManager enabled ="true" >
< providers >
<!-- ADMembership -->
< add name ="roleManager"
type ="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server ="cd-isbunet.ncs.corp.int-ads"
port ="389"
useSSL ="false"
groupContainer ="DC=ncs,DC=corp,DC=int-ads"
groupNameAttribute ="cn"
groupNameAlternateSearchAttribute ="samAccountName"
groupMemberAttribute ="member"
userNameAttribute ="sAMAccountName"
dnAttribute ="distinguishedName"
groupFilter ="(&(ObjectClass=group))"
userFilter ="(&(ObjectClass=person))"
scope ="Subtree"
connectionUsername ="XXX/jiangly"
connectionPassword ="123456" />
<!-- ADMembership -->
</ providers >
</ roleManager >
</ system.web >
五。我们进管理中心-》应用程序管理-》打开用户策略-》添加域中的用户(如果没有找到,说明你的web.config里要修改的参数不对)
六。创建网站集,然后打开站点登陆,如果一切正常就能进入站点了
祝你成功!
这里特别感谢foley!
参考资料:
(2)http://isharebook.com/forums/showthread.php/2649-Claims-Based-Identity-in-SharePoint-2010.html
(4)http://xiangzhangjun2006.blog.163.com/blog/static/44140966201061334818612/
转自http://www.cnblogs.com/jlydboy/articles/1792112.html
正如作者所述,配置这个花了几天时间,也正因此或许面临的问题比较全面,也更有价值,特转此两篇,以备不时之需。
