具有表单身份验证的 Sharepoint 用户配置文件

发布于 2024-08-10 23:13:38 字数 646 浏览 11 评论 0原文

我已使用一些自定义字段将大量用户导入到我的 Active Directory 中。然后,我将配置文件从 Active Directory 导入到 Sharepoint,其中包含所有自定义字段和常规字段。此后,我需要每个用户都位于一个网站集中,并为他们设置了 MySite。为此,我编写了一些代码来确保用户存在,然后检查配置文件属性“个人空间”以查看是否已创建 MySite。一切都很顺利,直到一些用户需要从网络外部登录。

我想摆脱用户从网络外部访问时会收到的 Windows 身份验证弹出窗口(或者没有将站点添加到 IE 中的受信任区域)。我已经扩展了我的网络应用程序来创建一个互联网区域。然后,我编辑了互联网站点的 web.config 以进行 Active Directory 表单身份验证,同时编辑了中央管理员的 web.config,以便它可以看到数据源。这一切都很好,用户可以通过一个漂亮的界面登录。唯一的问题是现在用户与其用户配置文件分离。本质上,Sharepoint 将 Windows 身份验证用户和表单身份验证用户视为两个单独的用户。

有没有办法链接配置文件?我是否必须编写自定义会员资格提供程序来登录用户,然后将他们链接到他们的 Windows 帐户?有没有办法让用户从互联网 Web 应用程序登录,然后欺骗他们的 Windows 凭据并将其传递到 Intranet?我是否需要根据表单身份验证数据源重新创建所有用户配置文件?

I've imported a bunch of users into my Active Directory with some custom fields. Then I did a profile import from Active Directory to Sharepoint with all the custom fields and regular fields. After this, I needed each user to be in a site collection with a MySite set up for them. I did that by writing some code that ensured the user existed and then checked the profile attribute "personalspace" to see if a MySite had been created. Everything worked great until some of the users needed to login from outside the network.

I'd like to get rid of the windows authentication pop-up that a user would get if they hit from outside the network (or haven't added the site to their trusted zone in IE). I've extended my web application to create an internet zone. Then I edited the web.config of the internet site to do active directory forms authentication, along with editing the Central Administrator's web.config so that it can see the data source. This is all well and good, the user can login through a nice interface. The only problem is that now the user is detached from their user profile. Essentially Sharepoint views a windows authentication user and a forms authenticated user as two separate users.

Is there a way to link the profiles? Do I have to write a custom membership provider to log a user in and then link them up to their windows account? Is there a way to log a user in from the internet web app and then spoof their windows credentials and pass it to the intranet? Do I need to recreate all the user profiles based on the forms authentication data source?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

抠脚大汉 2024-08-17 23:13:38

我一直在尝试完成同样的事情,但遇到完全相同的问题 - “forms-authenticated-me”与共享点的“windows-authenticated-me”不同,而且我不知道如何映射两个。

经过大量令人沮丧的努力后,我想我终于意识到这是不可能的。回想起来,这并不太令人惊讶。

以下是 http://msdn.microsoft.com/en-us/ 的摘录Library/bb975136.aspx(我添加了重点)...

决定使用表单身份验证
一些组织希望使用 Windows
SharePoint 中的用户和组
产品和技术,但进入
通过表单身份验证的凭据。
在使用表单身份验证之前,
确定为什么使用表单
首先进行身份验证:
业务驱动力是什么?如果用户
帐户存储在一个位置
Active Directory 域以外的域
控制器,或者如果 Active Directory 是
在特定情况下不可用
环境,使用表格
会员身份验证
提供商是一个不错的选择。但是如果你
只想通过表单强制登录
身份验证,但仍使用 Windows
以及它的所有集成功能
提供,您应该考虑
另一种选择,例如发布
与 Microsoft 合作的 SharePoint 网站
互联网安全与加速
(ISA) 服务器 2006。ISA 服务器 2006
允许用户使用
表单身份验证 Web 表单,但是
之后将他们视为 Windows 用户
身份验证。
此实现
提供了更加一致和
为最终用户带来引人入胜的体验。


I've been trying to accomplish the same thing, with exactly the same problem - the "forms-authenticated-me" is not the same as the "windows-authenticated-me" to sharepoint, and I can't see how to map the two.

After a lot of frustrating efforts, I think I've finally realized it's not possible. In retrospect, this isn't too surprising.

here's an excerpt from http://msdn.microsoft.com/en-us/library/bb975136.aspx (my emphasis added)...

Deciding to Use Forms Authentication
Some organizations want to use Windows
users and groups in SharePoint
Products and Technologies, but enter
credentials via forms authentication.
Before using forms authentication,
determine why to use forms
authentication in the first place:
What is the business driver? If user
accounts are stored in a location
other than an Active Directory domain
controller, or if Active Directory is
not available in a particular
environment, using forms
authentication with a membership
provider is a good choice. But if you
want to force logon only via forms
authentication, but still use Windows
and all of the integrated features it
provides,
you should consider an
alternative such as publishing the
SharePoint site with Microsoft
Internet Security and Acceleration
(ISA) Server 2006. ISA Server 2006
allows users to log on by using a
forms authentication Web form, but
treats them like Windows users after
authentication.
This implementation
provides a more consistent and
compelling experience for end users.

最单纯的乌龟 2024-08-17 23:13:38

您可以设置表单身份验证以使用 Active Directory 表单身份验证提供程序。您将获得两全其美的好处。

登录提示将是您想要的表单身份验证提示,但配置文件和登录信息将来自 Active Directory。

请按照以下说明配置提供程序:

如何:通过 Active Directory 使用表单身份验证< /a>

You can set up the Forms Authentication to use the Active Directory Forms Authentication provider. You'll get the best of both worlds.

The login prompt will be the Forms Authentication prompt that you want, but the profile and login info will come from Active Directory.

Follow these instructions to configure the provider:

How To: Use Forms Authentication with Active Directory

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文