- Creating & Configuring an ASP.Net Membership Database
- Creating a Web Application that Users Claims - Base Authentication
- Configuring Secure Store: Create User accounts
A. CONFIGURING CUSTOM AUTHENTICATION
A. 1. Creating & Configuring an ASP.Net Membership Database- Create an ASP.Net membership database
a. Log on to SP2010-WFE1 as Contoso\Sp_admin with its password
b. Click Start, then right-click Command Prompt, and then click Run as administrator.The User Account Control dialog box appears.
c. Click Yes.
d. Type the following commands:
cd c:\windows\microsoft.net\framework\v2.0.50727 (ENTER)
aspnet_regsql.exe
The ASP.Net SQL Server Setup Wizard appears.
e. On the Welcome page, click Next.
f. On the Select a Setup Options page, click Next.
g. On the Select the Server and Database page, click Next.
h. On the Confirm Your Settings page, click Next.
i. On the The database has been created or modified page, click Finish.
- Configure the connection to the database
a. Type the following commands
cd c:\windows\microsoft.net\framework\v2.0.50727\config (ENTER)
notepad machine.config
b. Modify the connectionStrings element of the XML file to match the following:
<connectionStrings>
<clear/>
<add name="LocalSQLServer"
connectionString="Server-.;Database=aspnetdb;uid=sa;pwd=[adminpassword];"
providerName="System.Data.SqlClient"/>
</connectionstrings>
c. Click File, and then click Save.
d. Close Notepad.
e. In Administrator: Command Prompt, type the following commands:
cd c:\windwos\microsoft.net\framework64\v2.0.50727\config
notepad machine.config
f. Repeat steps 2-4
- Create Users
a. Click Start, click All programs, click Microsoft Sharepoint 2010 Products, right-click Sharepoint 2010 Management Shell, and click Run as AdministratorThe User Account Control dialog box appears.
b. Click Yes.
c. Execute the following commands:
$member = New-Object System.Web.Security.SQLMembershipProvider
$vals=New-Object System.Collections.Specialized.NameValueCollection
$vals.Add("name", "sql")
$vals.Add("connectionStringName", "LocalSQLServer")
$vals.Add("applicationName", "/")
$member.Initialize("sql", $vals);
$member.CreateUser("SiteAdministrator", "Password", 'Sharepoint@contoso.com', 'first person', $true, $id, [ref] $status)
Ignore the error message that indicate the membership provider name specified is invalid.
d. Type the following command:
$status
e. Verify that the result is Success.
f. Repeat the command in step c. - e.
g. Close Sharepoint 2010 Management Shell.
- Enable the secure token service to use forms-based authenticationa. In Administrator: Command Prompt, type the following commands:
cd "c:\program files\common files\microsoft shared\web server extensions\14\webservices\root"
notepad web.config
b. Locate the <system.web> element, then locate the <membership> element, and then locate the <providers> element.
c. Remove the <clear/> directive inside the <providers> element.
d. Locate the <roleManager> element, and then locate the <providers> element.
e. Remove the <clear/> directive inside the <providers> element.
f. Cick file, and then click Save.
g. Close Notepad.
h. Close Administrator: Command Prompt.
- Create a Web Application that uses both Windows and forms-based authentication
a. Open Sharepoint 2010 Central Administration. The User Account Control dialog box appears.
b. Click Yes.
c. In the Application Management section, click Manage Web Applications.
d. On the ribbon, click New.
e. In the Authentication section, click Claims Based Authentication.
f. In the Port box, type 80
g. In the Host Header box, type clients.contoso.com
h. In the Claims Authentication Types section, select the Enable Windows Authentication and Integrated Windows Authentication check boxes, and then select NTLM from the drop-down list.
i. Select Enable Forms Based Authentication (FBA)
j. In the ASP.NET Membership provider name box, type AspNetSqlMembershipProvider.
k. In the ASP.Net Role Manager name box, type AspNetSqlRoleProvider.
l. In the Application pool section, click Use existing application pool, and then select Sharepoint - 80 (Contoso\SP_Serviceapps) from the drop-down list.
m. For the database name, type WSS_Content_Clientsn. Click OK.
Central Administration provisions the new Web Application
o. On the Application Created page, click the Create Site Collection link.
p. In the Title box, type CONTOSO Client Portal.
q. In the Template Selection section, click the Publishing tab, and then click Publishing Portal.
r. In the Primary Site Collection Administrator section, type SiteAdministrator.
s. Click OK. The Top-Level Site Successfully Created dialog box appears.
t. Click OK.
- Add a DNS Host record for the new Web Application
a. Click Start, then click to Administrative Tools,, then hold SHIFT and right-click DNS, and then select Run as different user. The Windows Security dialog box appears.
b. In the User name box, type CONTOSO\Administrator.
c. In the Password box, type [its password].d. Expand CONTOSO-DC, then expand Forward Lookup Zones, and then click contoso.come. Right-click Contoso.com, and then click New Host (A or AAAA).
The New Host dialog box appears.
f. In the Name box, type clients.
g. In the IP Address box, type 10.0.0.21.
h. Click Add Host.i. Click OK.
j. Click Done.
k. Close DNS Manager.
- Test claims-based authentication
a. Open Interner Explorer.
b. In the address bar, type http://clients.contoso.com, and then press ENTER.
c. On the Sign in page, select Forms Authentication, from the drop-down lsit.
d. In the User name box, type SiteAdministrator.
e. In the Password box, type its password.
f. Click Sign in.
g. Verify that you are authenticated as SiteAdministrator.
h. Click Sign In as Different User.
i. On the Sign in page, select Windows Authentication from the drop-down list.
The Windows Security dialog box appears.
j. In the User name box, type CONTOSO\SP_Admin.
k. In the Password box, type its password.
l. Click OK.
m. Verify that you are authenticated as Sharepoint Administrator.
n. Close all windows.
B. CONFIGURING SECURE STORE
B. 1. Creating User Accounts for Access to External Data
B. 1. 1. Create Active Directory accounts- On SP2010-WFE1, click Start, then click Administrative Tools, then hold the SHIFT key and right click Active Directory Users and Computers, and then select Run as different user.
The Windows Security dialog box appears. - In the User name box, type CONTOSO\Administrator.
- In the Password box, type its password.
- Click OK.
- Expand contoso.com, and then click Users.
- Right-click Users, then point to New, and then click User.
- In the Full name box, type Excel Unattended Service Account.
- In the User logon name box, type SP_Excel_USA.
- Click Next.
- In the Password and Confirm password boxes, type the admin password.
- Clear the User must change password at next logon check box.
- Select the Password never expires check box.
- Click Next.
- Click Finish.
- Repeat steps 6-14 to create the other accounts.
- Close Active Directory Users and Computers.
B. 2. Configuring Secure Store Services
B. 2. 1. Initialize an instance of a Secure store Service application
- Open Sharepoint 2010 Central Administration. At the User Account Control dialog box, click Yes.
- In the Quick Launch, click Application Management.
- In the Service Applications section, click Manage service applications.
- Click the Secure Store Service link on the Secure Store Service Application row.
- On the ribbon, click Generate New key.
- In the Pass Phrase and Confirm Pass Phrase boxes, type 10174_SSS_2010.
- Click OK.
- On the ribbon, click New.
- In the Target Application ID box, type ExcelUnattendedSA.
- In the Display Name box, type Excel Unattended Service Account.
- In the Contact Email box, type sharepoint@contoso.com.
- In the target application type list, select Group.
- In the Target Application Page URL section, click None.
- Click Next.
- On the Add Field page, click Next.
- In the Target Application administrators box, type CONTOSO\SP_Admin.
- In the Members list, type Domain Users.
- Click OK.
- Select the ExcelUnattendedSA check box.
- In the Credentials group of the ribbon, click Set.
- In the Windows User Name box, type CONTOSO\SP_Excel_USA.
- In the Windows Password & Confirm Windows Password boxes, type its password.
- Click OK.
- On the ribbon, click New.
- In the Target Application ID box, type VisioUnattendedSA.
- In the Display Name box, type Visio Unattended Service Account.
- In the Contact Email box, type sharepoint@contoso.com.
- In the Target Application Type list, select Group.
- In the Target Application page Url section, click None.
- Click Next.
- On the Add Field page, click Next.
- In the Target Application Administrators box, type CONTOSO\SP_Admin.
- In the Members list, type Domain Users.
- Click OK.
- Select the VisioUnattendedSA application check box
- In the Credentials group on the ribbon, click Set.
- In the Windows User Name box, type CONTOSO\SP_Visio_USA.
- In the Windows Password & Confirm Windows Password boxes, type its admin password.
- Click OK.
B. 3. 1. Configure Excel Services Secure Store Account
- Click Application Management.
- In the Service Applications section, click Manage service applications.
- Click Excel Services Application on the line of Excel Services Application Web Service Application.
- Click Global Settings.
- In the External Data section, in the Application ID box, type ExcelUnattendedSA, and then click OK.
Excel Services can now use the credentials in Secure Store to render spreadsheets and connect to external data connections.
- Click Application Management.
- In the Service Applications section, click Manage service applications.
- Click PerformancePoint Service Application.
- Click PerformancePoint Service Application Settings.
- In the Secure Store and Unattended Service Account section, in the User Name box, type CONTOSO\SP_PerfPoint_USA.
- In the passoword box, type its password.
- Click OK.
PerformancePoint will create its own Secure Store account based on the information you entered.
B. 3. 3. Configure Visio Graphics Secure Store account
- Click Application Management.
- In the Service Applications section, click Manage service applications.
- Click Visio Graphics Service.
- Click Global Settings.
- On the External Data section, in the Application ID box, type VisioUnattendedSA, and then click OK.
Visio can now execute diagrams and data connection refreshes using the unattended account.