sharepoint 2010 基于AD的Form验证

一、新建web应用程序

  1、验证部分选择“基于声明的身份验证”

  2、设置端口

  3、选择“

    “ASP.NET 成员身份提供程序名称”下面填写“LdapMember”

    “ASP.NET 角色管理器名称”下面填写“LdapRole”

  4、其他根据自己情况酌情修改

二、创建网站集

三、修改配置文件

  1、应用程序配置文件    

 1 <roleManager enabled="true" defaultProvider="c" cacheRolesInCookie="false">
 2       <providers>
 3         <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
 4 
 5         <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
 6              server="contoso.com"
 7              port="389"
 8              useSSL="false"
 9              userContainer="CN=Users,DC=contoso,DC=com"
10              groupNameAttribute="cn"
11              groupNameAlternateSearchAttribute="samAccountName"
12              groupMemberAttribute="member"
13              userNameAttribute="sAMAccountName"
14              dnAttribute="distinguishedName"
15              groupFilter="(ObjectClass=group)"
16              userFilter="(ObjectClass=person)"
17              scope="Subtree"
18              connectionUsername="contoso\mossadmin"
19         connectionPassword="Pass@word"/>
20       </providers>
21     </roleManager>
22     <membership defaultProvider="i">
23       <providers>
24         <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
25         <add name="LdapMember"
26              type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
27              server="contoso.com"
28              port="389"
29              useSSL="false"
30              userDNAttribute="distinguishedName"
31              userNameAttribute="sAMAccountName"
32              userContainer="CN=Users,DC=contoso,DC=com"
33              userObjectClass="person"
34              userFilter="(ObjectClass=person)"
35              scope="Subtree"
36              otherRequiredUserAttributes="sn,givenname,cn"
37              connectionUsername="contoso\mossadmin"
38              connectionPassword="Pass@word"/>
39       </providers>
40     </membership>
View Code

  2、管理中心配置文件

 1     <roleManager  enabled="true"  defaultProvider="AspNetWindowsTokenRoleProvider">
 2       <providers>
 3         <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
 4            server="contoso.com"
 5            port="389"
 6            useSSL="false"
 7            userContainer="CN=Users,DC=contoso,DC=com"
 8            groupNameAttribute="cn"
 9            groupNameAlternateSearchAttribute="samAccountName"
10            groupMemberAttribute="member"
11            userNameAttribute="sAMAccountName"
12            dnAttribute="distinguishedName"
13            groupFilter="(ObjectClass=group)"
14            userFilter="(ObjectClass=person)"
15            scope="Subtree"
16            connectionUsername="contoso\mossadmin"
17            connectionPassword="Pass@word"/>
18       </providers>
19     </roleManager>
20     <membership >
21       <providers>
22         <add name="LdapMember"
23               type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
24               server="contoso.com"
25               port="389"
26               useSSL="false"
27               userDNAttribute="distinguishedName"
28               userNameAttribute="sAMAccountName"
29               userContainer="CN=Users,DC=contoso,DC=com"
30               userObjectClass="person"
31               userFilter="(ObjectClass=person)"
32               scope="Subtree"
33               otherRequiredUserAttributes="sn,givenname,cn"
34               connectionUsername="contoso\mossadmin"
35               connectionPassword="Pass@word"/>
36       </providers>   
37     </membership>
View Code

  3、SecurityTokenServiceApplication配置文件

 1     <roleManager  enabled="true" >
 2       <providers>
 3         <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
 4          server="contoso.com"
 5          port="389"
 6          useSSL="false"
 7          userContainer="CN=Users,DC=contoso,DC=com"
 8          groupNameAttribute="cn"
 9          groupNameAlternateSearchAttribute="samAccountName"
10          groupMemberAttribute="member"
11          userNameAttribute="sAMAccountName"
12          dnAttribute="distinguishedName"
13          groupFilter="(ObjectClass=group)"
14          userFilter="(ObjectClass=person)"
15          scope="Subtree"
16          connectionUsername="contoso\mossadmin"
17     connectionPassword="Pass@word"/>
18       </providers>
19     </roleManager>
20     <membership >
21       <providers>
22         <add name="LdapMember"
23             type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
24             server="contoso.com"
25             port="389"
26             useSSL="false"
27             userDNAttribute="distinguishedName"
28             userNameAttribute="sAMAccountName"
29             userContainer="CN=Users,DC=contoso,DC=com"
30             userObjectClass="person"
31             userFilter="(ObjectClass=person)"
32             scope="Subtree"
33             otherRequiredUserAttributes="sn,givenname,cn"
34             connectionUsername="contoso\mossadmin"
35             connectionPassword="Pass@word"/>
36       </providers>
37     </membership>
View Code

四、添加一个用户策略

  在这添加用户的时候选择搜索用户那个按钮,搜索用户的时候,用户至少出现两次:

    一个是“用户:Activity Directory”

    一个是“用户:表单认证”

  选择用户,设置完全控制权限。

posted @ 2014-09-11 13:18  qiumc  阅读(363)  评论(0编辑  收藏  举报