使FBA生效,下一步在Sharepoint中设置Membership Provider,一个Membership Provider是一个从程序到任证库(credential store)的接口。这样允许同一个程序工作在多种不同的存储认证。举例来说,可以使用LDAPMembership在Active Directory上认证或者SQLMembershipProvider在SQL Server上认证。这个例子使用的是Sql Server
修改任何.config文件前,备份一下。
备份然后打开web.config。
在</SharePoint>和<system.web>之间<connectionStrings></connectionStrings> 节, 增加一行,Server需要改成实际的服务器名。
<add connectionString="Server=win-h472cerv001;Database=aspnetdb;Integrated Security=true" name="FBADB" />
在 <membership><providers> 节,增加一下配置
<add name="FBAMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="FBADB"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
可以自定义每个选项,最重要的是,如果多处的MembershipProvider使用同一个数据库,它们的配置必须相同。否则会出现各种问题,在创建用户时是一些配置,在用户登录时是另一些不同的配置。
Option | Description |
---|---|
connectionStringName | The name of the database connection to the aspnetdb database. |
enablePasswordRetrieval | true/false. Whether the user’s password can be retrieved. I suggest setting this to false for security purposes. |
enablePasswordReset | true/false. Whether the user can reset their password. I suggest setting this to true. |
requiresQuestionAndAnswer | true/false. Whether accounts also have a question and answer associated with them. The answer must be provided when resetting the password. I suggest setting this to false, as setting it to true prevents an administrator from resetting the user’s password. |
applicationName | Setting the application name allows you to share a single membership database with multiple different applications, with each having their own distinct set of users. The default applicationName is /. |
requiresUniqueEmail | true/false. Determines if multiple users can share the same email address. I suggest setting this to false, in case you ever want to implement a login by email system. |
passwordFormat | Clear, Hashed or Encrypted. Clear stores the password in the database as plain text, so anybody with access to the database can read the user’s password. Encrypted encrypts the user’s password, so although the password isn’t human readable in the database, it can still be decrypted and the user’s actual password retrieved. Hashed stores a one way hash of the password. When a user authenticates, the password they enter is hashed as well and matched against the stored hashed value. Using this method, the user’s password can never be retrieved (even if your database is stolen), only reset. I always recommend using “Hashed” as it is the most secure way of storing the user’s password. |
maxInvalidPasswordAttempts | The number of times in a row that a user can enter an invalid password, within the passwordAttemptWindow, before the user’s account is locked out. Defaults to 5. |
passwordAttemptWindow | The number of minutes before the invalid password counter is reset. Defaults to 10. |
minRequiredPasswordLength | The minimum password length. Defaults to 7. |
minRequiredNonalphanumericCharacters | The minimum number of non-alphanumeric characters required in the password. Defaults to 1. |
passwordStrengthRegularExpression | A regular expression that can be used to validate the complexity of the password. |
在 <roleManager><providers> 节:
<add name="FBARoleProvider" connectionStringName="FBADB" applicationName="/"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
Sharepoint Central Administration和SecurityTokenService也需要配置,在IIS中找到Sharepoint Web Services,点开,确认 SecurityTokenService的Web.config的位置。
在</configuration>前,粘贴以下内容
<system.web>
<membership>
<providers>
<add name="FBAMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="FBADB"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
<roleManager>
<providers>
<add name="FBARoleProvider" connectionStringName="FBADB" applicationName="/"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
</system.web>
保存web.config。