Sharepoint 2016 配置FBA(二) 编辑Web,config文件
2024-10-11 11:43:03
使FBA生效,下一步在Sharepoint中设置Membership Provider,一个Membership Provider是一个从程序到任证库(credential store)的接口。这样允许同一个程序工作在多种不同的存储认证。举例来说,可以使用LDAPMembership在Active Directory上认证或者SQLMembershipProvider在SQL Server上认证。这个例子使用的是Sql Server
修改任何.config文件前,备份一下。
备份然后打开web.config。
在</SharePoint>和<system.web>之间<connectionStrings></connectionStrings> 节, 增加一行,Server需要改成实际的服务器名。
<add connectionString="Server=win-h472cerv001;Database=aspnetdb;Integrated Security=true" name="FBADB" />
在 <membership><providers> 节,增加一下配置
<add name="FBAMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="FBADB"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
可以自定义每个选项,最重要的是,如果多处的MembershipProvider使用同一个数据库,它们的配置必须相同。否则会出现各种问题,在创建用户时是一些配置,在用户登录时是另一些不同的配置。
| Option | Description |
|---|---|
| connectionStringName | The name of the database connection to the aspnetdb database. |
| enablePasswordRetrieval | true/false. Whether the user’s password can be retrieved. I suggest setting this to false for security purposes. |
| enablePasswordReset | true/false. Whether the user can reset their password. I suggest setting this to true. |
| requiresQuestionAndAnswer | true/false. Whether accounts also have a question and answer associated with them. The answer must be provided when resetting the password. I suggest setting this to false, as setting it to true prevents an administrator from resetting the user’s password. |
| applicationName | Setting the application name allows you to share a single membership database with multiple different applications, with each having their own distinct set of users. The default applicationName is /. |
| requiresUniqueEmail | true/false. Determines if multiple users can share the same email address. I suggest setting this to false, in case you ever want to implement a login by email system. |
| passwordFormat | Clear, Hashed or Encrypted. Clear stores the password in the database as plain text, so anybody with access to the database can read the user’s password. Encrypted encrypts the user’s password, so although the password isn’t human readable in the database, it can still be decrypted and the user’s actual password retrieved. Hashed stores a one way hash of the password. When a user authenticates, the password they enter is hashed as well and matched against the stored hashed value. Using this method, the user’s password can never be retrieved (even if your database is stolen), only reset. I always recommend using “Hashed” as it is the most secure way of storing the user’s password. |
| maxInvalidPasswordAttempts | The number of times in a row that a user can enter an invalid password, within the passwordAttemptWindow, before the user’s account is locked out. Defaults to 5. |
| passwordAttemptWindow | The number of minutes before the invalid password counter is reset. Defaults to 10. |
| minRequiredPasswordLength | The minimum password length. Defaults to 7. |
| minRequiredNonalphanumericCharacters | The minimum number of non-alphanumeric characters required in the password. Defaults to 1. |
| passwordStrengthRegularExpression | A regular expression that can be used to validate the complexity of the password. |
在 <roleManager><providers> 节:
<add name="FBARoleProvider" connectionStringName="FBADB" applicationName="/"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
Sharepoint Central Administration和SecurityTokenService也需要配置,在IIS中找到Sharepoint Web Services,点开,确认 SecurityTokenService的Web.config的位置。
在</configuration>前,粘贴以下内容
<system.web>
<membership>
<providers>
<add name="FBAMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="FBADB"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
<roleManager>
<providers>
<add name="FBARoleProvider" connectionStringName="FBADB" applicationName="/"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
</system.web>
保存web.config。
最新文章
- 在Application中集成Microsoft Translator服务之开发前准备
- centos6.7安装Redis
- php生成网页桌面快捷方式
- [转] Autofac创建实例的方法总结
- cornerstone的简单使用
- RANSAC和Flitline
- C++11 实现 argsort
- matlab读取指定路径下的图像
- shell 求总分
- HTML-标签:图片 超链接
- MySQL创建用户与授权(CentOS6.5)
- maven在Idea建立工程,运行出现Server IPC version 9 cannot communicate with client version 4错误
- [Redis]Redis高级特性的配置及使用
- 视觉和imu融合的算法研究
- noip之后的一些感受
- QT 读取txt文件的几种方法
- 一起来给iOS 11找bug: 苹果还是乔布斯时代的细节控吗?
- 转:使用 Go-Ethereum 1.7.2搭建以太坊私有链
- 利用CPaintDC::IntersectClipRect将绘图限制在局部区域
- java将doc文件转换为pdf文件的三种方法