Sharepoint学习笔记—Authentication-- 更改现有Sharepoint网站的认证方式，让其支持FBA：1.前期准备

   之前公司开发的Sharepoint 网站使用的是Classic Mode Authentication方式(基于Windows AD方式)，近期的客户需求需要使这个已投入使用的Sharepoint应用不但能支持原有的AD认证方式，并且还要能支持Form方式。
   于是问题出来了，一般我们在新创建一个Web Application时，系统会让你决定此Web Application到底是基于哪一种Authentication，如下图: 

        

     而一旦你部署了此Web Application，一朝你想要修改它，你在Sharepoint的 Central Administration 界面上就再也找不到重新设定此Web Application认证方式的途径了。
  此处，作为一个整体总结，描述具体的操作步骤(有些步骤，尤其是准备步骤，你可以在网上找到不少的参考，在此处只是作为一个整体把它们备注下来)。
  1. 创建Form认证需要使用的用户数据库，这里使用AspnetDb。
     1.1 在服务器上启动cmd (最好以Administrator方式启动) 并转到目录 C:\Windows\Microsoft.NET\Framework\v2.0.50727下，也可以通过下图操作在此目录下进入cmd命令行模式

     
 
     1.2 执行 aspnet_regsql.exe命令创建AspnetDb数据库，各步骤见下图:

命令运行后出现如下界面

按默认设置一路Next

完成创建后，可以到服务器上找到创建的AspnetDb数据库。

  

  
  2. 在AspnetDb数据库上创建用户。
   你可以自行在AspnetDb上创建用户，也可以通过工具快速生成用户。
      2.1下载 FBA User Management Tool
        http://fbamanagementtool.codeplex.com/
        http://cks.codeplex.com/releases/view/7450
 
      2.2 解压缩MembershipSeeder.zip并启动release目录下的 MembershipSeeder.exe，分别设置Config，Users和密码，然后点击Create进行创建,如下图:

 

 
    这个工具将在AspnetDb中创建 user1 … user50等50个用户，密码为!Passw0rd。
可以进入数据库中查看:

 

     3.配置Sharepoint环境下的相关 Web.config
    主要是两个Web.Config.(建议在配置任何web.config文件之前先备份原文件，以备操作失误使得SharePoint崩溃时用于恢复)
一是:C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken\web.config

 
  < 
  system 
  .net 
  > 
  
    
  < 
  connectionManagement 
  > 
  
     
  < 
  add  
  address 
  ="*" 
   maxconnection 
  ="10000" 
    
  /> 
  
    
  </ 
  connectionManagement 
  > 
  
   
  </ 
  system.net 
  > 
  
   
  < 
  connectionStrings 
  > 
  
    
  < 
  add  
  name 
  ="FBASQLConnectionString" 
  
                  connectionString 
  ="Data Source=MySQL;Initial Catalog=aspnetdb;
     Persist Security Info=True;User ID=MyApp;Password=MyPwd" 
  
                  providerName 
  ="System.Data.SqlClient" 
    
  /> 
  
   
  </ 
  connectionStrings 
  > 
  
   
  < 
  system 
  .web 
  > 
  
    
  < 
  roleManager  
  enabled 
  ="true" 
   cacheRolesInCookie 
  ="false" 
  > 
  
     
  < 
  providers 
  > 
  
      
  < 
  add  
  name 
  ="SqlRoleProvider" 
  
                   type 
  ="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider,
     Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, 
    PublicKeyToken=71e9bce111e9429c" 
    
  /> 
  
      
  < 
  add  
  connectionStringName 
  ="FBASQLConnectionString" 
  
                   applicationName 
  ="/" 
  
                   description 
  ="Stores and retrieves roles from SQL Server" 
  
                   name 
  ="FBArole" 
  
                   type 
  ="System.Web.Security.SqlRoleProvider, System.Web, 
     Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
    
  /> 
  
     
  </ 
  providers 
  > 
  
    
  </ 
  roleManager 
  > 
  
  
  
   
  < 
  membership 
  > 
  
     
  < 
  providers 
  > 
  
      
  < 
  add  
  name 
  ="SqlMembershipProvider" 
  
                   type 
  ="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider,
      Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, 
     PublicKeyToken=71e9bce111e9429c" 
    
  /> 
  
      
  < 
  add  
  connectionStringName 
  ="FBASQLConnectionString" 
  
                   passwordAttemptWindow 
  ="5" 
  
                   enablePasswordRetrieval 
  ="false" 
  
                   enablePasswordReset 
  ="false" 
  
                   requiresQuestionAndAnswer 
  ="true" 
  
                   applicationName 
  ="/" 
  
                   requiresUniqueEmail 
  ="true" 
  
                   passwordFormat 
  ="Hashed" 
  
                   description 
  ="Stores and Retrieves membership data from SQL Server" 
  
                   name 
  ="FBArole" 
  
                   type 
  ="System.Web.Security.SqlMembershipProvider, System.Web, 
     Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
    
  /> 
  
     
  </ 
  providers 
  > 
  
    
  </ 
  membership 
  > 
  
    
  < 
  authentication  
  mode 
  ="Windows" 
    
  /> 
  
   
  </ 
  system.web 
  > 
  
  
 

 二是:修改配置管理中心的web.config

 可以通过下图所示跳到管理中心的Web.config所在目录:

 
 A.在<configuration>节点下添加

 
  < 
  system 
  .net 
  > 
  
    
  < 
  connectionManagement 
  > 
  
     
  < 
  add  
  address 
  ="*" 
   maxconnection 
  ="10000" 
    
  /> 
  
    
  </ 
  connectionManagement 
  > 
  
   
  </ 
  system.net 
  > 
  
   
  < 
  connectionStrings 
  > 
  
    
  < 
  add  
  name 
  ="FBASQLConnectionString" 
  
      connectionString 
  ="Data Source=YourServer;Initial Catalog=aspnetdb;
     Persist Security Info=True;User ID=MyApp;Password=MyPwd" 
  
      providerName 
  ="System.Data.SqlClient" 
    
  /> 
  
   
  </ 
  connectionStrings 
  > 
  
  
 

 

 B.更新roleManager和 membership 节点：

 
  < 
  roleManager  
  defaultProvider 
  ="AspNetWindowsTokenRoleProvider" 
   enabled 
  ="true" 
   cacheRolesInCookie 
  ="false" 
  > 
  
     
  < 
  providers 
  > 
  
      
  < 
  add  
  name 
  ="SqlRoleProvider" 
  
       type 
  ="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider,
     Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, 
    PublicKeyToken=71e9bce111e9429c" 
    
  /> 
  
      
  < 
  add  
  connectionStringName 
  ="FBASQLConnectionString" 
  
       applicationName 
  ="/" 
  
       description 
  ="Stores and retrieves roles from SQL Server" 
  
       name 
  ="FBArole" 
  
       type 
  ="System.Web.Security.SqlRoleProvider, System.Web, 
     Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
    
  /> 
  
     
  </ 
  providers 
  > 
  
    
  </ 
  roleManager 
  > 
  
    
  < 
  membership 
  > 
  
     
  < 
  providers 
  > 
  
      
  < 
  add  
  name 
  ="SqlMembershipProvider" 
  
       type 
  ="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider,
      Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, 
     PublicKeyToken=71e9bce111e9429c" 
    
  /> 
  
      
  < 
  add  
  connectionStringName 
  ="FBASQLConnectionString" 
  
       passwordAttemptWindow 
  ="5" 
  
       enablePasswordRetrieval 
  ="false" 
  
       enablePasswordReset 
  ="false" 
  
       requiresQuestionAndAnswer 
  ="true" 
  
       applicationName 
  ="/" 
  
       requiresUniqueEmail 
  ="true" 
  
       passwordFormat 
  ="Hashed" 
  
       description 
  ="Stores and Retrieves membership data from SQL Server" 
  
       name 
  ="FBArole" 
  
       type 
  ="System.Web.Security.SqlMembershipProvider, System.Web, 
     Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
    
  /> 
  
     
  </ 
  providers 
  > 
  
    
  </ 
  membership 
  >