Sharepoint 2010 Form 身份认证的实现（基于AD）

一。进管理中心，创建一个应用程序，配置如下：

　　代码

<membership defaultProvider="AspNetSqlMembershipProvider">

<providers>

<!-- ADMembership-->

<add name="ADMembership"

type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server="cd-isbunet.ncs.corp.int-ads"

port="389"

useSSL="false"

userDNAttribute="distinguishedName"

userNameAttribute="sAMAccountName"

userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads"

userObjectClass="person"

userFilter="(&(ObjectClass=person))"

scope="Subtree"

otherRequiredUserAttributes="sn,givenname,cn"

connectionUsername="XXX\jiangly"

connectionPassword="123456" />

<!-- ADMembership-->

</providers>

</membership >

<roleManager defaultProvider="AspNetWindowsTokenRoleProvider"  enabled ="true">

<providers>

<add name="roleManager"

type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server="cd-isbunet.ncs.corp.int-ads"

port="389"

useSSL="false"

groupContainer="DC=ncs,DC=corp,DC=int-ads"

groupNameAttribute="cn"

groupNameAlternateSearchAttribute="samAccountName"

groupMemberAttribute="member"

userNameAttribute="sAMAccountName"

dnAttribute="distinguishedName"

groupFilter="(&(ObjectClass=group))"

userFilter="(&(ObjectClass=person))"

scope="Subtree"

connectionUsername="XXX\jiangly"

connectionPassword="123456" />

</providers>

</roleManager>

2.找到应用程序的<system.web></system.web>,配置如下：

代码

<machineKey validationKey="D35D48269B8B92E8A7D86FB64FBFCC4B2B4F1E3A0BFC43FB" decryptionKey="FEA7B512E6E390C18283E0D2E0542564F1E47E1F0A80F335" validation="SHA1" />
<membership defaultProvider="i">

<providers>

<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

<!-- ADMembership-->

<add name="ADMembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server="cd-isbunet.ncs.corp.int-ads"

port="389" useSSL="false"

userDNAttribute="distinguishedName"

userNameAttribute="sAMAccountName"

userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads"

userObjectClass="person"

userFilter="(&(ObjectClass=person))"

scope="Subtree"

otherRequiredUserAttributes="sn,givenname,cn"

connectionUsername="XXX\jiangly"

connectionPassword="123456" />

<!-- ADMembership-->

</providers>

</membership>

<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">

<providers>

<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

<!-- ADMembership-->

<add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server="cd-isbunet.ncs.corp.int-ads"

port="389"

useSSL="false"

groupContainer="DC=ncs,DC=corp,DC=int-ads"

groupNameAttribute="cn"

groupNameAlternateSearchAttribute="samAccountName"

groupMemberAttribute="member"

userNameAttribute="sAMAccountName"

dnAttribute="distinguishedName"

groupFilter="(&(ObjectClass=group))"

userFilter="(&(ObjectClass=person))"

scope="Subtree"

connectionUsername="XXX\jiangly"

connectionPassword="123456" />

<!-- ADMembership-->

</providers>

</roleManager>

3.找到SecurityTokenServiceApplication站台web.config,它里面没有<system.web></system.web>,你需要自己添加

代码

<system.web>
<!-- ADMembership-->

<membership>

<providers>

<!-- ADMembership-->

<add name="ADMembership"

type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server="cd-isbunet.ncs.corp.int-ads"

port="389"

useSSL="false"

userDNAttribute="distinguishedName"

userNameAttribute="sAMAccountName"

userContainer="CN=Users,DC=ncs,DC=corp,DC=int-ads"

userObjectClass="person"

userFilter="(&(ObjectClass=person))"

scope="Subtree"

otherRequiredUserAttributes="sn,givenname,cn"

connectionUsername="XXX\jiangly"

connectionPassword="123456" />

<!-- ADMembership-->

</providers>

</membership>

<roleManager enabled ="true" >

<providers>

<!-- ADMembership-->

<add name="roleManager"

type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"

server="cd-isbunet.ncs.corp.int-ads"

port="389"

useSSL="false"

groupContainer="DC=ncs,DC=corp,DC=int-ads"

groupNameAttribute="cn"

groupNameAlternateSearchAttribute="samAccountName"

groupMemberAttribute="member"

userNameAttribute="sAMAccountName"

dnAttribute="distinguishedName"

groupFilter="(&(ObjectClass=group))"

userFilter="(&(ObjectClass=person))"

scope="Subtree"

connectionUsername="XXX\jiangly"

connectionPassword="123456" />

<!-- ADMembership-->

</providers>

</roleManager>

</system.web>

五。我们进管理中心-》应用程序管理-》打开用户策略-》添加域中的用户（如果没有找到，说明你的web.config里要修改的参数不对）



六。创建网站集，然后打开站点登陆，如果一切正常就能进入站点了





祝你成功！

这里特别感谢foley！

参考资料：

（1）http://www.microsofttranslator.com/bv.aspx?ref=Internal&from=en&to=zh-CHS&a=http%3a%2f%2fblogs.msdn.com%2fb%2frussmax%2farchive%2f2009%2f12%2f31%2fconfiguring-forms-based-authentication-for-claims-based-web-applications.aspx

（2）http://isharebook.com/forums/showthread.php/2649-Claims-Based-Identity-in-SharePoint-2010.html

（3）http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx

（4）http://xiangzhangjun2006.blog.163.com/blog/static/44140966201061334818612/