人員選擇與宣告提供者概觀People Picker and claims providers overview

摘要: 取得人員選擇的概觀,以及有關如何在 SharePoint Server 2013 規劃人員選擇之主題的連結。Summary: Get an overview of People Picker and links to topics about how to plan for People Picker in SharePoint Server 2013.

「人員選擇」是一種 Web 控制項,可用以在 SharePoint Server 2013 中尋找及選取使用者、群組和宣告,以將權限授與不同項目 (如清單、文件庫或網站)。若為使用宣告型驗證的 Web 應用程式,「人員選擇」控制項會使用宣告提供者以列出、解決、搜尋以及決定使用者、群組及宣告「易記的」顯示。SharePoint Server 2013 中的宣告提供者會發出宣告,然後 SharePoint Server 2013 會將宣告封裝至使用者的安全性 Token。雖然網站、清單及文件庫擁有者會使用「人員選擇」,將權限指派給 SharePoint Server 2013 中的網站及內容,但是「人員選擇」的行為極度依賴整個 Web 應用程式的驗證設定方式。重要的是在規劃 SharePoint Server 2013 解決方案的驗證方法時,要規劃「人員選擇」及宣告提供者。People Picker is a web control that is used to find and select users, groups, and claims to grant permission to items such as lists, libraries, or sites in SharePoint Server 2013. For web applications that use claims-based authentication, the People Picker control uses claims providers to list, resolve, search, and determine the "friendly" display of users, groups, and claims. A claims provider in SharePoint Server 2013 issues claims, which SharePoint Server 2013 then packages into security tokens for users. Although People Picker is used by site, list, and library owners to assign permissions to sites and content in SharePoint Server 2013, its behavior is heavily dependent on how authentication is configured for the whole web application. It is important to plan for People Picker and claims providers when you plan authentication methods for your SharePoint Server 2013 solution.

人員選擇架構People Picker architecture

人員選擇控制項是 SharePoint Server 2013 的中央元件。控制項與存放庫連接,您便可以尋找和選取使用者、群組及宣告,在網站中指派權限。這些使用者、群組及宣告的正確來源取決於包含網站集合之 Web 應用程式所使用的驗證方法。如需有關驗證方法的詳細資訊,請參閱本文稍後的 <人員選擇及驗證>。The People Picker control is a central component of SharePoint Server 2013. The control is connected to a repository so that you can find and select users, groups, and claims to assign permissions in a site. The exact sources of those users, groups, and claims depend on the authentication method that is used by the web application that contains the site collection. For more information about authentication methods, see People Picker and authentication later in this article.

可使用 Stsadm setproperty 作業在伺服器陣列區域等級設定人員選擇。藉由設定控制項的設定,您可以篩選和限制使用者搜尋使用者、群組及宣告時所要顯示的結果。這些設定會套用至特定網站集合中的每一網站。如需有關如何設定人員選擇的詳細資訊,請參閱< Configure People Picker in SharePoint Server>。People Picker is configured at the zone level for a farm by using the Stsadm setproperty operation. By configuring the settings for the control, you can filter and restrict the results that are displayed when a user searches for a user, group, or claim. Those settings will apply to every site in a specific site collection. For more information about how to configure People Picker, see Configure People Picker in SharePoint Server.

當 Web 應用程式設定為使用宣告型驗證時,人員選擇會使用宣告提供者在使用者或群組文字方塊中解析並顯示使用者、群組及宣告。SharePoint 顯示的資訊取決於為 Web 應用程式設定之驗證方法所使用的宣告提供者。如需詳細資訊,請參閱<在 SharePoint 2013 中規劃人員選擇的自訂宣告提供者>。When a web application is configured to use claims-based authentication, People Picker uses claims providers to resolve and display users, groups, and claims in the user or group text box. The information that SharePoint displays depends on the claims provider that is used by the authentication method that was configured for the web application. For more information about claims providers, see Plan for custom claims providers for People Picker in SharePoint 2013.

關於人員選擇控制項About the People Picker control

當您在文字方塊輸入使用者名稱、群組名稱或宣告 (例如電子郵件地址) 的前三個字元時,人員選擇會自動搜尋符合所輸入之前三個字元的結果。接著,您可以從下拉式清單 (顯示多達 30 項建議之名稱與標題) 進行選取。如果您將滑鼠指標停在某個建議上,SharePoint Server 2013 會顯示電子郵件地址和宣告提供者。若要解析名稱,請從下拉式清單選取,或使用您的方向鍵加以選取,然後按 ENTER。您亦可在分號後輸入完整名稱。如果找到唯一的名稱,SharePoint 會加以解析,否則,SharePoint Server 2013 會顯示建議或表示找不到該名稱。您可以使用退格鍵或按一下名稱旁的 "x" 刪除已解析的名稱。When you type the first three characters of a user name, group name, or claim (such as an e-mail address) into the text box, People Picker automatically searches for results that match the first three typed characters. You can then select from a drop-down list, which displays up to thirty suggested names with titles. If you rest the mouse pointer on a suggestion, SharePoint Server 2013 displays the email address and claims provider. To resolve a name, select it from the drop-down, or use your arrow keys to select it, and then press ENTER. You can also type the complete name followed by a semicolon. If a unique name is found, SharePoint will resolve it. Otherwise, SharePoint Server 2013 shows suggestions or indicates that the name was not found. You can delete a resolved name in the text box by using the BACKSPACE key or by clicking the "x" next to the name.

當 Web 應用程式設定為使用 Windows 驗證時,您可以使用 Stsadm setproperty 作業限制建議的結果,以變更人員選擇控制項的設定。例如,您可以設定人員選擇僅傳回屬於某個 Active Directory 網域或為特定網站集合成員的使用者、群組及宣告。如需有關如何設定人員選擇控制項的詳細資訊,請參閱< Configure People Picker in SharePoint Server>。When a web application is configured to use Windows authentication, you can limit the suggested results by using the Stsadm setproperty operation to change the settings for the People Picker control. For example, you can configure People Picker to return only users, groups, and claims that belong to a certain Active Directory domain or are members of a specific site collection. For more information about how to configure the People Picker control, see Configure People Picker in SharePoint Server.

人員選擇及驗證People Picker and authentication

人員選擇仰賴 Web 應用程式 (包含用以查詢,決定向使用者顯示結果內容的網站集合) 所使用的驗證方法。如果 Web 應用程式設定為使用宣告型驗證 (建議選項),您可以指定是否使用 Windows 驗證、表單型驗證或安全性聲明標記語言 (SAML) 權杖型驗證。在宣告模式中,人員選擇會搜尋並解析以宣告提供者 (指定用於 Web 應用程式與區域所使用之驗證方法) 為基礎的查詢。如果 Web 應用程式設定為使用傳統模式中的 Windows 驗證,SharePoint Server 2013 會將使用者帳戶視為 Active Directory 網域服務 (AD DS) 帳戶。下列章節說明宣告型與傳統模式驗證的人員選擇行為。如需有關區域及驗證的詳細資訊,請參閱<在 SharePoint Server 中規劃使用者驗證方法>。People Picker relies on the authentication method that is used by the web application that contains the site collection from which it is queried to determine what results to display to a user. If the web application is configured to use claims-based authentication (recommended), you can specify whether to use Windows authentication, forms-based authentication, or Security Assertion Markup Language (SAML) token-based authentication. In claims mode, People Picker searches and resolves queries that are based on the claims provider that is specified for the authentication method that is used by the web application and zone. If the web application is configured to use Windows authentication in classic mode, SharePoint Server 2013 treats user accounts as Active Directory Domain Services (AD DS) accounts. The following sections describe People Picker behavior for both claims-based and classic mode authentication. For more information about zones and authentication, see Plan for user authentication methods in SharePoint Server.

宣告式驗證Claims-based authentication

使用宣告型驗證時,人員選擇會使用針對驗證方法指定的宣告提供者,以擷取 Web 應用程式及區域所使用且符合文字方塊中所輸入之搜尋項目的使用者、群組或宣告的清單。如需有關宣告模式驗證及區域的詳細資訊,請參閱<在 SharePoint Server 中規劃使用者驗證方法>。When claims-based authentication is used, People Picker uses the claims provider that is specified for the authentication method to retrieve a list of users, groups, or claims that is used by the web application and zone that match the search item typed in the text box. For more information about claims mode authentication and zones, see Plan for user authentication methods in SharePoint Server.

您可以寫入自訂宣告提供者以控制顯示的資訊內容,以及回應人員選擇控制項查詢所傳回的結果。在伺服器上註冊自訂宣告提供者時,您亦可加以設定為在特定 Web 應用程式及區域中使用。如需有關自訂宣告提供者的詳細資訊,請參閱<在 SharePoint 2013 中規劃人員選擇的自訂宣告提供者>。You can write a custom claims provider to control what information is displayed and what results are returned in response to a query from the People Picker control. When a custom claims provider is registered on the server, you can also configure it for use in a specific web application and zone. For more information about custom claims providers, see Plan for custom claims providers for People Picker in SharePoint 2013.

注意

無論 Web 應用程式或區域中所設定的宣告提供者為何,在管理中心網站中,人員選擇會傳回伺服器陣列中所有 Web 應用程式使用之所有宣告提供者的使用者、群組和宣告。In the Central Administration website, People Picker will return users, groups, and claims from all claims providers used in all web applications in the farm, regardless of the web application or zone in which the claims providers are configured.

根據預設,無論是否為有效的使用者或群組,當您使用 SAML 權杖型驗證時,所有在文字方塊中輸入的查詢均會自動顯示為解析過的樣子。如果您的 SharePoint Server 2013 解決方案將使用 SAML 權杖型驗證,您應該規劃建立將實作自訂搜尋、名稱解析及清單功能的自訂宣告提供者。如需有關自訂宣告提供者的詳細資訊,請參閱<在 SharePoint 2013 中規劃人員選擇的自訂宣告提供者>。By default, when you use SAML token-based authentication, all queries entered in the text box are automatically displayed as if they were resolved, regardless of whether they are valid users or groups. If your SharePoint Server 2013 solution will use SAML token-based authentication, you should plan to create a custom claims provider that will implement custom search, name resolution, and list features. For more information about custom claims providers, see Plan for custom claims providers for People Picker in SharePoint 2013.

如需有關如何建立使用宣告模式驗證之 Web 應用程式的資訊,請參閱<在 SharePoint Server 中建立宣告式 web 應用程式>。如需有關如何為 Web 應用程式設定宣告型驗證的資訊,請參閱<Configure claims authentication>。For information about how to create a web application that uses claims-mode authentication, see Create claims-based web applications in SharePoint Server. For information about how to configure claims-based authentication for web applications, see Configure claims authentication.

傳統模式驗證Classic mode authentication

若使用傳統模式驗證 (亦稱為 Windows 傳統驗證),人員選擇控制項會查詢 Active Directory 以擷取符合文字方塊中所輸入之搜尋項目的使用者、群組或宣告清單。您可以使用輕量型目錄存取通訊協定 (LDAP) 查詢設定人員選擇查詢 AD DS,LDAP 查詢可讓您套用自訂 Active Directory 篩選,限制搜尋查詢的範圍,以及在樹系和網域中進行搜尋。When classic mode authentication (also known as Windows classic authentication) is used, the People Picker control queries Active Directory to retrieve a list of users, groups, or claims that match the search item typed in the text box. You can configure People Picker to query AD DS by using Lightweight Directory Access Protocol (LDAP) queries, which enables you to apply custom Active Directory filters, limit the scope of search queries, and search across forests and domains.

如需有關傳統模式驗證的詳細資訊,請參閱<在 SharePoint Server 中規劃使用者驗證方法>。如需有關如何建立使用傳統模式驗證之 Web 應用程式的資訊,請參閱<建立 SharePoint Server 中使用傳統模式驗證的 web 應用程式>。For more information about classic mode authentication, see Plan for user authentication methods in SharePoint Server. For information about how to create a web application that uses classic mode authentication, see Create web applications that use classic mode authentication in SharePoint Server.

人員選擇及自訂宣告提供者的相關文章TechNet articles about People Picker and custom claims providers

您可以在線上檢視下列有關人員選擇及自訂宣告提供者的文章。作者會在有新資訊及使用者提供意見反應時,持續更新文章。The following articles about People Picker and custom claims providers are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

** 檢查清單圖示 (未勾選) ** 內容Content 描述Description
規劃 SharePoint 2013 的人員選擇Plan for People Picker in SharePoint 2013
說明人員選擇控制項及其運作方式、其與驗證及宣告提供者的關係,並包括人員選擇的規劃考量。Describes the People Picker control and how it works, its relationship to authentication and claims providers, and includes planning considerations for People Picker.
在 SharePoint 2013 中規劃人員選擇的自訂宣告提供者Plan for custom claims providers for People Picker in SharePoint 2013
說明宣告提供者、其架構、自訂宣告提供者特殊考量及其規劃考量的用法及優點。Describes the use and benefits of claims providers, their architecture, special considerations for custom claims providers, and planning considerations for them.

另請參閱See also

設定 SharePoint Server 中的人員選擇器Configure People Picker in SharePoint Server