建立 SharePoint Server 中使用傳統模式驗證的 web 應用程式Create web applications that use classic mode authentication in SharePoint Server

摘要:了解如何建立使用傳統模式 (Windows 傳統) 驗證在 SharePoint Server 2016 和 SharePoint Server 2013 中的 web 應用程式。Summary: Learn how to create a web application that uses classic mode (Windows-classic) authentication in SharePoint Server 2016 and SharePoint Server 2013.

在 SharePoint Server 中宣告式驗證是預設值,且慣用的使用者驗證方法及才可利用的伺服器對伺服器驗證及應用程式驗證。在管理中心內,您只可以設定宣告式驗證時您管理 web 應用程式。您也可以使用 Microsoft PowerShell cmdlet。使用傳統模式驗證,也稱為 Windows 傳統驗證,否則不建議在 SharePoint Server 中,您只可以建立或使用 Microsoft PowerShell cmdlet 設定傳統模式驗證的 web 應用程式。In SharePoint Server, claims-based authentication is the default and preferred method of user authentication and is required to take advantage of server-to-server authentication and app authentication. In Central Administration, you can only configure claims-based authentication when you manage web applications. You can also use Microsoft PowerShell cmdlets. The use of classic mode authentication, also known as Windows classic authentication, is discouraged in SharePoint Server and you can only create or configure web applications for classic mode authentication with Microsoft PowerShell cmdlets.

重要

Office Online 僅使用使用宣告式驗證的 SharePoint Server web 應用程式。使用傳統模式驗證的 SharePoint Server web 應用程式不會處理轉譯和編輯 office Online。如果您將使用 SharePoint Server 2016 傳統模式驗證的 SharePoint 2010 web 應用程式時,您必須將它們移轉至宣告式驗證允許它們與 Office Online 搭配使用。如需詳細資訊,請參閱使用 Office Web Apps 搭配 SharePoint 2013Office Online can be used only by SharePoint Server web applications that use claims-based authentication. Office Online rendering and editing will not work on SharePoint Server web applications that use classic mode authentication. If you migrate SharePoint 2010 web applications that use classic mode authentication to SharePoint Server 2016, you must migrate them to claims-based authentication to allow them to work with Office Online. For more information, see Use Office Web Apps with SharePoint 2013.

若要改用 Windows 宣告式驗證 (建議),請參閱建立使用 Windows 宣告驗證的 web 應用程式。若要轉換為使用宣告式驗證使用傳統模式 web 應用程式,請參閱從傳統模式為宣告式驗證在 SharePoint Server 中的移轉To use Windows claims-based authentication instead (recommended), see Create a web application that uses Windows-claims authentication. To convert a web application that uses classic mode to use claims-based authentication, see Migrate from classic-mode to claims-based authentication in SharePoint Server.

重要

本文中的步驟適用於 SharePoint Foundation 2013 與 SharePoint Server。The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server.

開始之前Before you begin

執行此程序之前,請先確認下列事項:Before you perform this procedure, confirm the following:

  • 您已決定邏輯結構的設計。You have determined the design of your logical architecture.

    如需詳細資訊,請參閱 <邏輯架構元件For additional information, see Logical architecture components.

  • 您已經為 Web 應用程式規劃驗證。You have planned authentication for your web application.

    如需詳細資訊,請參閱 < Plan for SharePoint Server 中的使用者驗證方法For additional information, see Plan for user authentication methods in SharePoint Server.

  • 如果您使用 Secure Sockets Layer (SSL),您必須關聯的 SSL 憑證的 web 應用程式的 IIS 網站之後建立的 IIS 網站。需要有 SSL 的伺服器對伺服器驗證及應用程式驗證案例中所用的 web 應用程式的預設值。If you use Secure Sockets Layer (SSL), you must associate the SSL certificate with the web application's IIS website after the IIS website is created. SSL is required by default for web applications that are used in server-to-server authentication and app authentication scenarios.

  • 您了解主機名稱網站集合。You understand host-named site collections.

建立 powershell 採用傳統模式驗證的 web 應用程式Create a web application that uses classic mode authentication with PowerShell

請執行下列程序使用 PowerShell 建立採用傳統模式驗證的 web 應用程式。Perform the following procedure to use PowerShell to create a web application that uses classic mode authentication.

若要建立使用 PowerShell 採用傳統模式驗證的 web 應用程式To create a web application that uses classic mode authentication with PowerShell

  1. 確認您具備下列成員資格:Verify that you have the following memberships:

    • SQL Server 執行個體上的 securityadmin 固定伺服器角色。securityadmin fixed server role on the SQL Server instance.

    • 所有要更新之資料庫上的 db_owner 固定資料庫角色。db_owner fixed database role on all databases that are to be updated.

    • 正在執行 PowerShell Cmdlet 之所在伺服器上的系統管理員群組。Administrators group on the server on which you are running the PowerShell cmdlets.

    • 請以高於上述基本要求新增必要的成員資格。Add memberships that are required beyond the minimums above.

      系統管理員可以使用 Add-SPShellAdmin Cmdlet 授與使用 SharePoint 2013 產品 Cmdlet 的權限。An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 Products cmdlets.

      注意

      [!附註] 如果您不具備上述權限,請連絡安裝程式系統管理員或 SQL Server 系統管理員要求權限。如需 PowerShell 權限的其他資訊,請參閱 Add-SPShellAdminIf you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.

  2. 啟動 SharePoint 管理命令介面。Start the SharePoint Management Shell.

  3. 在 PowerShell 命令提示字元處,輸入下列命令:At the PowerShell command prompt, type the following command:

    New-SPWebApplication -Name <Name> -ApplicationPool <ApplicationPool> -AuthenticationMethod <WindowsAuthType> -ApplicationPoolAccount <ApplicationPoolAccount> -Port <Port> -URL <URL>
    

    其中:Where:

    • <名稱>_是新的 web 應用程式的名稱。<Name>_ is the name of the new web application.

    • <ApplicationPool> 是應用程式集區的名稱。<ApplicationPool> is the name of the application pool.

    • < WindowsAuthType>_是 「 NTLM 」 或 「 Kerberos"。Kerberos 是建議使用。< WindowsAuthType >_ is either "NTLM" or "Kerberos". Kerberos is recommended.

    • <ApplicationPoolAccount> 是這個應用程式集區所用執行身分的使用者帳戶。<ApplicationPoolAccount> is the user account that this application pool will run as.

    • <Port> 是在 IIS 內建立 Web 應用程式的地方。<Port> is the port on which the web application will be created in IIS.

    • <URL> 是 Web 應用程式的公用 URL。<URL> is the public URL for the web application.

    • 範例Example

    New-SPWebApplication -Name "Contoso Internet Site" -ApplicationPool "ContosoAppPool" -AuthenticationMethod "Kerberos" -ApplicationPoolAccount (Get-SPManagedAccount "CONTOSO\jdoe") -Port 80 -URL "https://www.contoso.com"
    

如需詳細資訊,請參閱新增 SPWebApplication.PShell_stsadm_deprecatedFor more information, see New-SPWebApplication.PShell_stsadm_deprecated

完成此程序之後,您可以建立此 web 應用程式的一或多個網站集合。如需詳細資訊,請參閱建立 SharePoint Server 中的網站集合After this procedure is complete, you can create one or more site collections for this web application. For more information, see Create a site collection in SharePoint Server.

[!附註] 成功建立 Web 應用程式後,開啟「管理中心」網頁時會看見狀況規則警告,說明傳統驗證模式已啟用一個以上的 Web 應用程式。這就是為什麼我們建議使用宣告式驗證,不要使用傳統驗證模式。After you successfully create the web application, when you open the Central Administration page, you see a health rule warning that indicates that one or more web applications is enabled with classic authentication mode. This is a reflection of our recommendation to use claims-based authentication instead of classic mode authentication.

另請參閱See also

概念Concepts

建立採用 Windows 宣告驗證的 Web 應用程式)Create a Web application that uses Windows-claims authentication)

其他資源Other Resources

在 SharePoint Server 中規劃使用者驗證方法Plan for user authentication methods in SharePoint Server