sharepoint2010 基于AD验证的表单登录配置整理
最近群里有些朋友想要配置 “基于AD验证的表单登录”,我以前做过sharepoint2007的,网上也有不少文章都是针对sharepoint 2007,这次整理了下sharepoint 2010配置,供大家相互学习。
废话不多说以下是要修改的地方
1、网站集的web.config
地址:C:\inetpub\wwwroot\wss\VirtualDirectories\80
<!--根节点添加--> <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://myAD.ad/DC=myAD,DC=ad" /> </connectionStrings>
<!--system.web中找到membership节点--> <membership defaultProvider="i"> <providers> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <!-- ADMembership--> <add name="ADMembership" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName" /> </providers> </membership> <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <!-- ADMembership--> <add name="roleManager" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="sinopec.ad" port="389" useSSL="false" groupContainer="DC=sinopec,DC=ad" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" connectionUsername="myAD\ad01" connectionPassword="pwd123" /> </providers> </roleManager>
2、管理中心的web.config
地址:C:\inetpub\wwwroot\wss\VirtualDirectories\45437(45437是管理中心端口号)
<!--根节点添加--> <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://myAD.ad/DC=myAD,DC=ad" /> </connectionStrings>
<!--system.web中找到membership节点--> <membership defaultProvider="i"> <providers> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <!-- ADMembership--> <add name="ADMembership" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName" /> </providers> </membership> <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <!-- ADMembership--> <add name="roleManager" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="sinopec.ad" port="389" useSSL="false" groupContainer="DC=sinopec,DC=ad" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" connectionUsername="myAD\ad01" connectionPassword="pwd123" /> </providers> </roleManager>
3、SecurityTokenServiceApplication的web.config
地址:C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken
不清楚SecurityTokenServiceApplication位置的人可以按照下面的图找到它
添加如下代码:
<connectionStrings> <add name="ADConnectionString" connectionString="LDAP://myAD.ad/DC=myAD,DC=ad" /> </connectionStrings> <system.web> <!-- ADMembership--> <membership> <providers> <!-- ADMembership--> <add name="ADMembership" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName" /> <!-- ADMembership--> </providers> </membership> <roleManager enabled ="true" > <providers> <add name="roleManager" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="my.ad" port="389" useSSL="false" groupContainer="DC=myAD,DC=ad" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" connectionUsername="myAD\ad01" connectionPassword="pwd123" /> <!-- ADMembership--> </providers> </roleManager> </system.web>
4、在管理中心修改身份验证提供程序
这里需要提醒各位如果(FBA)为不可用为灰色那么可能需要重新创建如下图的网站集(基于声明的身份验证),
我是备份原来网站集后删除重新生成还原的。。。。(郁闷下)
欢迎大家来Moss技术交流群来做技术交流:群号:69022156
浙公网安备 33010602011771号