1)打开管理中心---管理 Web 应用程序,此时你可以点击Ribbon菜单中的新建,来新建一个新的Web应用程序,将其配置成Form登陆模式。点击新建后,进行如下配置:
1。验证选择基于声明的身份验证,如下图:
2.声明身份验证类型,这里启用基于窗体的身份验证(FBA),注意成员身份提供程序名填:ADMembership;角色管理器名称:roleManager
完成以上配置后,点击确定。然后根据要求在此web应用程序里新建一个站点集,我的站点集url是:http://win-20110701:82/
2)开始--所有程序---Microsoft SharePoint 2010 Products---SharePoint 2010 Management Shell,打开sharepoint shell.输入以下命令:
$webApp = Get-SPWebApplication "http://win-20110701:82/"
$webApp.UseClaimsAuthentication = 1;
$webApp.Update()
$webApp.ProvisionGlobally()
$webApp = Get-SPWebApplication "http://win-20110701:82/"
$webApp.MigrateUsers($True)
注意:输入一行语句后,就按Enter,依次完成上述6条语句的输入。另外将上面的http://win-20110701:82/换成你自己的站点集url。最后效果如下图(注意截图是我网上找的):
3)打开IIS(运行里输入inetmgr 然后回车即可)
1.修改管理中的Web.config,在iis里找到管理中心对应的站点,右击选择浏览,如下图:
注意,修改前备份该Web.config。在里面找到<system.web></system.web>节点,将对应的节点修改成如下内容:
<!--********************roleManager********************-->
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled ="true">
<providers>
<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="WIN-20110701.jj.com"
port="389"
useSSL="false"
groupContainer="DC=jj,DC=com"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree"
connectionUsername="jj\administrator"
connectionPassword="123abc.."/>
</providers>
</roleManager>
<!--********************membership***********************-->
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<!-- ADMembership-->
<add name="ADMembership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="WIN-20110701.jj.com"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="CN=Users,DC=jj,DC=com"
userObjectClass="person"
userFilter="(&(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn"
connectionUsername="jj\administrator"
connectionPassword="123abc.." />
<!-- ADMembership-->
</providers>
</membership >
注意:红色的内容应该换成你自己的内容。我的主机名是WIN-20110701,因为就一台电脑,所以域也安装在此电脑上了。域名是jj.com
域管理员是jj\administrator,密码是123abc..另外,如果你的域名是xx.com.cn类似这样的,如下:
你可以改成userContainer="CN=Users,DC=xx,DC=com,cn"
2.修改http://win-20110701:82/站点对应的webconfig,同上一样,还是在iis里右击对应的站点,选择浏览.(修改前注意备份)。找到<system.web></system.web>,配置如下:
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<!-- ADMembership-->
<add name="ADMembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="WIN-20110701.jj.com"
port="389" useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="CN=Users,DC=jj,DC=com"
userObjectClass="person"
userFilter="(&(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn"
connectionUsername="jj\administrator"
connectionPassword="123abc.." />
<!-- ADMembership-->
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<!-- ADMembership-->
<add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="WIN-20110701.jj.com"
port="389"
useSSL="false"
groupContainer="DC=jj,DC=com"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree"
connectionUsername="jj\administrator"
connectionPassword="123abc.." />
<!-- ADMembership-->
</providers>
</roleManager>
注意替换红色的部分,原理同修改管理中心webconfig一样。
3.配置SecurityTokenServiceApplication站点的web.config。
添加如下节点:
<system.web>
<!-- ADMembership-->
<membership>
<providers>
<!-- ADMembership-->
<add name="ADMembership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="WIN-20110701.jj.com"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="CN=Users,DC=jj,DC=com"
userObjectClass="person"
userFilter="(&(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn"
connectionUsername="jj\administrator"
connectionPassword="123abc.." />
<!-- ADMembership-->
</providers>
</membership>
<roleManager enabled ="true" >
<providers>
<!-- ADMembership-->
<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="WIN-20110701.jj.com"
port="389"
useSSL="false"
groupContainer="DC=jj,DC=com"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree"
connectionUsername="jj\administrator"
connectionPassword="123abc.." />
<!-- ADMembership-->
</providers>
</roleManager>
<!-- ADMembership-->
</system.web>
注意用你自己的内容替换上面的。这里就不红色标注了。