由於項目的需要,登錄SharePoint Application的用戶將從一個統一平台中獲取,而不是從Domain中獲取,所以需要對SharePoint Application的身份驗證(Claims Authentication Types)進行更改,即采用更加靈活的混合模式登錄:Windows Authentication和Forms Based Authentication。故本篇博客將着重筆墨去介紹SharePoint 2013自定義Providers在基於表單的身份驗(Forms-Based-Authentication)中的應用。
更改身份驗證
首先需要了解的一點事,怎樣去更改指定的Web Application 的身份驗證。進入SharePoint 2013 Central Administration-àApplication Management-àManage Web Applications-àAuthentication Providers,即如下所示:
如截圖所示那樣,啟用了FBA之后,需要我們提供自定義的Menbership Provider和Role Provider。
創建Membership Provider和Role Provider
這兒我選擇創建一個Class Library,當然你也可以直接創建一個SharePoint 2013 Empty Project,注意不管是哪種,最終都需要把Assembly 注冊/安裝 到GAC里。
- 如果是創建了SharePoint Project,要安裝Assembly到GAC,直接部署就行。
- 如果是創建了Class Library,需要有兩個步驟1).Sign the assembly(右鍵項目-àProperty-àSigning),2)gacutil /i "<assembly path/assembly name.dll>",如下所示(使用VS Command Tool):
獲取Strong Name Key File
安裝Assembly到GAC
對於.NET 4.0以上的Assembly,GAC位於C:\Windows\Microsoft.NET\assembly。.NET 3.5 GAC在C:\Windows\assembly,所以別找錯地方。Assembly成功注冊到GAC后,最好IISReset下。
接着,創建相關的Provider,分別繼承MembershipProvider和RoleProvider即可。
- 自定義MembershipProvider,主要代碼如下:
public class FBA_CustomRoleProvider : MembershipProvider
{
#region 重寫的方法
private MembershipUserCollection employees;
private void generateUsers()
{
employees = new MembershipUserCollection();
employees.Add(new MembershipUser(this.Name, "Jack Chen", "JackChen", "Jack@Chen.com", "What your Name?", "I am Jack", true, false, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today));
employees.Add(new MembershipUser(this.Name, "Bruce Li", "BruceLi", "BruceLi@Li.com", "How are u?", "How old are u", true, false, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today));
employees.Add(new MembershipUser(this.Name, "Eyes Wang", "EyesWang", "EyesWang@Mintcode.com", "What the hell?", "what the fuck", true, false, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today));
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
if (employees == null) generateUsers();
MembershipUserCollection returnFoundUsers = new MembershipUserCollection();
(employees.Cast<MembershipUser>().
Where(membershipUser => membershipUser.UserName.ToLowerInvariant().Contains(usernameToMatch.ToLowerInvariant())))
.ToList().ForEach(returnFoundUsers.Add);
totalRecords = returnFoundUsers.Count;
return returnFoundUsers;
}
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
if (employees == null) generateUsers();
totalRecords = employees.Count;
return employees;
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
if (employees == null) generateUsers();
IEnumerable<MembershipUser> usersFound = employees.Cast<MembershipUser>().Where(membershipUser => membershipUser.UserName == username);
return usersFound.FirstOrDefault();
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
if (employees == null) generateUsers();
IEnumerable<MembershipUser> usersFound = employees.Cast<MembershipUser>().Where(membershipUser => membershipUser.ProviderUserKey.ToString() == providerUserKey.ToString());
return usersFound.FirstOrDefault();
}
public override string GetUserNameByEmail(string email)
{
if (employees == null) generateUsers();
IEnumerable<MembershipUser> usersFound = employees.Cast<MembershipUser>().Where(membershipUser => membershipUser.Email.ToLowerInvariant() == email.ToLowerInvariant());
MembershipUser user = usersFound.FirstOrDefault();
if (user != null)
return user.UserName;
else
return null;
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
if (employees == null) generateUsers();
MembershipUserCollection returnFoundUsers = new MembershipUserCollection();
(employees.Cast<MembershipUser>().
Where(membershipUser => membershipUser.Email.ToLowerInvariant().Contains(emailToMatch.ToLowerInvariant())))
.ToList().ForEach(returnFoundUsers.Add);
totalRecords = returnFoundUsers.Count;
return returnFoundUsers;
}
public override bool ValidateUser(string username, string password)
{
//return true;
if (employees == null) generateUsers();
IEnumerable<MembershipUser> usersFound = employees.Cast<MembershipUser>().Where(membershipUser => membershipUser.UserName == username);
MembershipUser user = usersFound.FirstOrDefault();
if (user != null)
{
if (string.IsNullOrEmpty(password))
{
return false;
}
else
{
return true;
}
}
else
return false;
}
#endregion
}
- 自定義Role Provider,如下所示:
public class FBA_CustomMembershipProvider:RoleProvider
{
public override string ApplicationName { get; set; }
//所有角色
private string[] m_AllRoles = { "Developer", "Administrator", "Designer", "Architect ", "UI" };
private string[,] m_RolesForUser = new string[,] {
{"Eyes Wang", "Developer"},
{"Bruce Li","Administrator"},
{"Jack Chen","Designer,Architect"},
};
/// <summary>
/// 獲取全部角色
/// </summary>
/// <returns></returns>
public override string[] GetAllRoles()
{
return m_AllRoles;
}
/// <summary>
/// 根據User得到其相關的角色
/// </summary>
/// <param name="username"></param>
/// <returns></returns>
public override string[] GetRolesForUser(string username)
{
List<string> roles = new List<string>();
for (int i = 0; i <= m_RolesForUser.GetUpperBound(0); i++)
{
if (m_RolesForUser[i, 0] == username)
{
roles = m_RolesForUser[i, 1].Split(',').ToList<string>();
}
}
return roles.ToArray();
}
/// <summary>
/// 根據角色獲取其綁定的用戶
/// </summary>
/// <param name="rolename"></param>
/// <returns></returns>
public override string[] GetUsersInRole(string rolename)
{
List<string> users = new List<string>();
for (int i = 0; i <= m_RolesForUser.GetUpperBound(0); i++)
{
List<string> userRoles = m_RolesForUser[i, 1].Split(',').ToList<string>();
if (userRoles.Where(userRole => userRole == rolename).Count() > 0)
{
users.Add(m_RolesForUser[i, 0]);
}
}
return users.ToArray();
}
public override bool IsUserInRole(string username, string rolename)
{
List<string> usersForRole = GetUsersInRole(rolename).ToList();
if (usersForRole.Where(userName => userName == username).Count() > 0)
{
return true;
}
else
{
return false;
}
}
public override bool RoleExists(string rolename)
{
bool roleExsists = m_AllRoles.ToList().Where(roleName => roleName == rolename).Count() > 0;
return roleExsists;
}
public override string[] FindUsersInRole(string rolename, string usernameToMatch)
{
List<string> users = GetUsersInRole(rolename).ToList<string>();
List<string> foundUsers = users.Where(userName => userName.ToLowerInvariant().Contains(usernameToMatch.ToLowerInvariant())).ToList<string>();
return foundUsers.ToArray();
}
}
- 自定義的Provider成功安裝到GAC之后,接着修改web.config。注意需要修改3個地方,Web Application Config、SharePoint Central Administration Config、SecurityTokenServiceApplication,其路徑如果記不住的話,打開IIS,瀏覽即可,即如下所示:
修改Web Config
Web Config需要Assembly的Public Key Token,可以使用VS Command Tool來獲取:
- 首先修改Web Application的Web Config,找到其Membership節點,將以下代碼復制進:
<membership defaultProvider="i"> <providers> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="CustomMembershipProvider" type="Eyes.CustomProvider.FBA_CustomRoleProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" /> </providers> </membership> <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="CustomRoleProvider" type="Eyes.CustomProvider.FBA_CustomMembershipProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" /> </providers> </roleManager>
- 接着修改SharePoint Central Administration的Web Config,
<membership defaultProvider="i"> <providers> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="CustomMembershipProvider" type="Eyes.CustomProvider.FBA_CustomRoleProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" /> </providers> </membership> <roleManager> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="CustomRoleProvider" type="Eyes.CustomProvider.FBA_CustomMembershipProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" /> </providers> </roleManager>
- 然后修改SecurityTokenSeriveApplication的Web Config,
<system.web> <membership defaultProvider="i"> <providers> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="CustomMembershipProvider" type="Eyes.CustomProvider.FBA_CustomRoleProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" /> </providers> </membership> <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="CustomRoleProvider" type="Eyes.CustomProvider.FBA_CustomMembershipProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" /> </providers> </roleManager> </system.web>
- 最后將Web Application的Authentication Type修改為混合模式,如下所示
分配用戶並測試
成功為Web Application創建了自定義的Provider之后,接着就是測試是否成功。如添加訪問用戶,可以如下圖操作所示:
搜索用戶,如下圖所示:
訪問Site,提示混合登錄模式,如下圖所示:
登錄成功后顯示信息:
小結
當以Windows Authentication注銷時,會發生錯誤(查閱日志后報錯信息encodeValue不能為空)。我猜是沒清理Session,查了很多資料,發現這是個別現象。不知道最新的SharePoint 2013 Updates有沒有解決這個問題。我的版本是SharePoint 2013 Server(原始版本,從未更新過)。如果解決的話,勞煩各位朋友告訴我一下。點擊代碼下載