Introduction and Configuration SharePoint 2013 Forms Based Authentication
2012-12-04 16:43
633 查看
Forms Authentication
Forms-based authentication is an identity management systemthat is based on ASP.NET membership and role provider authentication. To useforms-based authentication to authenticate users
against an identity managementsystem that is not based on Windows or that is external, you must register themembership provider and role manager in the Web.config file.
register and login, then the authentication based AD need to publish the Enterprise AD Server in extranet, this is not security and convenient, and Forms Authentication could resolve it well, So the Forms Based Authentication is the best method.
· The STS calls themembership provider that is associated with that web application, to validatethe user's credentials.
· If this succeeds, theSTS retrieves the roles that the user belongs to and adds these as claims inthe claims-based token that is sent back to the login page.
· From the login page, after the claims-basedtoken is issued, the user is sent back to the request resource.
Note: Ifauthentication is successful, the Web Service will put the credential key inthe Web Services’ cookie, then theauthenticated
user wouldn’t need provide the credential with everyrequest.
In a Form basedSharePoint site, to invoke a Web Service, the user must be authenticated withtheAuthentication.asmx Web Service.The Web Service will return the
objectwhich specifies the authentication status. The Web Service will not generateany exception if the authentication fails; rather the return object
contain the login status. If authentication is successful, then the WebService will put the credential key in the Web Services’ cookie. But to put thecredential to the Web Service’s cookie, we need to initialize the cookiecontainer of the Web Service
(that ships with ASP.NET 2.0). DotNetNuke provides nativesupport for it. We'll just have to copy someweb.config entries, andwe're done. I'll show you that later in this article.
Role Provider: responsible for role management, verifyinguser roles, etc. A role in Forms based authentication is similar to a usergroup in Active Directory. DotNetNuke doesn't
provide native support for SqlRoleProvider(that ships with ASP.NET 2.0), but it does create all stored procedures used byit. The problem is that it does
not populate tables used by SqlRoleProviderwith data from its native role management tables.
· Forms authenticationsupports role-based authorization with role lookup from a data store.
· Forms authenticationis smoothly integrated with the Web user interface.
· ASP.NET provides muchof the infrastructure. Relatively little code is required in comparison toMicrosoft Active Server Pages versions 3.0 and earlier.
· ASP.NET formsauthentication does not require Microsoft Internet Explorer. Formsauthentication supports a wide range of Web browser clients.
· Allows you to defineyour own login and error pages, and create login interfaces that requiresomething other than, or in addition to, the traditional user name and password(such as an
e-mail address or digits of a telephone number.
· The Web Service will putthe credential key in the Web Services’ cookie, then the authenticated userwouldn’t need provide the credential with every request.
· By default, the cookiethat contains the forms authentication ticket is not secured when you use formsauthentication in a Microsoft ASP.NET Web application. You must also make surethat
you help protect the cookie that contains the forms authentication ticket.
Scenario of Forms Authentication
· Allowsyou to define your own login and error pages,andcreate login interfaces that require something other than, or in addition to,the traditional user name
and password (such as an e-mail address or digits ofa telephone number
1. Setting up ASP.NET Forms Authentication User and Role Data Source
Create Database
Configure Membership and Role Provider and Create User
2. Create Web Application and Site Collections
3. Configure Web.Config file
Configuring FBA web application web.config file
Configuring Central Administration web applicationweb.config file
Configuring Security Token Service web.config file
4. Adding User Policy to the FBA Web Application
5. Verification Steps
How to configuration the Forms Based Autentication step by step reference to my blog about the link:/article/8548546.html(configuration
the Forms Based Autentication step by step)
About more infomation to the link: http://msdn.microsoft.com/en-us/library/hh394901(v=office.14).aspx
Forms-based authentication is an identity management systemthat is based on ASP.NET membership and role provider authentication. To useforms-based authentication to authenticate users
against an identity managementsystem that is not based on Windows or that is external, you must register themembership provider and role manager in the Web.config file.
Reason of Using Forms Authentication
Authentication In default, all the membership authentication is based on AD (Active Direction), if the SharePoint Site is publish, it should provideregister and login, then the authentication based AD need to publish the Enterprise AD Server in extranet, this is not security and convenient, and Forms Authentication could resolve it well, So the Forms Based Authentication is the best method.
Principle of Forms Authentication
· The SharePointforms-based login page collects the credentials of the user, which are thensent to the SharePoint 2010 STS.· The STS calls themembership provider that is associated with that web application, to validatethe user's credentials.
· If this succeeds, theSTS retrieves the roles that the user belongs to and adds these as claims inthe claims-based token that is sent back to the login page.
· From the login page, after the claims-basedtoken is issued, the user is sent back to the request resource.
Note: Ifauthentication is successful, the Web Service will put the credential key inthe Web Services’ cookie, then theauthenticated
user wouldn’t need provide the credential with everyrequest.
In a Form basedSharePoint site, to invoke a Web Service, the user must be authenticated withtheAuthentication.asmx Web Service.The Web Service will return the
LoginResult
objectwhich specifies the authentication status. The Web Service will not generateany exception if the authentication fails; rather the return object
LoginResultwill
contain the login status. If authentication is successful, then the WebService will put the credential key in the Web Services’ cookie. But to put thecredential to the Web Service’s cookie, we need to initialize the cookiecontainer of the Web Service
Beside we should understand the follow Provider:
Membership Provider: responsible for verifying user credentials,changing passwords, etc. As a Membership Provider, we'll useSqlMembershipProvider(that ships with ASP.NET 2.0). DotNetNuke provides nativesupport for it. We'll just have to copy someweb.config entries, andwe're done. I'll show you that later in this article.
Role Provider: responsible for role management, verifyinguser roles, etc. A role in Forms based authentication is similar to a usergroup in Active Directory. DotNetNuke doesn't
provide native support for SqlRoleProvider(that ships with ASP.NET 2.0), but it does create all stored procedures used byit. The problem is that it does
not populate tables used by SqlRoleProviderwith data from its native role management tables.
Advantages of Forms Authentication
· Forms authenticationsupports authentication against a custom data store, such as a Microsoft SQLServer database or Active Directory services.· Forms authenticationsupports role-based authorization with role lookup from a data store.
· Forms authenticationis smoothly integrated with the Web user interface.
· ASP.NET provides muchof the infrastructure. Relatively little code is required in comparison toMicrosoft Active Server Pages versions 3.0 and earlier.
· ASP.NET formsauthentication does not require Microsoft Internet Explorer. Formsauthentication supports a wide range of Web browser clients.
· Allows you to defineyour own login and error pages, and create login interfaces that requiresomething other than, or in addition to, the traditional user name and password(such as an
e-mail address or digits of a telephone number.
· The Web Service will putthe credential key in the Web Services’ cookie, then the authenticated userwouldn’t need provide the credential with every request.
Disadvantages of Forms Authentication
· You must help protectthe initial logon credentials by using SSL because the credentials are sent tothe server as plaintext.· By default, the cookiethat contains the forms authentication ticket is not secured when you use formsauthentication in a Microsoft ASP.NET Web application. You must also make surethat
you help protect the cookie that contains the forms authentication ticket.
Scenario of Forms Authentication
· Allowsyou to define your own login and error pages,andcreate login interfaces that require something other than, or in addition to,the traditional user name
and password (such as an e-mail address or digits ofa telephone number
Demo of Forms Authentication
· The step to Configuration Form Based Authentication1. Setting up ASP.NET Forms Authentication User and Role Data Source
Create Database
Configure Membership and Role Provider and Create User
2. Create Web Application and Site Collections
3. Configure Web.Config file
Configuring FBA web application web.config file
Configuring Central Administration web applicationweb.config file
Configuring Security Token Service web.config file
4. Adding User Policy to the FBA Web Application
5. Verification Steps
How to configuration the Forms Based Autentication step by step reference to my blog about the link:/article/8548546.html(configuration
the Forms Based Autentication step by step)
About more infomation to the link: http://msdn.microsoft.com/en-us/library/hh394901(v=office.14).aspx
相关文章推荐
- Step by Step Configuring Forms Based Authentication in SharePoint 2013
- Forms Based Authentication FBA by AD in SharePoint 2010
- how to install and configure Remote BLOB Storage (RBS) in a SharePoint 2013 farm
- SharePoint 2010 and SharePoint 2013及相关应用教程
- Authentication with SharePoint Online and the Client Side Object Model
- Sizing and Capacity Planning for SharePoint 2013 - Resources
- Dynamics CRM 2013 Claim Based Authentication & IFD Configuration Tips
- Command-line reference for the SharePoint Products and Technologies Configuration Wizard
- Developer Introduction to Workflows for Windows SharePoint Services 3.0 and SharePoint Server 2007
- Internet Information Services is not installed. You must have Internet Information Services installed in order to use the SharePoint Products and Technologies Configuration Wizard
- Security Tutorials系列文章第三章:Forms Authentication Configuration and Advanced Topics
- Step By Step Guide to configure the “Replicating directory changes” for SharePoint 2010 and 2013
- Uploading Files in SharePoint 2013 using CSOM and REST
- SharePoint 2013自定义Providers在基于表单的身份验证(Forms-Based-Authentication)中的应用
- Turn off Mobile View for SharePoint 2010 and SharePoint 2013
- install and configure Microsoft SharePoint Server 2013 on Windows Server 2008 R2
- 在SharePoint Server 2016 RC 中利用ASP.Net SQL MemberShip和Role Provider为Web Application配置Forms-based身份验证
- Connecting SharePoint Online and CRM Online using BCS - 2013 Edition-SP online连接CRM online
- SharePoint 2007 Forms Authentication + SharePoint Designer
- Understanding and Using the SharePoint 2013 REST Interface