Click Save when you are done and close the Authentication Providers dialog.. On the Select a Setup Option dialog, shown in Figure 9-11, select the Configure SQL Server for application se
Trang 1configuring Forms‑based Authentication
Using the following instructions, you will enable FBA for your existing claims-enabled website so that both Windows Integrated and FBA are being used
enable fBa
Follow these steps to enable FBA:
1 Navigate to the Web Applications Management page, select your claims-enabled web appli-cation and click on the Authentiappli-cation Providers button in the Ribbon
2 Click the Default link in the Authentication Providers dialog window Scroll down in Edit Authentication dialog until you reach the Claims Authentication Types section Enable FBA and add names for the ASP.NET membership provider and the role manager You can choose your own names or use SQLMembershipProvider and SQLRoleManager Click Save when you are done and close the Authentication Providers dialog Remember the names that you have chosen because you will need to refer to them in the web.config file Also, keep in mind that these names are case sensitive
install and Configure the sQl server Database
The next step is to create and configure a SQL Server database that will be used for FBA:
1 Open Windows Explorer and navigate to C:\Windows\Microsoft Net\Framework64\ v2.0.50727 Locate the aspnet_regsql.exe application and execute it This will open the ASP.NET SQL Server Setup wizard, shown in Figure 9-10 Click the Next button
FIguRE 9-10
Trang 22 On the Select a Setup Option dialog, shown in Figure 9-11, select the Configure SQL Server for application services option This should be the default option Then click the Next button
FIguRE 9-11
3 In the Select the Server and Database dialog, shown in Figure 9-12, enter the name of the SQL Server This box should be automatically populated; if not, then enter the proper value for your installation Use Windows Authentication and accept the default name for the data-base, which will be aspnetdb Click Next
FIguRE 9-12
Trang 34 Verify that your settings are correct on the Confirm Your Settings page and click the Next button Once the database has been created, you should receive confirmation, as shown in Figure 9-13 Click the Finish button
FIguRE 9-13
5 Open SQL Server Management Studio and confirm that the aspnetdb database has been created
6 Now you can populate the SQL Server database with user information using an applica-tion on CodePlex called MembershipSeeder (http://cks.codeplex.com/releases/ view/7450#DownloadId=19598) You can proceed with the configuration without using the MembershipSeeder application but you will have to manually add users to the aspnetdb tables
This completes the database installation
Configure the Membership and role Manager
The next set of steps configures the membership and role manager, which requires modifying three different web.config files: for the web application, for the Central Administration website, and for the STS:
1 Open IIS Manager by typing INETMGR at a command prompt Locate the claims-enabled
website and select it Click the Explore option in the Actions section on the right-hand side of the page
2 Locate the web.config file in the directory Make a copy of the original file and store the copy
in the same location as the original When you make a copy it should automatically assign it a different name compared to the original
Trang 4You should never modify any original SharePoint fi les without fi rst making a
copy If for whatever reason you make a mistake or things don’t work correctly,
you can always go back to the original confi guration using the copy.
3 Open the original web.config fi le in a text editor of your choice and locate the
</SharePoint> element It should appear immediately before the <system.web> element
4 Add the following XML to the web.config fi le between the </SharePoint> and
<system.web> elements This information enables the connectivity to the SQL Server
database aspnetdb
The code in these instructions is available for download on this book’s website
at Wrox.com.
<connectionStrings>
<add name=”SQLConnectionString” connectionString=”data source=SQL;
Integrated Security=SSPI;Initial Catalog=aspnetdb” />
</connectionStrings>
Code fi le Chapter09_code.txt
5 The next step is to add the membership provider and the role manager confi guration infor-mation Locate the <membership defaultProvider=”i”> element and add the following information to the <providers> element:
<add connectionStringName=”SQLConnectionString” passwordAttemptWindow=”5” enablePasswordRetrieval=”false” enablePasswordReset=”false”
requiresQuestionAndAnswer=”true” applicationName=”/”
requiresUniqueEmail=”true” passwordFormat=”Hashed” description=”Stores
and retrieves membership data from SQL Server”
name=”SQLMembershipProvider”
type=”System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
6 Locate the <roleManager defaultProvider=”c” enabled=”true”
cacheRolesInCookie=”false”> element, insert the following text into the <providers>
element, and then save and close the web.config fi le:
<add connectionStringName=”SQLConnectionString” applicationName=”/”
description=”Stores and retrieves roles from SQL Server”
name=”SQLRoleManager” type=”System.Web.Security.SqlRoleProvider,
System.Web, Version=2.0.3600.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a” />
Trang 57 To modify the web.config file of the Central Administration web application, add the con-nection string information to the web.config file for the Central Administration web site just like you did in steps 1–4:
<connectionStrings>
<add name=”SQLConnectionString” connectionString=”data source=SQL;
Integrated Security=SSPI;Initial Catalog=aspnetdb” />
</connectionStrings>
8 Locate the <system.web> element and add the following information:
<roleManager defaultProvider=”AspNetWindowsTokenRoleProvider” enabled=”true” cacheRolesInCookie=”false”>
<providers>
<add connectionStringName=”SQLConnectionString” applicationName=”/”
description=”Stores and retrieves roles from SQL Server”
name=”SQLRoleManager” type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</roleManager>
9 Insert the following code immediately after the <roleManager> code entered earlier in step 8, and then save and close the web.config file:
<membership defaultProvider=”SQLMembershipProvider”>
<providers>
<add connectionStringName=”SQLConnectionString” passwordAttemptWindow=”5” enablePasswordRetrieval=”false” enablePasswordReset=”false”
requiresQuestionAndAnswer=”true” applicationName=”/”
requiresUniqueEmail=”true” passwordFormat=”Hashed” description=”Stores and retrieves membership data from SQL Server”
name=”SQLMembershipProvider”
type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</membership>
10 The final web.config file to be modified is the STS web.config file Expand the SharePoint Web Services website in IIS Manager and select the SecurityTokenServiceApplication site
11 Locate the web.config file and make a copy as you did previously
12 Insert the following code into the web.config file before the </configuration> element, and then save and close the web.config file:
<connectionStrings>
<add name=”SQLConnectionString” connectionString=”data source=SQL;
Integrated Security=SSPI;Initial Catalog=aspnetdb” />
</connectionStrings>
<system.web>
<roleManager defaultProvider=”c” enabled=”true” cacheRolesInCookie=”false”>
<providers>
Trang 6<add name=”c” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuth RoleProvider,
Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c” />
<add connectionStringName=”SQLConnectionString” applicationName=”/”
description=”Stores and retrieves roles from SQL Server”
name=”SQLRoleManager” type=”System.Web.Security.SqlRoleProvider,
System.Web, Version=2.0.3600.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</roleManager>
<membership defaultProvider=”i”>
<providers>
<add name=”i” type=”Microsoft.SharePoint.Administration.Claims
.SPClaimsAuthMembershipProvider, Microsoft.SharePoint,
Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
<add connectionStringName=”SQLConnectionString” passwordAttemptWindow=”5” enablePasswordRetrieval=”false” enablePasswordReset=”false”
requiresQuestionAndAnswer=”true” applicationName=”/”
requiresUniqueEmail=”true” passwordFormat=”Hashed” description=”Stores
and retrieves membership data from SQL Server”
name=”SQLMembershipProvider”
type=”System.Web.Security.SqlMembershipProvider,
System.Web, Version=2.0.3600.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</membership>
</system.web>
13 The final steps in the process involve assigning permissions for users in the SQL Server data-base First, navigate to the Manage Web Applications page in Central Administration
14 Select your claims-enabled web application and click the User Policy button in the Ribbon You should see the Policy for Web Application dialog, shown in Figure 9-14
FIguRE 9-14
15 Click the Add Users link, which will reveal the Add Users dialog Choose the Default zone in the Zones drop-down menu, and then click the Next button
Trang 716 On the Add Users dialog, add the administrator account and assign Full Control, as shown in Figure 9-15 Click Finish, and then click OK to close the Policy for Web Application dialog
FIguRE 9-15
17 It’s time to test the application Navigate to your top-level site in your claims-enabled web application An example is shown in Figure 9-16
FIguRE 9-16
Trang 818 If you enabled anonymous access, you should see the Sign In link at the top, upper-right side
of the page Click the Sign In link to display the Sign In dialog, shown in Figure 9-17
FIguRE 9-17
19 You need to choose which authentication method to use, as the website has two different methods configured Choose Windows Authentication to sign in to the application
20 Finally, log out of the application so that you can sign in again using FBA The MembershipSeeder tool was used to add a user to the database for testing purposes If you populated the aspnetdb with user information, then you can proceed to test the login
21 Click the Sign In link and choose the Forms Authentication option to log in You should be prompted with the Sign In dialog shown in Figure 9-18
FIguRE 9-18
22 Enter the username and password for the user and click the Sign In button You should be directed to your top-level site once authenticated
At this point, you have successfully configured a web application with two different methods of authentication For those SharePoint 2007 websites that were FBA-enabled, you will have to convert them to using CBA using the steps outlined in the exercise after you upgrade them to SharePoint 2010
Trang 9Claims-based authentication is a new and powerful addition to SharePoint It provides the capability
to unify the authentication process and deliver single sign-on across applications in the enterprise,
as well as between organizations and in the cloud Because it is based on open standards and proto-cols, it is not Microsoft-centric As a SharePoint administrator, you will discover that CBA provides capabilities that previously did not exist