WLAN 云解决方案提供商WiFi CSP

警告

某些信息与预发行产品相关,这些产品在商业发行之前可能会进行重大修改。Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft 不对此处提供的信息作任何明示或默示的担保。Microsoft makes no warranties, expressed or implied, concerning the information provided here.

WiFi 配置服务提供商提供在 Windows 设备上添加或删除Wi-Fi网络的功能。The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device. 配置服务提供商接受 SyncML 输入,并将其转换为安装在设备上的网络配置文件。The configuration service provider accepts SyncML input and converts it to a network profile that is installed on the device. 此配置文件使设备能够在设备Wi-Fi网络。This profile enables the device to connect to the Wi-Fi network when it is in range.

编程注意事项:Programming considerations:

  • 如果身份验证方法需要证书,例如,EAP-TLS 需要客户端证书,则必须通过 CertificateStore 配置服务提供程序对其进行配置。If the authentication method needs a certificate, for example, EAP-TLS requires client certificates, you must configure it through the CertificateStore configuration service provider. WiFi 配置服务提供商不提供该功能;相反,Wi-Fi配置文件可以指定要用于为该网络选择正确的证书的证书的特征。The WiFi configuration service provider does not provide that functionality; instead, the Wi-Fi profile can specify characteristics of the certificate to be used for choosing the right certificate for that network. 服务器必须先成功注册证书,然后才能部署Wi-Fi配置。The server must successfully enroll the certificate first before deploying the Wi-Fi network configuration. 例如,对于 EAP-TLS 配置文件,服务器必须先成功配置和注册所需的客户端证书,然后再部署Wi-Fi证书。For example, for an EAP-TLS profile, the server must successfully configure and enroll the required client certificate before deploying the Wi-Fi profile. 自签名证书适用于 EAP-TLS/PEAP-MSCHAPv2,但在 EAP-TLS 中不受支持。Self-signed certificate works for EAP-TLS/PEAP-MSCHAPv2, but it is not supported in EAP-TLS.
  • 由于 Windows 10 移动版仿真器不支持 WLAN,因此无法使用仿真器Wi-Fi配置。Because the Windows 10 Mobile emulator does not support Wi-Fi, you cannot test the Wi-Fi configuration with an emulator. 你仍可以使用 WiFi CSP Wi-Fi网络,然后在 Wi-Fi 设置页中检查它,但无法在仿真器中测试网络连接。You can still provision a Wi-Fi network using the WiFi CSP, then check it in the Wi-Fi settings page, but you cannot test the network connectivity in the emulator.
  • 对于基于 WEP、WPA 和 WPA2 的网络,以纯文本格式在网络配置中包括 passkey。For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. 密码在设备上存储时自动加密。The passkey is encrypted automatically when it is stored on the device.
  • LocURI 节点Wi-Fi网络部分的 SSID 必须是基于 RFC 2396 的有效 URI。The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. 这要求必须使用 %字符转义所有非 ASCII 字符。This requires that all non-ASCII characters must be escaped using a %-character. 不支持无需转义的 Unicode 字符。Unicode characters without the necessary escaping are not supported.
  • <name> name_goes_here </name><SSIDConfig> 必须与 <SSID><name> name_goes_here 匹配 </name></SSID> 。The <name>name_goes_here</name><SSIDConfig> must match <SSID><name> name_goes_here</name></SSID>.
  • 对于 WiFi CSP,除非节点已存在,否则无法使用"替换"命令。For the WiFi CSP, you cannot use the Replace command unless the node already exists.
  • 仅在 Windows 10 移动版中支持使用代理。Using Proxyis only supported in Windows 10 Mobile. 在 Windows 10 桌面版(家庭版、专业版、企业 (版和教育版)) 将导致失败。Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure.

下图以树格式显示 WiFi 配置服务提供程序。The following image shows the WiFi configuration service provider in tree format.

WLAN 云解决方案提供商图

以下列表显示了特征和参数。The following list shows the characteristics and parameters.

设备或用户配置文件 对于用户配置文件,请使用 ./User/Vendor/MSFT/Wifi 路径,对于设备配置文件,请使用 ./Device/Vendor/MSFT/Wifi 路径。Device or User profile For user profile, use ./User/Vendor/MSFT/Wifi path and for device profile, use ./Device/Vendor/MSFT/Wifi path.

配置文件 标识Wi-Fi配置。Profile Identifies the Wi-Fi network configuration. 每个Wi-Fi网络配置都由一个配置文件对象表示。Each Wi-Fi network configuration is represented by a profile object. 此网络配置文件包括设备连接到该网络所需的全部信息,例如,SSID、身份验证和加密方法以及密码(对于 WEP 或 WPA2 网络)。This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase in case of WEP or WPA2 networks.

支持的操作为 Get。Supported operation is Get.

<SSID> 指定要创建、Wi-Fi、 (或删除) 32 个字节的网络的名称。<SSID> Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. 名称区分大小写,可以使用 ASCII 表示。The name is case sensitive and can be represented in ASCII. 添加 WlanXML 节点时将添加 SSID。The SSID is added when the WlanXML node is added. 删除 SSID 节点时,还将删除所有子节点。When the SSID node is deleted, then all the subnodes are also deleted.

SSID 是你要连接到的网络的名称,而配置文件名称是包含 WiFi 设置信息的配置文件的名称。SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. 如果未在 MDM SyncML 中正确设置配置文件名称,则根据 WiFi 设置 XML 中的信息,它可能会导致一些意外错误。If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. 例如 <LocURI> ,./Vendor/MSFT/WiFi/Profile/<必须是 PROFILE 的名称作为 PER WIFI XML>/WlanXml </LocURI> 。For example, <LocURI>./Vendor/MSFT/WiFi/Profile/<MUST BE NAME OF PROFILE AS PER WIFI XML>/WlanXml</LocURI>.

支持的操作包括添加、获取、删除和替换。The supported operations are Add, Get, Delete, and Replace.

WlanXML 描述网络配置并遵循 MSDN 上的 WLAN_profile 架构 的 XML。WlanXML The XML that describes the network configuration and follows the WLAN_profile Schema on MSDN.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

值类型为 chr。Value type is chr.

必须转义配置文件 XML,如以下示例所示。The profile XML must be escaped, as shown in the examples below.

如果它存在于 blob 中 ,keyType和**** 受保护的元素必须位于keyMaterial之前,如WPA2-Personal Profile Sample 中的示例所示If it exists in the blob, the keyType and protected elements must come before keyMaterial, as shown in the example in WPA2-Personal Profile Sample.

注意 如果需要指定其他高级条件(如指定 Wi-Fi 配置文件可以使用的证书的条件),可以通过 WlanXML 的 EapHostConfig 部分指定该条件。Note If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. 有关详细信息,请参阅 EAP 配置For more information, see EAP configuration.

支持的操作包括添加、获取、删除和替换。The supported operations are Add, Get, Delete, and Replace.

代理 可选。Proxy Optional. 指定网络代理的配置。Specifies the configuration of the network proxy. 可以针对 Windows 10 移动版按连接指定代理服务器主机和端口。A proxy server host and port can be specified per connection for Windows 10 Mobile. 此代理配置仅在 Windows 10 移动版中受支持。This proxy configuration is only supported in Windows 10 Mobile. 在 Windows 10 桌面版中使用该配置将导致失败。Using this configuration in Windows 10 for desktop editions will result in failure.

格式为 host:port,其中 host 可以是下列类型之一:The format is host:port, where host can be one of the following:

  • 注册的主机名,如服务器名称、FQDN 或单标签名称,如 myweb,而不是 myweb.contoso.com。A registered host name, such as server name, FQDN, or Single Label Name, such as myweb instead of myweb.contoso.com.
  • IPV4 地址IPV4 address
  • IPv6/IPvFuture 地址。IPv6/IPvFuture address.

如果是 IPvFuture 地址,则必须将 IP 文本指定为"[" (IP v6 地址 / IPvFuture ) "]",例如"[2441:4880:28:3:204:76ff:f43f:6eb]:8080"。If it is an IPvFuture address, then it must be specified as an IP literal as "[" (IP v6 address / IPvFuture ) "]", such as "[2441:4880:28:3:204:76ff:f43f:6eb]:8080".

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

DisableInternetConnectivityChecksDisableInternetConnectivityChecks

备注

此节点自 Windows 10 版本 1607 起已被弃用。This node has been deprecated since Windows 10, version 1607.

在 Windows 10 版本 1511 中添加。Added in Windows 10, version 1511. 可选。Optional. 禁用配置文件的 Internet 连接检查。Disable the internet connectivity check for the profile.

值类型为 chr。Value type is chr.

  • True - 禁用 Internet 连接检查。True - internet connectivity check is disabled.
  • False - 启用 Internet 连接检查。False - internet connectivity check is enabled.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

ProxyPacUrl 在 Windows 10 版本 1607 中添加。ProxyPacUrl Added in Windows 10, version 1607. 可选。Optional. 指定指向 PAC 文件位置的代理自动配置 (URL) 的值。Specifies the value of the URL to the Proxy auto-config (PAC) file location. 此代理配置仅在 Windows 10 移动版中受支持。This proxy configuration is only supported in Windows 10 Mobile.

值类型为 chr,例如 http://www.contoso.com/wpad.datValue type is chr, e.g. http://www.contoso.com/wpad.dat.

ProxyWPAD 在 Windows 10 版本 1607 中添加。ProxyWPAD Added in Windows 10, version 1607. 可选。Optional. 设置为 true 时,它将启用 Web 代理自动发现协议 (WPAD) 代理查找。此代理配置仅在 Windows 10 移动版中受支持。When set to true it enables Web Proxy Auto-Discovery Protocol (WPAD) for proxy lookup.This proxy configuration is only supported in Windows 10 Mobile.

值类型为 bool。Value type is bool.

WiFiCost 在 Windows 10 版本 1809 中添加。WiFiCost Added in Windows 10, version 1809. 可选。Optional. 此策略设置配置文件的 WLAN 连接Wi-Fi成本。This policy sets the cost of WLAN connection for the Wi-Fi profile. 默认行为:无限制。Default behavior: Unrestricted.

支持的值:Supported values:

  • 1 - 无限制 - 无限制连接1 - Unrestricted - unlimited connection
  • 2 - 固定 - 容量约束,最高为特定数据限制2 - Fixed - capacity constraints up to a certain data limit
  • 3 - 变量 - 按字节基本付费3 - Variable - paid on per byte basic

支持的操作包括添加、获取、替换和删除。Supported operations are Add, Get, Replace and Delete. 值类型为整数。Value type is integer.

示例Examples

这些 XML 示例显示了如何使用 OMA DM 执行各种任务。These XML examples show how to perform various tasks using OMA DM.

添加网络Add a network

以下示例演示如何使用 SSID PEAP-MSCHAPv2 MyNetwork、代理 URL"testproxy"和端口 80 添加网络。The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork,' a proxy URL 'testproxy,' and port 80.

<SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Atomic>
      <CmdID>301</CmdID>
      <Add>
        <CmdID>302</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml</LocURI>
          </Target>
          <Meta>
            <Format xmlns="syncml:metinf">chr</Format>
          </Meta>
          <Data><?xml version="1.0"?><WLANProfile xmlns="http://contoso.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><hex>412D4D534654574C414E</hex><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://contoso.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://contoso.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://contoso.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://contoso.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://contoso.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://contoso.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://contoso.com/provisioning/EapHostConfig"><Eap xmlns="http://contoso.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://contoso.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://contoso.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation><AcceptServerName xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile> </Data>
        </Item>
      </Add>
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/WiFi/Profile/MyNetwork/Proxy</LocURI>
          </Target>
          <Meta>
            <Format xmlns="syncml:metinf">chr</Format>
          </Meta>
          <Data>testproxy:80</Data>
        </Item>
      </Add>
    </Atomic>
    <Final/>
  </SyncBody>
</SyncML>

查询网络配置文件Query network profiles

以下示例演示如何查询安装在 MDM Wi-Fi配置文件。The following example shows how to query Wi-Fi profiles installed on an MDM server.

<Get>
   <CmdID>301</CmdID>
   <Item>
      <Target>
         <LocURI>./Vendor/MSFT/WiFi/Profile</LocURI>
      </Target>
   </Item>
</Get>

以下示例显示响应。The following example shows the response.

<Results>
   <CmdID>3</CmdID>
   <MsgRef>1</MsgRef>
   <CmdRef>301</CmdRef>
   <Item>
      <Source><LocURI>./Vendor/MSFT/WiFi/Profile</LocURI></Source>
      <Meta><Format xmlns="syncml:metinf">node</Format></Meta>
      <Data>TestWLAN1/TestWLAN2</Data>
   </Item>
</Results>

删除网络Remove a network

以下示例演示如何删除具有 SSID"MyNetwork"且没有代理的网络。The following example shows how to remove a network with SSID ‘MyNetwork’ and no proxy. 以相同的方式删除所有网络身份验证类型。Removing all network authentication types is done in this same manner.

<Atomic>
  <CmdID>300</CmdID>
  <Delete>
    <CmdID>301</CmdID>
    <Item>
      <Target>
        <LocURI>./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml</LocURI>
      </Target>
    </Item>
  </Delete>
</Atomic>

为服务器证书添加网络和证书颁发机构Add a network and certification authority for a server certificate

以下示例演示如何使用 SSID PEAP-MSCHAPv2 MyNetwork"和根 CA 验证为服务器证书添加网络。The following example shows how to add PEAP-MSCHAPv2 network with SSID ‘MyNetwork’ and root CA validation for server certificate.

<Atomic>
  <CmdID>300</CmdID>
  <Add>
    <CmdID>301</CmdID>
    <Item>
      <Target>
        <LocURI>./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml</LocURI>
      </Target>
      <Meta>
        <Format xmlns="syncml:metinf">chr</Format>
      </Meta>
      <Data><?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA> InsertCertThumbPrintHere </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile> </Data>
    </Item>
  </Add>
</Atomic>

配置服务提供程序参考Configuration service provider reference