SharePoint 2013自定义Providers在基于表单的身份验证(Forms-Based-Authentication)中的应用
由于项目的需要,登录SharePoint Application的用户将从一个统一平台中获取,而不是从Domain中获取,所以需要对SharePoint Application的身份验证(Claims Authentication Types)进行更改,即采用更加灵活的混合模式登录:Windows Authentication和Forms Based Authentication。故本篇博客将着重笔墨去介绍SharePoint 2013自定义Providers在基于表单的身份验(Forms-Based-Authentication)中的应用。
更改身份验证
首先需要了解的一点事,怎样去更改指定的Web Application 的身份验证。进入SharePoint 2013 Central Administration-àApplication Management-àManage Web Applications-àAuthentication Providers,即如下所示:
如截图所示那样,启用了FBA之后,需要我们提供自定义的Menbership Provider和Role Provider。
创建Membership Provider和Role Provider
这儿我选择创建一个Class Library,当然你也可以直接创建一个SharePoint 2013 Empty Project,注意不管是哪种,最终都需要把Assembly 注册/安装 到GAC里。
- 如果是创建了SharePoint Project,要安装Assembly到GAC,直接部署就行。
- 如果是创建了Class Library,需要有两个步骤1).Sign the assembly(右键项目-àProperty-àSigning),2)gacutil /i "<assembly path/assembly name.dll>",如下所示(使用VS Command Tool):
获取Strong Name Key File
安装Assembly到GAC
对于.NET 4.0以上的Assembly,GAC位于C:\Windows\Microsoft.NET\assembly。.NET 3.5 GAC在C:\Windows\assembly,所以别找错地方。Assembly成功注册到GAC后,最好IISReset下。
接着,创建相关的Provider,分别继承MembershipProvider和RoleProvider即可。
- 自定义MembershipProvider,主要代码如下:
public class FBA_CustomRoleProvider : MembershipProvider
{
#region 重写的方法 private MembershipUserCollection employees;
private void generateUsers()
{ employees = new MembershipUserCollection();
employees.Add(new MembershipUser(this.Name, "Jack Chen", "JackChen", "Jack@Chen.com", "What your Name?", "I am Jack", true, false, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today));
employees.Add(new MembershipUser(this.Name, "Bruce Li", "BruceLi", "BruceLi@Li.com", "How are u?", "How old are u", true, false, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today));
employees.Add(new MembershipUser(this.Name, "Eyes Wang", "EyesWang", "EyesWang@Mintcode.com", "What the hell?", "what the fuck", true, false, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today, DateTime.Today)); } public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
if (employees == null) generateUsers();
MembershipUserCollection returnFoundUsers = new MembershipUserCollection(); (employees.Cast<MembershipUser>(). Where(membershipUser => membershipUser.UserName.ToLowerInvariant().Contains(usernameToMatch.ToLowerInvariant()))) .ToList().ForEach(returnFoundUsers.Add); totalRecords = returnFoundUsers.Count;
return returnFoundUsers;
} public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{ if (employees == null) generateUsers();
totalRecords = employees.Count;
return employees;
} public override MembershipUser GetUser(string username, bool userIsOnline)
{ if (employees == null) generateUsers();
IEnumerable<MembershipUser> usersFound = employees.Cast<MembershipUser>().Where(membershipUser => membershipUser.UserName == username);
return usersFound.FirstOrDefault();
} public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{ if (employees == null) generateUsers(); IEnumerable<MembershipUser> usersFound = employees.Cast<MembershipUser>().Where(membershipUser => membershipUser.ProviderUserKey.ToString() == providerUserKey.ToString()); return usersFound.FirstOrDefault();
} public override string GetUserNameByEmail(string email)
{
if (employees == null) generateUsers(); IEnumerable<MembershipUser> usersFound = employees.Cast<MembershipUser>().Where(membershipUser => membershipUser.Email.ToLowerInvariant() == email.ToLowerInvariant()); MembershipUser user = usersFound.FirstOrDefault(); if (user != null) return user.UserName; else return null;
} public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{ if (employees == null) generateUsers();
MembershipUserCollection returnFoundUsers = new MembershipUserCollection(); (employees.Cast<MembershipUser>(). Where(membershipUser => membershipUser.Email.ToLowerInvariant().Contains(emailToMatch.ToLowerInvariant()))) .ToList().ForEach(returnFoundUsers.Add); totalRecords = returnFoundUsers.Count; return returnFoundUsers; } public override bool ValidateUser(string username, string password)
{
//return true;
if (employees == null) generateUsers(); IEnumerable<MembershipUser> usersFound = employees.Cast<MembershipUser>().Where(membershipUser => membershipUser.UserName == username);
MembershipUser user = usersFound.FirstOrDefault(); if (user != null)
{ if (string.IsNullOrEmpty(password))
{ return false; } else
{ return true; } } else return false;
}
#endregion
}
- 自定义Role Provider,如下所示:
public class FBA_CustomMembershipProvider:RoleProvider
{
public override string ApplicationName { get; set; } //所有角色
private string[] m_AllRoles = { "Developer", "Administrator", "Designer", "Architect ", "UI" }; private string[,] m_RolesForUser = new string[,] { {"Eyes Wang", "Developer"}, {"Bruce Li","Administrator"}, {"Jack Chen","Designer,Architect"}, }; /// <summary>
/// 获取全部角色
/// </summary>
/// <returns></returns>
public override string[] GetAllRoles()
{ return m_AllRoles; } /// <summary>
/// 根据User得到其相关的角色
/// </summary>
/// <param name="username"></param>
/// <returns></returns>
public override string[] GetRolesForUser(string username) {
List<string> roles = new List<string>();
for (int i = 0; i <= m_RolesForUser.GetUpperBound(0); i++)
{ if (m_RolesForUser[i, 0] == username)
{
roles = m_RolesForUser[i, 1].Split(',').ToList<string>();
} }
return roles.ToArray();
} /// <summary>
/// 根据角色获取其绑定的用户
/// </summary>
/// <param name="rolename"></param>
/// <returns></returns>
public override string[] GetUsersInRole(string rolename)
{ List<string> users = new List<string>();
for (int i = 0; i <= m_RolesForUser.GetUpperBound(0); i++)
{
List<string> userRoles = m_RolesForUser[i, 1].Split(',').ToList<string>();
if (userRoles.Where(userRole => userRole == rolename).Count() > 0)
{ users.Add(m_RolesForUser[i, 0]);
} }
return users.ToArray();
} public override bool IsUserInRole(string username, string rolename)
{ List<string> usersForRole = GetUsersInRole(rolename).ToList();
if (usersForRole.Where(userName => userName == username).Count() > 0)
{
return true;
} else
{
return false;
} } public override bool RoleExists(string rolename)
{ bool roleExsists = m_AllRoles.ToList().Where(roleName => roleName == rolename).Count() > 0;
return roleExsists;
} public override string[] FindUsersInRole(string rolename, string usernameToMatch)
{ List<string> users = GetUsersInRole(rolename).ToList<string>();
List<string> foundUsers = users.Where(userName => userName.ToLowerInvariant().Contains(usernameToMatch.ToLowerInvariant())).ToList<string>();
return foundUsers.ToArray();
}
}
- 自定义的Provider成功安装到GAC之后,接着修改web.config。注意需要修改3个地方,Web Application Config、SharePoint Central Administration Config、SecurityTokenServiceApplication,其路径如果记不住的话,打开IIS,浏览即可,即如下所示:
修改Web Config
Web Config需要Assembly的Public Key Token,可以使用VS Command Tool来获取:
- 首先修改Web Application的Web Config,找到其Membership节点,将以下代码复制进:
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomMembershipProvider" type="Eyes.CustomProvider.FBA_CustomRoleProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomRoleProvider" type="Eyes.CustomProvider.FBA_CustomMembershipProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" />
</providers>
</roleManager>
- 接着修改SharePoint Central Administration的Web Config,
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomMembershipProvider" type="Eyes.CustomProvider.FBA_CustomRoleProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" />
</providers>
</membership>
<roleManager>
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomRoleProvider" type="Eyes.CustomProvider.FBA_CustomMembershipProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" />
</providers>
</roleManager>
- 然后修改SecurityTokenSeriveApplication的Web Config,
<system.web>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomMembershipProvider" type="Eyes.CustomProvider.FBA_CustomRoleProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="CustomRoleProvider" type="Eyes.CustomProvider.FBA_CustomMembershipProvider,Eyes.CustomProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c4a0ffa664cbc06c" />
</providers>
</roleManager>
</system.web>
- 最后将Web Application的Authentication Type修改为混合模式,如下所示
分配用户并测试
成功为Web Application创建了自定义的Provider之后,接着就是测试是否成功。如添加访问用户,可以如下图操作所示:
搜索用户,如下图所示:
访问Site,提示混合登录模式,如下图所示:
登录成功后显示信息:
小结
当以Windows Authentication注销时,会发生错误(查阅日志后报错信息encodeValue不能为空)。我猜是没清理Session,查了很多资料,发现这是个别现象。不知道最新的SharePoint 2013 Updates有没有解决这个问题。我的版本是SharePoint 2013 Server(原始版本,从未更新过)。如果解决的话,劳烦各位朋友告诉我一下。点击代码下载
SharePoint 2013自定义Providers在基于表单的身份验证(Forms-Based-Authentication)中的应用的更多相关文章
- 【FBA】SharePoint 2013自定义Providers在基于表单的身份验证(Forms-Based-Authentication)中的应用
//http://www.cnblogs.com/OceanEyes/p/custom-provider-in-sharepoint-2013-fba-authentication.html 由于项目 ...
- [FBA]SharePoint 2013自定义Providers在基于表单的身份验证(Forms-Based-Authentication)中的应用
//http://tech.ddvip.com/2014-05/1401197453210723.html 由于项目的需要,登录SharePoint Application的用户将从一个统一平台中获取 ...
- ASP.NET MVC 4 (十三) 基于表单的身份验证
在前面的章节中我们知道可以在MVC应用程序中使用[Authorize]特性来限制用户对某些网址(控制器/控制器方法)的访问,但这都是在对用户认证之后,而用户的认证则依然是使用ASP.NET平台的认证机 ...
- 基于表单的身份验证(FBA)
https://technet.microsoft.com/zh-cn/library/ee806890(office.15).aspx http://www.tuicool.com/articles ...
- asp.net 如何配置authentication,完成基于表单的身份验证
步骤一: 在根目录下的web.config中加入: <system.web> <authentication mode="Forms"> ...
- JavaWeb应用中的身份验证(声明式)——基于表单的身份认证
容器管理安全最普遍的类型建立在基于表单的身份验证方式上. 通过这样的方式,server自己主动将尚未验证的用户重定向到一个HTML表单.检查他们的username和password,决定他们属于哪个角 ...
- SharePoint 2013 配置基于表单的身份认证
前 言 这里简单介绍一下为SharePoint 2013 配置基于表单的身份认证,简单的说,就是用Net提供的工具创建数据库,然后配置SharePoint 管理中心.STS服务.Web应用程序的三处w ...
- 在Tomcat中采用基于表单的安全验证
.概述 (1)基于表单的验证 基于From的安全认证可以通过TomcatServer对Form表单中所提供的数据进行验证,基于表单的验证使系统开发者可以自定义用户的登陆页面和报错页面.这种验证方法 ...
- Web服务器使用基于纯文本表单的身份验证——.net(未完待续)
asp.net 表单验证方式 Asp.net的身份验证有有三种,分别是"Windows | Forms| Passport",其中又以Forms验证用的最多,也最灵活. 根据实际需 ...
随机推荐
- [Canvas]炸弹人初成版
试玩请点此下载代码,并使用浏览器打开index.html. 用方向键操作小人,空格键放炸弹,把敌人消灭算赢,被炸弹炸中或是碰到敌人算输. 图例: 源码: <!DOCTYPE html> & ...
- 权威公布:彻底搞清楚哪些笔记本和台式机主板能够支持42mm SATA M.2 NGFF(2242)接口的固态硬盘!!!
在京东,天猫上搜寻半天.致电联想客服以及各个固态盘的店小二.都搞不清楚兼容性问题.并且联想客服的回答明显错误,官网描写叙述也错误,客服project师也含糊不清说:要拆机试一试才知道是否兼容. 我就不 ...
- Git操作简单入门及相关命令
说明:本文内容主要来自文末参考链接内容,此文仅作学习记录.如有转载,请到文末参考链接处. 1 基本概念理解 1.1 Git介绍 Git是分布式版本控制系统. 集中式VS分布式,SVN VS Git. ...
- Spring全局异常处理的三种方式
在J2EE项目的开发中,不管是对底层的数据库操作过程,还是业务层的处理过程,还是控制层的处理过程,都不可避免会遇到各种可预知的.不可预知的异常需要处理.每个过程都单独处理异常,系统的代码耦合度高,工作 ...
- [Aaronyang] 写给自己的WPF4.5 笔记11[自定义控件-AyImageButton的过程 1/4]
我的文章一定要对读者负责-否则不是好文章 ---- www.ayjs.net aaronyang技术分享 文章导航: 介绍vs2013 WPF开发,属性代码相关技巧 实战AyImage ...
- 【C语言】两个指针(地址)相减
两个指针相减,为两个指针之间间隔这两个指针类型的数目. 如:int *p,*q; p-q=(p地址-q地址)/sizeof(int) #include <stdio.h> int main ...
- 【Android】Eclipse性能优化,快捷方式,文档注释
快捷方式 方法注释的快捷键:ALT + SHIFT +J 格式化:Ctrl+Shift+F 把当前选中的文本全部变味大写:Ctrl+Shift+X 把当前选中的文本全部变为小写:Ctrl+Shift+ ...
- ORGANISING THE TEST CASES
ORGANISING THE TEST CASES -Test note of “Essential Software Test Design” 2015-09-24 目录 22.1 Test Cas ...
- 【iCore4 双核心板_ARM】例程十八:USBD_VCP实验——虚拟串口
实验步骤: 1.将跳线冒跳至USB_OTG,通过Micro USB 线将iCore4 USB-OTG接口与电脑相连. 2.打开设备管理器,可以找到虚拟出来的端口,(特殊情况下如果没有虚拟出端口,我们可 ...
- JVM——Java HotSpot VM Options
JVM常用参数 参数名称 含义 默认值 描述 -Xms 初始堆大小 物理内存的1/64(<1GB) 默认(MinHeapFreeRatio参数可以调整)空余堆内存小于40%时,JVM就会增大堆 ...