在 SharePoint Server 中設定宣告式 web 應用程式的摘要式驗證Configure digest authentication for a claims-based web application in SharePoint Server

摘要:了解如何設定為使用宣告式驗證在 SharePoint Server 2016 和 SharePoint Server 2013 中的 web 應用程式的摘要式驗證。Summary: Learn how to configure digest authentication for a web application that uses claims-based authentication in SharePoint Server 2016 and SharePoint Server 2013.

您可以設定一或多個區域的摘要驗證在 SharePoint Server 宣告式 web 應用程式中。Web 應用程式是 SharePoint 伺服器會建立並使用網際網路資訊服務 (IIS) 網站。區域代表不同邏輯路徑取得至相同的 web 應用程式的存取。在每個 web 應用程式,您可以建立多達五個區域。在 IIS 中的不同網站代表每個區域。使用區域以強制執行不同的存取與原則條件為大型使用者群組。若要設定一或多個區域的摘要驗證在 SharePoint Server web 應用程式中,使用 IIS 管理員主控台中,而不是 SharePoint Server 管理中心。You can configure digest authentication for one or more zones in a SharePoint Server claims-based web application. A web application is an Internet Information Services (IIS) web site that SharePoint Server creates and uses. Zones represent different logical paths for gaining access to the same web application. Within each web application, you can create up to five zones. A different web site in IIS represents each zone. Use zones to enforce different access and policy conditions for large groups of users. To configure digest authentication for one or more zones in a SharePoint Server web application, use IIS Manager console, instead of SharePoint Server Central Administration.

與基本驗證不同摘要式驗證要加密以增加安全性的使用者認證。在其中的原始使用者名稱和密碼無法判斷 MD5 訊息摘要傳送使用者認證。摘要式驗證使用需要呈現有效認證的挑戰至來自伺服器的回應驗證要求者的挑戰/回應通訊協定。若要驗證 rms 伺服器,用戶端有提供包含共用的密碼字串回應 MD5 訊息摘要。RFC 1321 說明 MD5 訊息摘要演算法。RFC 1321 存取,請參閱網際網路工程工作強制(https://go.microsoft.com/fwlink/p/?LinkId=159913)。Unlike basic authentication, digest authentication encrypts user credentials to increase security. User credentials are sent as an MD5 message digest in which the original user name and password cannot be determined. Digest authentication uses a challenge/response protocol that requires the authentication requestor to present valid credentials in response to a challenge from the server. To authenticate against the server, the client has to supply an MD5 message digest in a response that contains a shared secret password string. The MD5 Message-Digest Algorithm is described in RFC 1321. For access to RFC 1321, see The Internet Engineering Task Force (https://go.microsoft.com/fwlink/p/?LinkId=159913).

開始之前Before you begin

執行此程序之前,請先確認下列事項:Before you perform this procedure, confirm the following:

  • 您的系統執行 SharePoint Server。Your system is running SharePoint Server.

  • 使用者及 IIS 伺服器必須是相同網域的成員,或受相同網域所信任。The user and IIS server must be members of, or trusted by, the same domain.

  • 使用者必須具備儲存在網域控制站上的 Active Directory 網域服務 (AD DS) 中之有效 Windows 使用者帳戶。Users must have a valid Windows user account stored in Active Directory Domain Services (AD DS) on the domain controller.

  • 網域必須使用 Windows Server 2008 或 Windows Server 2008 R2 的網域控制站。The domain must use a Windows Server 2008 or Windows Server 2008 R2 domain controller.

    注意

    SharePoint Server 2016、 網域必須使用 Windows Server 2012 R2 或 Windows Server 2016 的網域控制站For SharePoint Server 2016, the domain must use a Windows Server 2012 R2 or Windows Server 2016 domain controller

  • 您了解網頁流量的摘要式驗證。You understand digest authentication for web traffic.

    如需詳細資訊,請參閱 <何謂摘要式驗證吗?(https://go.microsoft.com/fwlink/p/?LinkId=209085).For more information, see What is Digest Authentication? (https://go.microsoft.com/fwlink/p/?LinkId=209085).

設定 IIS 以啟用摘要驗證Configure IIS to enable digest authentication

使用 IIS 管理員主控台設定 IIS 以啟用的一或多個下列區域的宣告式 web 應用程式的摘要式驗證:Use IIS Manager console to configure IIS to enable digest authentication for one or more of the following zones for a claims-based web application:

  • 預設Default

  • 內部網路Intranet

  • 外部網路Extranet

「 預設 」 區域是剛建立時建立的 web 應用程式的區域。擴充 web 應用程式所建立其他區域。如需詳細資訊,請參閱 <在 SharePoint 中的擴充宣告式 web 應用程式The Default zone is the zone that is first created when a web application is created. The other zones are created by extending a web application. For more information, see Extend claims-based web applications in SharePoint.

設定 IIS 以啟用摘要式驗證To configure IIS to enable digest authentication

  1. 確認您要設定 IIS 的伺服器上的管理員群組的成員。Verify that you are a member of the Administrators group on the server on which you are configuring IIS.

  2. 按一下 [開始]、 指向 [系統管理工具] 和 [網際網路資訊服務 (IIS) 管理員] 啟動 IIS 管理員主控台。Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager to start IIS Manager console.

  3. 在主控台樹狀目錄中展開 [站台,然後按一下 [您要設定摘要式驗證的 web 應用程式區域對應的 IIS 網站。Expand Sites in the console tree, and then click the IIS web site that corresponds to the web application zone on which you want to configure digest authentication.

  4. 在 [功能檢視] 中的 [ IIS中,按兩下 [驗證]。In Features View, in IIS, double-click Authentication.

  5. 功能檢視] 中,驗證] 中以滑鼠右鍵按一下 [摘要式驗證] 和 [啟用In Features View, in Authentication, right-click Digest Authentication, and then click Enable.

  6. 以滑鼠右鍵按一下 [摘要式驗證] 和 [編輯Right-click Digest Authentication, and then click Edit.

  7. 在 [編輯摘要式驗證設定] 對話方塊的 [領域] 文字方塊中輸入適當的領域,,然後按一下 [確定]In the Edit Digest Authentication Settings dialog box, in the Realm text box, type the appropriate realm, and then click OK.

    領域是一個 DNS 網域名稱或 IP 位址,其將使用經內部 Windows 網域驗證的認證。您必須設定進行摘要式驗證的領域名稱。The realm is a DNS domain name or an IP address that will use the credentials that have been authenticated against your internal Windows domain. You must configure a realm name for digest authentication.

網站現在已設定為使用摘要式驗證。The web site is now configured to use digest authentication.

另請參閱See also

概念Concepts

設定宣告式 Web 應用程式的基本驗證Configure Basic authentication for a claims-based Web application

其他資源Other Resources

在 SharePoint Server 中規劃使用者驗證方法Plan for user authentication methods in SharePoint Server

在 SharePoint 中擴充宣告式 Web 應用程式Extend claims-based web applications in SharePoint