規劃伺服器對伺服器驗證Plan server-to-server authentication

摘要: 針對 SharePoint 混合式規劃並準備設定從 SharePoint Server 到 Office 365 的伺服器對伺服器驗證。Summary: Plan and prepare to configure server-to-server authentication from SharePoint Server to Office 365 for SharePoint hybrid.

伺服器對伺服器驗證可讓 SharePoint Server 伺服器陣列使用 Office 365 租用戶的內容與資源。例如,可以設定搜尋,讓同盟使用者在 SharePoint Server 搜尋入口網站同時看到 SharePoint Server 和 SharePoint Online 的搜尋結果。Server-to-server authentication enables your SharePoint Server farm to consume content and resources from your Office 365 tenant. For example, search can be configured to allow federated users to see both SharePoint Server and SharePoint Online search results in a SharePoint Server search portal.

設定 SharePoint Server 和 Office 365 之間的伺服器對伺服器驗證時,需規劃的主要項目是 Web 應用程式組態。The major thing that you need to plan for when configuring server-to-server authentication between SharePoint Server and Office 365 is your web application configuration.

針對混合式伺服器對伺服器驗證規劃 Web 應用程式組態Plan your web application configuration for hybrid server-to-server authentication

本節可協助您規劃如何設定 SharePoint Server Web 應用程式以支援混合式功能。This section helps you plan how to configure your SharePoint Server web application to support hybrid functionality.

您可以從內部部署 SharePoint 伺服器陣列中使用 整合式 Windows 驗證 (使用 NTLM) 的任何 Web 應用程式對 SharePoint Online 進行輸出要求 (如下列影像所示)。Outbound requests to SharePoint Online can be made from any web application in the on-premises SharePoint farm that uses Integrated Windows authentication using NTLM, as shown in the following image.

Claim authentication types for SharePoint hybrid

如果您的現有 Web 應用程式未設定成使用整合式 Windows 驗證 (使用 NTLM),則必須建立 Web 應用程式,或擴充現有 Web 應用程式,以及將它設定成使用整合式 Windows 驗證 (使用 NTLM)。If your existing web application is not configured to use Integrated Windows authentication using NTLM, you must either create a web application or extend your existing web application and configure it to use Integrated Windows authentication using NTLM.

如果您必須建立新的 Web 應用程式以設定混合式功能,則有兩個選擇:If you have to create a new web application to configure for hybrid functionality, you have two choices:

  • 擴充現有的 Web 應用程式以連接至現有的內容資料庫。這會使用唯一的 URL 和驗證設定在 Internet Information Services (IIS) 中建立新網站。您可以使用擴充的 Web 應用程式,以使用新的 URL 來存取與原始 Web 應用程式相同的網站集合和內容。Extend an existing web application to connect to an existing content database. This creates a new website in Internet Information Services (IIS) with a unique URL and authentication configuration. The extended web application can be used to access the same site collections and content as the original web application by using the new URL.

    如果您想要使用者移至現有網站集合中的企業搜尋入口網站以使用混合式搜尋,則這是最佳選擇。This is the best choice if you want users to go to an enterprise search portal in an existing site collection to use hybrid search.

  • 建立新的 Web 應用程式和新的內容資料庫。這會建立具有新的空白內容資料庫的新 Web 應用程式,而您可以在該內容資料庫中建立具有企業搜尋入口網站的新網站集合。Create a new web application and a new content database. This creates a new web application that has a new, empty content database in which you can create a new site collection with an enterprise search portal.

    如果您想要使用者移至新網站集合中的企業搜尋入口網站以使用混合式搜尋,則這是最佳選擇。This is the best choice if you want users to go to an enterprise search portal in a new site collection to use hybrid search.

需要有整合式 Windows 驗證 (使用 NTLM),才允許 SharePoint Authentication Service 使用 OAuth 將使用者宣告傳送至 SharePoint Online。Integrated Windows authentication using NTLM is required to allow the SharePoint Authentication service to pass user claims to SharePoint Online using OAuth.