【原创】在sharepoint中使用FBA验证登录 MemberShip

最新推荐文章于 2016-07-14 14:04:57 发布
转载 最新推荐文章于 2016-07-14 14:04:57 发布 · 293 阅读 · 0 ·
CC 4.0 BY-SA版权
原文链接:http://www.cnblogs.com/landun/archive/2012/12/03/2799246.html
文章标签:

#javascript #c# #ui #ViewUI

第一步:新建FBA验证的站点

 

第二步:配置Web Config

  需要配置3处的web.config,分别为配置站点的web.config,管理中心网站,SecurityToken 

  1.SecurityToken (路径:"C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken\web.config")

    可能需要手动添加<system.web>节,配置如下:

View Code 
 1 <membership defaultProvider="i">
 2       <providers>
 3         <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlServices" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Encrypted" applicationName="ParentPortal" requiresUniqueEmail="true" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" />
 4       </providers>
 5     </membership>
 6     <roleManager defaultProvider="c">
 7       <providers>
 8         <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlServices" />
 9       </providers>
10     </roleManager>

    添加<connectionStrings>:

1 <add name="SqlServices" connectionString="Server=your server;Database=your database;User ID=your user id;Password=your password" />

    从当前站点的web.config处拷贝<machineKey>节,放置于<system.web>节下。

    如果需在页面显示错误信息,在<system.serviceModel> --> <behaviors> --> <serviceBehaviors>下添加:

1 <serviceDebug includeExceptionDetailInFaults="True" httpHelpPageEnabled="True" />

  2.配置站点的web.config

    在<system.web>节,添加如下配置:

View Code 
 1 <membership defaultProvider="i">
 2       <providers>
 3         <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
 4         <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlServices" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Encrypted" applicationName="ParentPortal" requiresUniqueEmail="true" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" />
 5       </providers>
 6     </membership>
 7     <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
 8       <providers>
 9         <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
10         <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlServices" />
11       </providers>
12     </roleManager>

    添加<connectionStrings>,字符串与1中相同

  3.配置管理中心的web.config

    在<system.web>节,添加如下配置:

View Code 
 1 <roleManager defaultProvider="AspNetWindowsTokenRoleProvider">
 2       <providers>
 3         <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlServices" />
 4       </providers>
 5     </roleManager>
 6     <membership defaultProvider="AspNetSqlMembershipProvider">
 7       <providers>
 8         <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlServices" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Encrypted" applicationName="ParentPortal" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" />
 9       </providers>
10     </membership>

    添加<connectionStrings>,字符串与1中相同

  membership配置说明参考:http://msdn.microsoft.com/zh-cn/library/vstudio/a28ctsa5.aspx

  常见问题:

  1. 如果需要密码找回功能,需要设置enablePasswordRetrieval为true且passwordFormat设置为Encrypted或Clear
  2. 如果需要密码重置功能,需要设置enablePasswordReset为true
  3. 如果需要根据密码提示问题和答案找回密码,需要设置requiresQuestionAndAnswer为true且passwordFormat设置为Encrypted或Clear
  4. minRequiredPasswordLength:最少密码长度,默认为7
  5. minRequiredNonalphanumericCharacters:密码最少包含的特殊字符数,默认为1

第三步:创建登录页面

  1.创建一个aspx页面(样式自行定义)

View Code 
 1 <%@ Assembly Name="$SharePoint.Project.AssemblyFullName$" %>
 2 <%@ Assembly Name="Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
 3 <%@ Assembly Name="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
 4 <%@ Import Namespace="Microsoft.SharePoint.WebControls" %>
 5 <%@ Register TagPrefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls"
 6     Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
 7 <%@ Register TagPrefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
 8 <%@ Import Namespace="Microsoft.SharePoint" %>
 9 <%@ Assembly Name="Microsoft.Web.CommandUI, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
10 
11 <%@ Page Language="C#" AutoEventWireup="true" Inherits="MemberShipLogon.FormsSignInPage"
12     MasterPageFile="~/_layouts/simple.master" %>
13 
14 <asp:Content ID="Content1" ContentPlaceHolderID="PlaceHolderPageTitle" runat="server">
15     <SharePoint:EncodedLiteral runat="server" EncodeMethod="HtmlEncode" ID="ClaimsFormsPageTitle" />
16 </asp:Content>
17 <asp:Content ID="Content2" ContentPlaceHolderID="PlaceHolderPageTitleInTitleArea"
18     runat="server">
19     <SharePoint:EncodedLiteral runat="server" EncodeMethod="HtmlEncode" ID="ClaimsFormsPageTitleInTitleArea" />
20 </asp:Content>
21 <asp:Content ID="Content3" ContentPlaceHolderID="PlaceHolderSiteName" runat="server" />
22 <asp:Content ID="Content4" ContentPlaceHolderID="PlaceHolderMain" runat="server">
23     <div id="SslWarning" style="color: red; display: none">
24         <SharePoint:EncodedLiteral runat="server" EncodeMethod="HtmlEncode" ID="ClaimsFormsPageMessage" />
25     </div>
26     <script language="javascript" type="text/javascript">
27         // if (document.location.protocol != 'https:') {
28         var SslWarning = document.getElementById('SslWarning');
29         SslWarning.style.display = '';
30         // }
31     </script>
32     <asp:Login ID="loginControl" FailureText="<%$Resources:wss,login_pageFailureText%>"
33         runat="server" Width="100%" OnLoggingIn="signInControl_LoggingIn" OnAuthenticate="signInControl_Authenticate">
34         <LayoutTemplate>
35             <strong>*</strong>
36             <label>Username:</label>
37             <asp:TextBox ID="UserName" autocomplete="off" runat="server" />
38             <strong>*</strong>
39             <label>Password:</label>
40             <asp:TextBox ID="Password" TextMode="Password" autocomplete="off" runat="server"/>
41             <asp:CheckBox ID="RememberMe" runat="server" CssClass="checkBox" />
42             <span>Sign me in automatically</span>
43             <asp:Label ID="FailureText" class="ms-error" runat="server" />
44             <asp:Button ID="login" CommandName="Login" Text="Log In" runat="server" />
45             <asp:Button ID="btnCancel" Text="Cancel" runat="server" />
46         </LayoutTemplate>
47     </asp:Login>
48 </asp:Content>
49

  2.代码

View Code 
 1 using System;
 2 using System.Collections.Generic;
 3 using System.Linq;
 4 using System.Web;
 5 using System.Web.UI;
 6 using System.Web.UI.WebControls;
 7 using LoginControl = System.Web.UI.WebControls.Login;
 8 using System.Security;
 9 using Microsoft.SharePoint;
10 using Microsoft.SharePoint.WebControls;
11 using Microsoft.SharePoint.IdentityModel;
12 using Microsoft.SharePoint.IdentityModel.Pages;
13 using System.IdentityModel.Tokens;
14 using Microsoft.SharePoint.Administration;
15 using System.Web.Security;
16 using Microsoft.SharePoint.Utilities;
17 
18 namespace MemberShipLogon
19 {
20     public partial class FormsSignInPage : IdentityModelSignInPageBase
21     {
22         protected void Page_Load(object sender, EventArgs e)
23         {
24             ClaimsFormsPageMessage.Text = "";
25             loginControl.Focus();
26         }
27 
28         protected void signInControl_LoggingIn(object sender, LoginCancelEventArgs e)
29         {
30             LoginControl login = sender as LoginControl;
31             login.UserName = login.UserName.Trim();
32             if (string.IsNullOrEmpty(login.UserName))
33             {
34                 ClaimsFormsPageMessage.Text = "The server could not sign you in. The user name cannot be empty.";
35                 e.Cancel = true;
36             }
37         }
38 
39         private void EstablishSessionWithToken(SecurityToken securityToken)
40         {
41             if (null == securityToken)
42             {
43                 throw new ArgumentNullException("securityToken");
44             }
45             SPFederationAuthenticationModule fam = SPFederationAuthenticationModule.Current;
46             if (null == fam)
47             {
48                 throw new ArgumentException(null, "FederationAuthenticationModule");
49             }
50             fam.SetPrincipalAndWriteSessionToken(securityToken);
51         }
52 
53         protected void signInControl_Authenticate(object sender, AuthenticateEventArgs e)
54         {
55             SecurityToken token = null;
56             LoginControl formsLoginControl = sender as LoginControl;
57 
58             if (null != (token = GetSecurityToken(formsLoginControl)))
59             {
60                 EstablishSessionWithToken(token);
61                 e.Authenticated = true;
62                 base.RedirectToSuccessUrl();
63             }
64         }
65 
66         private SPIisSettings IisSettings
67         {
68             get
69             {
70                 SPWebApplication webApp = SPWebApplication.Lookup(new Uri(SPContext.Current.Web.Url));
71                 SPIisSettings settings = webApp.IisSettings[SPUrlZone.Default];
72                 return settings;
73             }
74         }
75 
76         private SecurityToken GetSecurityToken(LoginControl formsLoginControl)
77         {
78             SecurityToken token = null;
79             SPIisSettings iisSettings = IisSettings;
80             Uri appliesTo = base.AppliesTo;
81 
82             if (string.IsNullOrEmpty(formsLoginControl.UserName) ||
83                 string.IsNullOrEmpty(formsLoginControl.Password))
84                 return null;
85 
86             SPFormsAuthenticationProvider authProvider = iisSettings.FormsClaimsAuthenticationProvider;
87             token = SPSecurityContext.SecurityTokenForFormsAuthentication(
88                 appliesTo,
89                 authProvider.MembershipProvider,
90                 authProvider.RoleProvider,
91                 formsLoginControl.UserName,
92                 formsLoginControl.Password);
93 
94             return token;
95         }
96 
97     }
98 }

补充:

  1.注册  

View Code 
 1 MembershipCreateStatus status = new MembershipCreateStatus();
 2 
 3 newUser = Membership.CreateUser(username, password, email, question, answer, true, out status);
 4 
 5 if (newUser == null)
 6                     {
 7                         lblErrorMessage.Text = GetErrorMessage(status);
 8                         lblErrorMessage.Visible = true;
 9                     }
10 public string GetErrorMessage(MembershipCreateStatus status)
11         {
12             switch (status)
13             {
14                 case MembershipCreateStatus.DuplicateUserName:
15                     return "Username already exists. Please enter a different user name.";
16 
17                 case MembershipCreateStatus.DuplicateEmail:
18                     return "A username for that e-mail address already exists. Please enter a different e-mail address.";
19 
20                 case MembershipCreateStatus.InvalidPassword:
21                     return "The password provided is invalid. Please enter a valid password value.";
22 
23                 case MembershipCreateStatus.InvalidEmail:
24                     return "The e-mail address provided is invalid. Please check the value and try again.";
25 
26                 case MembershipCreateStatus.InvalidAnswer:
27                     return "The password retrieval answer provided is invalid. Please check the value and try again.";
28 
29                 case MembershipCreateStatus.InvalidQuestion:
30                     return "The password retrieval question provided is invalid. Please check the value and try again.";
31 
32                 case MembershipCreateStatus.InvalidUserName:
33                     return "The user name provided is invalid. Please check the value and try again.";
34 
35                 case MembershipCreateStatus.ProviderError:
36                     return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
37 
38                 case MembershipCreateStatus.UserRejected:
39                     return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
40 
41                 default:
42                     return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
43             }
44         }

  2.找回密码

MembershipProvider provide = Membership.Providers["your membership provider"];
MembershipUser user = provide.GetUser(username, false);
password = user.GetPassword(answer);

  3.修改密码

1 user.ChangePassword(oldPassword, newPassword)

  4.生成passwordSalt

1 internal string GenerateSalt()
2         {
3             byte[] data = new byte[0x10];
4             new RNGCryptoServiceProvider().GetBytes(data);
5             return Convert.ToBase64String(data);
6         }

  waiting...

转载于:https://www.cnblogs.com/landun/archive/2012/12/03/2799246.html

SharePoint 2013混合模式登陆中 使用 自定义登陆页
weixin_34279061的博客
12-21 156
接前一篇博客《SharePoint 2013自定义Providers在基于表单的身份验证(Forms-Based-Authentication)中的应用》,当实现混合模式登陆后,接着我们就应该自定义SignIn Page。因为默认的登陆页面实在是太丑了。 回顾 当为SharePoint 2013 WebApplication配置了以混合模式FBA Authentication和Win...
SharePoint 2013 基于数据库的表单认证FBA,并添加注册界面
...
07-12 3988
SharePoint
SharePoint 2010 Claims-Based Authentication(MemberShip Provider)
weixin_30507481的博客
09-28 161
Create a New SharePoint Application Instead of screwing with your existing application, let’s create a new one so we can safely play. Open Central Administration (make sure that you are running Inte...
Sharepoint 2010 Form 身份认证的实现(基于AD)
热门推荐
08-06 1万+
写之前,我发下感慨,我为了弄这个from认证花费了4天时间,而且每天都熬夜2点才睡觉,最后还是在和 foley 讨论下才真正成功实现了,这里form认证和2007不一样,它的用户是存在AD里面的,所以需要域服务器,外国的文章和MSND上也只提供了这种方式,现在我也没法实现2007那种SQL数据库保存用户的方法,因为在登录的时候会爆一个很BT得错误(经过多方努力,终于找到文档实现SQL保存用户了),...
SharePoint 2010中的FBA创建自定义登录页面
weixin_34205826的博客
04-15 183
SharePoint 2010中的FBA创建自定义登录页面 本文英文版在这里。 SharePoint 2010中默认的FBA登录页面非常简单,只提供了一个Asp.Net的Login控件,让用户输入用户名和密码。在大多数情况下,我们需要定制这个页面以满足一些安全需求,比如为登录页面加上验证码等等。 由于SharePoint 2010里的FBA已经变成了基于Claims认证的方式,因此在...
SharePoint 2010自定义表单登录的实现与FBA应用
SharePoint 2010中实现FBA时,还需要修改web.config文件以包含配置FBA所需的设置,包括指定身份验证提供者、安全存储配置、登录页面路径等。 6. **FormsSignInPage**: 在题目中提到的“FormsSignInPage”是...
SharePoint FBA设置:数据库与用户信息管理教程
本文档详细介绍了如何在SharePoint环境中设置ASP.NET Forms Authentication(FBA)的相关技术。FBA是Windows身份验证的一种实现方式,用于在Web应用程序中验证用户的凭据和角色信息。以下是文档的主要内容概要: 1....
FBA setting.docx
06-11
本文档详细阐述了在SharePoint环境中搭建FBA的过程,包括创建存储用户信息的数据库、配置Membership和Role提供程序,以及使用ASP.NET配置向导创建和管理用户。通过这些步骤,可以实现一个基于表单的身份验证系统,使...
SharePoint 开发实录:3,SSO不同解决方案
03-26
3. **配置Web应用程序**:在SharePoint Central Administration中,为Web应用程序启用FBA,并指定使用membership provider和role provider。 4. **配置IIS**:在IIS中,为SharePoint站点设置相应的身份验证模式,...
MOSS2010表单验证和Windows验证同时支持的配置方法
02-26
SharePoint 2010(MOSS 2010)环境中,有时我们需要同时支持两种身份验证方式:表单验证(Form-Based Authentication, FBA)和Windows验证,以满足不同用户群体的需求。以下是如何配置MOSS 2010以实现这两种验证...
SharePoint 2010』Sharepoint 2010 Form 身份认证的实现(基于AD)
weixin_34115824的博客
11-30 130
一。进管理中心,创建一个应用程序,配置如下:                                                    二。填端口号,和选择form身份认证,以及填写成员和角色,其他都默认就可以了       三。使用SharePoint 2010 Management Shell在里面填写下面的代码 ...
【转】SharePoint 2010 内置字段名/GUID 大全
weixin_30412013的博客
05-10 1500
【更新:原文字段清单全拷贝过来了。】这个 SharePoint Internal Field Names – SharePoint 2010 解决大问题了,每次找内置字段名和GUID 都很麻烦,这个列表提供了汇总清单,以后查找就方便多了。这份清单列出了每个内置字段的 Title (取字段值需要)、GUID (取字段对象需要)、Internal Name(CAML 需要)。 比如,下面的例子取任务...
利用脚本和命令绕过系统权限添加账号
weixin_30488313的博客
08-31 131
有时候一些人对服务器的添加用户的NET和NET1权限做了限制,让很多菜鸟朋友们望而止步。其实个人感觉遇到这个问题都很容易解决的,在此我也共享出我的方法给大家。 cmd命令删除net和net1文件。一般删除之后系统会自动恢复文件,恢复的时候权限是系统重新默认的。大家就可以引用下面这段命令 1:del C:\WINDOWS\system32\net.exe 2:del C:\WINDO...
SharePoint 2010 和AD LDS的集成
weixin_33804582的博客
06-24 166
前提: 1、SharePoint 2010和AD LDS已安装 2、假设需要和AD LDS集成的Web Application为 http://server-01/ 集成概要: 1、把Web application http://server-01/ 的身份验证类型设为启用基于窗体的身份验证(FBA) 2、修改SharePoint Central Administ...
SharePoint 2010基于Ad登陆的方法
段传涛 的专栏
11-25 1183
1)打开管理中心---管理 Web 应用程序,此时你可以点击Ribbon菜单中的新建,来新建一个新的Web应用程序,将其配置成Form登陆模式。点击新建后,进行如下配置: 1。验证选择基于声明的身份验证,如下图: 2.声明身份验证类型,这里启用基于窗体的身份验证(FBA),注意成员身份提供程序名填:ADMembership;角色管理器名称:roleManager 完成以上配置后,点击
SharePoint 2013 基于AD的表单认证
...
06-28 2795
SharePoint
登陆不上账号 ,可以用关联账号登陆
weixin_34250709的博客
02-21 234
转载于:https://blog.51cto.com/552422934/1361518
SharePoint 2010中使用表单认证
weixin_30906671的博客
07-04 134
在WSS 3.0或MOSS 2007中如果要同时使用Windows集成认证和窗体认证,必须扩展已有的Web Application到另一个端口,然后为不同的区域各自选择认证方式。这是个不错的方案,但仍然有以下问题, 两者本质上是两个独立的网站,依赖于同一个内容数据据。一些自定义内容需要被部署两次,例如自定义Web Part。 两者的URL不同 SharePoint 2010基于声明的...
SharePoint 2013 ADFS 跳回错误解决方法。
段传涛 的专栏
07-14 2460
SharePoint 2013 ADFS 跳回错误解决方法。 AD FS 配置成功之后,当你录入你的SharePoint 页面时,会自动跳转到你的AD FS定义的页面。 录入用户名和密码之后出现如下错误。 按照上图,修改Config 文件,错误原型毕露。 “/”应用程序中的服务器错误。 PartialChain: 无法建立到信任根颁发机构的证书链。 Revoca
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值