46. SPC Session Name Day Time Type Locatio
Code n
SPC3997 TITUS: Using Claims for Weds 5:00p Partner
Authentication in SharePoint 2010 10/5
SPC411 Security Design with Claims Based Thurs 12:00 Microsoft
Authentication 10/6 p
Hinweis der Redaktion
Demo checklistDeactivate Content OrganizerRemove spcuser, anna.stevensonVisual Studio OpenC:\\inetpub\\wwwroot\\wss\\VirtualDirectories\\8202\\web.configC:\\inetpub\\wwwroot\\wss\\VirtualDirectories\\45610\\web.configC:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\WebServices\\SecurityToken\\web.configC:\\inetpub\\wwwroot\\wss\\VirtualDirectories\\8201\\web.configWindows Explorer OpenC:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727Internet Explorer Openhttp://sp2010:8100/default.aspxhttp://sp2010:8202https://www.nothingbutsharepoint.com/Pages/default.aspxSQL Server OpenRun as administrator accountDelete aspnetdbVerifyVerify 8202 loginVerify 8201 loginVerify CA can find usersInternet ConnectivityBrowsers at 150%
Open talk with how why e-mailing is not the best choice for distributing documents with partners
Open talk with how why e-mailing is not the best choice for distributing documents with partners
Intro slide which will set up the rest of the talk. These questions will get answered with this session.
New slide introducing scenariosOld text from issues slideVersioningE-mail copiesRetention / ExpirationLegalLoss of productivity
New slide introducing scenariosOld text from issues slideVersioningE-mail copiesRetention / ExpirationLegalLoss of productivity
Explain the SharePoint extranet scenario
Explain useful SharePoint Features in an extranet<Insert SharePoint document library picture or perhaps search>
<Should we show this
Explain different farm configurations for SharePoint extranetsSame farm / same web applicationSame farm / different web applicationDifferent farm
Explain different common Extranet Network topologies <separate slides for each below with diagram>Edge FirewallBack-to-back perimeterSplit back-to-back<SharePoint Extranet Diagram>The goal is to describe network topologies but not focus on them, but focus on SharePoint instead.Content from OIT2010_Model_ExtranetTopologies.xps
Functions as a reverse proxy serverDiagram with advantages / disadvantagesAdvantagesThis is the simplest solution that requires the least amount of hardware and configuration.The entire server farm is located within the corporate network.There is a single point of data: Data is located within the trusted network. Data maintenance occurs in one place. A single farm is used for both internal and external requests; this ensures that all authorized users view the same content. Internal user requests are not passed through a proxy server.UAG pre-authenticates users.DisadvantagesThis configuration results in a single firewall that separates the corporate internal network from the Internet.
Isolates server farm in a separate perimeter network (including SQL / AD)Description, advantages, and disadvantages with Network DiagramAdvantagesContent is isolated to a single farm on the extranet, simplifying sharing and maintenance of content across the intranet and the extranet.External user access is isolated to the perimeter network.If the extranet is compromised, damage is potentially limited to the affected layer or to the perimeter network.DisadvantagesThe back-to-back perimeter topology requires additional network infrastructure and configuration.
Web Servers, AD, and DNS inside the perimeter networkApplication Servers can be in perimeter or corporate networkSQL Server inside corporate networkAdvantagesComputers running SQL Server are not hosted inside the perimeter network.Farm components within both the corporate network and the perimeter network can share the same databases.Content can be isolated to a single farm inside the corporate network, which simplifies sharing and maintaining content across the corporate network and the perimeter network.DisadvantagesThe complexity of the solution is greatly increased.Intruders who compromise perimeter network resources might gain access to farm content stored in the corporate network by using the server farm accounts.Inter-farm communication is split across two domains.
Intro slide which will set up the rest of the talk. These questions will get answered with this session.
Overview of common types of authentication then detailed slides of each
Describe Active Directory Negotiate (Windows Authentication)Advantages and disadvantagesApplication Firewall recommendation
Explain how to set up ASP.NET Membership provider <multiple slides may be required>Aspnet_regsql.exeWeb.config settingsClaims Based Authentication / Membership provider in Web ApplicationManaging Users – Open Source Tools (http://sharepoint2010fba.codeplex.com/)http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx
Explain how to set up ASP.NET Membership provider <multiple slides may be required>Aspnet_regsql.exeWeb.config settingsClaims Based Authentication / Membership provider in Web ApplicationManaging Users – Open Source Tools (http://sharepoint2010fba.codeplex.com/)http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx
Demonstrate from start to finish all web.config modifications [5 – 7 minutes]Demonstrate logging in with FBA accountCreate a New Web ApplicationEnable FBASQL-MembershipProviderSQL-RoleManagerShow Existing FBA Application – Authentication ProviderC:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\aspnet_regsql.exeGrant SQL PermissionsWeb.config (8202)Web.config (CA)Web.config (STS)Membership Seeder - C:\\Downloads\\MembershipSeeder\\Bin\\Debug\\MembershipSeeder.exeWeb Applications -> User Policy -> DefaultSearch for user, grant accessDemo loginDemo FBA pack -> FBA User ManagementConsider demonstrating tools to manage FBA users
Configuration Settings for configuring Authentication using FBA with the ActiveDirectoryMembership Provider <multiple slides>Web.config settings <connectionStrings>, <membership>, <httpModules><connectionStrings> <add name=“ActiveDirectoryConnectionString" connectionString="LDAP://domain.local/DC=domain,DC=local" /> </connectionStrings><membership defaultProvider=“ActiveDirectoryMembership"> <providers> <add name="ActiveDirectoryMembership" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName=“ActiveDirectoryConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName" /> </providers> </membership>STS Application Web.configSet up claims authenticationMembership Provider namehttp://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspx
Demonstrate logging in with Active Directory using FBAShow Web Application SettingsShow difference between logging in with Windows Authentication and FBAWeb.configC:\\inetpub\\wwwroot\\wss\\VirtualDirectories\\8201\\web.configCentral AdminWeb Application -> Select -> User Policy -> search for chris.white (must be exact)Log in with chris.white
Overview of steps involved in setting up the trusted identity providerRegistered the siteInstalling the certificateConfiguring the Provider in PowerShellhttp://technet.microsoft.com/en-us/library/ff973117.aspxhttp://blog.fpweb.net/claims-authentication-windows-live-id-for-sharepoint-2010/
Overview of steps involved in setting up the trusted identity providerRegistered the siteInstalling the certificateConfiguring the Provider in PowerShellhttp://technet.microsoft.com/en-us/library/ff973117.aspxhttp://blog.fpweb.net/claims-authentication-windows-live-id-for-sharepoint-2010/
Overview of steps involved in setting up the trusted identity providerRegistered the siteInstalling the certificateConfiguring the Provider in PowerShellhttp://technet.microsoft.com/en-us/library/ff973117.aspxhttp://blog.fpweb.net/claims-authentication-windows-live-id-for-sharepoint-2010/
<Scrapped configuration demo for time purposes>Demonstrate logging in with Windows Live at NothingButSharePoint.com
Intro slide which will set up the rest of the talk. These questions will get answered with this session.
Managing content on the extranet is a concernTalk about considerations such as how to deploy content, document duplicationDiscuss techniques for deploying content to the extranet site, publishing, send to connections, custom workflows.
http://sp2010:8202/Fabrikam/Confirm Content Organizer is on Central AdminGeneral Application Settings -> Send to ConnectionsCreate new connectionhttp://sp2010:8202/Fabrikam/_vti_bin/officialfile.asmxGo to target web application (user / wxx2007;)Content Organizer -> New Rule -> Content Type: DocumentGo to test document library - http://sp2010/procurement/SitePages/Home.aspxUse Send to connectionShow Document