sharepoint 2010 基于AD的Form验证

时间:2023-03-09 01:02:45
sharepoint 2010 基于AD的Form验证

一、新建web应用程序

  1、验证部分选择“基于声明的身份验证”

  2、设置端口

  3、选择“启用基于窗体的身份验证(FBA)”

    “ASP.NET 成员身份提供程序名称”下面填写“LdapMember”

    “ASP.NET 角色管理器名称”下面填写“LdapRole”

  4、其他根据自己情况酌情修改

二、创建网站集

三、修改配置文件

  1、应用程序配置文件    

 <roleManager enabled="true" defaultProvider="c" cacheRolesInCookie="false">

       <providers>

         <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

         <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

              server="contoso.com"

              port="389"

              useSSL="false"

              userContainer="CN=Users,DC=contoso,DC=com"

              groupNameAttribute="cn"

              groupNameAlternateSearchAttribute="samAccountName"

              groupMemberAttribute="member"

              userNameAttribute="sAMAccountName"

              dnAttribute="distinguishedName"

              groupFilter="(ObjectClass=group)"

              userFilter="(ObjectClass=person)"

              scope="Subtree"

              connectionUsername="contoso\mossadmin"

         connectionPassword="Pass@word"/>

       </providers>

     </roleManager>

     <membership defaultProvider="i">

       <providers>

         <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

         <add name="LdapMember"

              type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

              server="contoso.com"

              port="389"

              useSSL="false"

              userDNAttribute="distinguishedName"

              userNameAttribute="sAMAccountName"

              userContainer="CN=Users,DC=contoso,DC=com"

              userObjectClass="person"

              userFilter="(ObjectClass=person)"

              scope="Subtree"

              otherRequiredUserAttributes="sn,givenname,cn"

              connectionUsername="contoso\mossadmin"

              connectionPassword="Pass@word"/>

       </providers>

     </membership>

  2、管理中心配置文件

     <roleManager  enabled="true"  defaultProvider="AspNetWindowsTokenRoleProvider">

       <providers>

         <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

            server="contoso.com"

            port="389"

            useSSL="false"

            userContainer="CN=Users,DC=contoso,DC=com"

            groupNameAttribute="cn"

            groupNameAlternateSearchAttribute="samAccountName"

            groupMemberAttribute="member"

            userNameAttribute="sAMAccountName"

            dnAttribute="distinguishedName"

            groupFilter="(ObjectClass=group)"

            userFilter="(ObjectClass=person)"

            scope="Subtree"

            connectionUsername="contoso\mossadmin"

            connectionPassword="Pass@word"/>

       </providers>

     </roleManager>

     <membership >

       <providers>

         <add name="LdapMember"

               type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

               server="contoso.com"

               port="389"

               useSSL="false"

               userDNAttribute="distinguishedName"

               userNameAttribute="sAMAccountName"

               userContainer="CN=Users,DC=contoso,DC=com"

               userObjectClass="person"

               userFilter="(ObjectClass=person)"

               scope="Subtree"

               otherRequiredUserAttributes="sn,givenname,cn"

               connectionUsername="contoso\mossadmin"

               connectionPassword="Pass@word"/>

       </providers>

     </membership>

  3、SecurityTokenServiceApplication配置文件

     <roleManager  enabled="true" >

       <providers>

         <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

          server="contoso.com"

          port="389"

          useSSL="false"

          userContainer="CN=Users,DC=contoso,DC=com"

          groupNameAttribute="cn"

          groupNameAlternateSearchAttribute="samAccountName"

          groupMemberAttribute="member"

          userNameAttribute="sAMAccountName"

          dnAttribute="distinguishedName"

          groupFilter="(ObjectClass=group)"

          userFilter="(ObjectClass=person)"

          scope="Subtree"

          connectionUsername="contoso\mossadmin"

     connectionPassword="Pass@word"/>

       </providers>

     </roleManager>

     <membership >

       <providers>

         <add name="LdapMember"

             type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

             server="contoso.com"

             port="389"

             useSSL="false"

             userDNAttribute="distinguishedName"

             userNameAttribute="sAMAccountName"

             userContainer="CN=Users,DC=contoso,DC=com"

             userObjectClass="person"

             userFilter="(ObjectClass=person)"

             scope="Subtree"

             otherRequiredUserAttributes="sn,givenname,cn"

             connectionUsername="contoso\mossadmin"

             connectionPassword="Pass@word"/>

       </providers>

     </membership>

四、添加一个用户策略

  在这添加用户的时候选择搜索用户那个按钮,搜索用户的时候,用户至少出现两次:

    一个是“用户:Activity Directory”

    一个是“用户:表单认证”

  选择用户,设置完全控制权限。

相关文章