在 SharePoint Server 中設定及部署網頁組件Configure and deploy web parts in SharePoint Server

摘要: 了解如何在 SharePoint Server 2016 和 SharePoint 2013 中保護和部署網頁組件。Summary: Learn about securing and deploying web parts in SharePoint Server 2016 and SharePoint 2013.

SharePoint Server 包括使用者在安裝產品之後可新增至頁面的一組網頁組件。如果組織需要自訂網頁組件,則開發人員可以撰寫自訂 ASP.NET 網頁組件,並要求您進行安裝。此程序一般需要先測試和核准程式碼,才能在完全信任環境中部署網頁組件。在專案上按一下滑鼠右鍵,並選取 [部署]****,使用 Visual Studio 的開發人員就可以將網頁組件部署至 SharePoint Server。開發人員在 Visual Studio 中建立專案時,會透過使用 SharePoint 伺服器所建立的信任層級來決定網頁組件的目的地。MOSS_1st_NoVer includes a set of web parts that users can add to pages after installing the product. If an organization needs custom web parts, a developer can write custom ASP.NET web parts and ask you to install them. This process typically requires testing and approval of the code before the web part can be deployed in a full-trust environment. A developer who uses Visual Studio can deploy a web part to MOSS_2nd_NoVer by right clicking the project and selecting Deploy. The destination for the web part is determined by the trust level established with the SharePoint server when the developer created the project in Visual Studio.

SharePoint Server 使用 Microsoft .NET Framework 所提供的一些設定管理設定。其中一些設定儲存在 XML 設定檔案中,並且提供更大範圍的設定,讓伺服器管理員用來管理 Web 應用程式和其環境。如需 ASP.NET 設定檔案的詳細資訊,請參閱<保護 ASP.NET 應用程式和 Web 服務>的 Machine.Config 和 Web.Config 說明SharePoint Server uses some of the configuration management settings that are provided by the Microsoft .NET Framework. Some of these settings are stored in XML configuration files and they provide a broad range of settings that server administrators use to manage the Web application and its environment. For more information about ASP.NET configuration files, see Machine.Config and Web.Config Explained in "Securing Your ASP.NET Application and Web Services".

設定選項Configuration options

ASP.NET 網頁組件會部署至 SharePoint Server bin 目錄全域組件快取 (GAC)ASP.NET web parts are deployed to either the SharePoint Server bin directory or to the Global Assembly Cache (GAC).

  • Bin 目錄:儲存於 Web 應用程式根目錄下的 bin 資料夾。Bin directory Stored in the bin folder under the root directory of your Web application.

    此位置的優點:Advantages of this location:

    部分信任位置。從此目錄執行的程式碼預設具有低層級的程式碼存取安全性權限。如果網頁組件需要不同應用程式的存取權,或比預設權限所允許更多的存取權,則管理員必須明確地提高授與網頁組件的權限,使其正常運作。管理員可能偏好在 Bin 目錄中執行組件,並使用基本的一組已知必要程式碼存取安全性權限。A partial-trust location. By default, code that runs from this directory has a low level of code access security permissions. If the web part requires access across applications or more access than the default permissions allow, the administrator must explicitly raise permissions that are granted to a web part so that it can function correctly. Administrators might prefer that assemblies run in the Bin directory, with a known minimum set of required code access security permissions.

    此位置的缺點:Disadvantages of this location:

    若要在任何位置執行網頁組件,則必須在具有 MinRole 前端和應用程式服務角色的每個 SharePoint Server 2016 伺服器中,將組件部署至 Bin 目錄,且每個 SharePoint 2013 伺服器都已安裝 Web 和應用程式角色。To run your web part everywhere, you must deploy your assembly to the Bin directory on each SharePoint Server 2016 server with the MinRole Front-end and Application server roles, and each SharePoint 2013 server with web and application role installed.

  • 全域組件快取 (GAC):所有標準網頁組件都會自動與 .NET Framework 的 Common Language Runtime 一起安裝在 GAC (位於 %windir%\assembly) 中。儲存在 GAC 中的網頁組件可以在應用程式之間共用。Global Assembly Cache (GAC) All standard web parts are automatically installed in the GAC, where the common language runtime of the .NET Framework is located, at %windir%\assembly. web parts stored in the GAC can be shared across applications.

    此位置的優點:Advantages of this location:

    您可以部署簽署組件的全域位置,預設會以完全信任執行組件。由於會以全域方式安裝組件,因此可以在任何 Web 應用程式中運作。A global location where you can deploy signed assemblies, which can run with full trust by default. Because the assemblies are installed globally, they work in any Web application.

    此位置的缺點:Disadvantages of this location:

    一般而言,安裝至 GAC 的程式碼沒有任何程式碼存取安全性限制;因此,您會失去深入防禦安全性的優點。Generally, there are no code access security restrictions on code that is installed to the GAC; therefore, you lose the benefit of defense-in-depth security.

    此外,很難將您的程式資料庫 (.pdb) 檔案部署至 GAC 中的組件。Additionally, it can be difficult to deploy your program database (.pdb) files to assemblies in the GAC.

設定安全性屬性Setting security attributes

儲存在 Bin 目錄中的 ASP.NET 網頁組件有其他安全性屬性。您可以決定是否要設定網頁組件的這些屬性,這取決於您規劃使用網頁組件的方式。ASP.NET web parts that are stored in the Bin directory have additional security attributes. You can decide whether to set these attributes for your web part, depending on how you plan to use it.

Bin 目錄是局部信任位置。因此,執行網頁組件時,不會將完全信任程式碼權限自動授與您的網頁組件。因為呼叫到網頁組件的程式碼只會獲得授與局部信任權限,所以網頁組件開發人員必須在 ASP.NET 網頁組件上設定 AllowPartiallyTrustedCallers 屬性。The Bin directory is a partial-trust location. Therefore, your web part is not automatically granted full trust code permissions when it is executed. Because the code that calls into your web part is granted only partial trust permissions, the web part developer must configure the AllowPartiallyTrustedCallers attribute on your ASP.NET web part.

使用 AllowPartiallyTrustedCallers 屬性將元件標示為「安全」,會將安全實作的責任放在開發小組身上。Marking a component as "safe" with the AllowPartiallyTrustedCallers attribute puts the responsibility for safe implementation on the development team.

Bin 目錄和其內容預設會獲指派最低程式碼存取安全性權限。您應該仔細地測試網頁組件,以判斷要指派的正確權限層級,以及確定網頁組件不會對環境造成安全性風險。By default, the Bin directory and its contents are assigned minimal code access security permissions. You should test your web parts carefully to determine the correct level of permissions to assign, and to ensure that the web part does not present a security risk to your environment.

您可以使用下列其中一種方法提高權限:You can elevate permissions in either of two ways:

  • (建議) 建立信任原則檔案,並指向新檔案的 Web.config 檔案。此選項較為複雜,但是可讓您設定網頁組件的精確權限。如需信任原則檔案的詳細資訊,請參閱 Microsoft Windows SharePoint Services 和程式碼存取安全性(Recommended) Create a trust policy file and point your Web.config file at the new file. This option is more complex, but it enables you to set precise permissions for your web parts. For more information about trust policy files, see Microsoft Windows SharePoint Services and Code Access Security.

  • 提高 Bin 目錄的整體信任層級。在 Web 應用程式根目錄的 Web.config 檔案中,找到 trust 元素。 trust 元素之 level 屬性的預設值是 WSS_Minimal。您可以將此層級變更為 WSS_Medium。雖然此選項較為簡單,但是會授與可能不需要的任意新權限,因此它的安全性低於建立信任原則檔案。Raise the overall trust level of the Bin directory. In the Web.config file in the root directory of your Web application, locate the trust element. The default value for the trust element's level attribute is WSS_Minimal. You can change this level to WSS_Medium. Although this option is simpler, it grants arbitrary new permissions that you might not need, and it is less secure than creating a trust policy file.

    警告

    Web.config 檔案中的 WSS_MinimalWSS_Medium 項目區分大小寫。The WSS_Minimal and WSS_Medium entries in the Web.config file are case sensitive.

安全控制項清單Safe Controls list

安全控制項清單包含 SharePoint 網站特有的控制項和網頁組件的名稱,而伺服器管理員可以將它們指定為安全,以用於網站內的任何 .aspx 頁面。此清單是 Web 應用程式根目錄中 Web.config 檔案的一部分。The Safe Controls list contains the names of controls and web parts, specific to your SharePoint site, that server administrators can designate as safe for use on any .aspx page within a site. This list is part of the Web.config file in your Web application root.

部署及設定網頁組件Deploy and configure a web part

您用於部署新網頁組件的方法,將取決於開發人員提供的完成套件。如果開發人員以單一動態連結程式庫 (DLL) 檔案的形式提供網頁組件,您可以將 DLL 複製到 Web 應用程式的 Bin 資料夾,手動加以部署。如果開發人員提供您內含網頁組件的 CAB 檔案,則可以使用 Microsoft PowerShell 部署網頁組件。The method that you use to deploy a new web part will depend on the finished package that the developer provides. If the developer provided you with the web part as a single dynamic-link library (DLL) file, you can manually deploy the DLL by copying it to your Web application's Bin folder. If the developer provides you with a CAB file containing the web part, you can use Microsoft PowerShell to deploy the web part.

手動部署及設定網頁組件To manually deploy and configure a web part

  1. 確認是否具備下列系統管理認證:Verify that you have the following administrative credentials:

    • 您必須是主控 SharePoint Server 之伺服器上本機管理員群組的成員。You must be a member of the local Administrators group on the server hosting SharePoint Server.
  2. 將專案 Bin 目錄中的 <YourWebPartName>.dll 組件複製到 Web 應用程式根目錄中的 Bin 目錄。例如:C:\inetpub\wwwroot\wss\VirtualDirectories\80。.Copy the .dll assembly in the project's Bin directory to the Bin directory in your Web application root directory. For example: C:\inetpub\wwwroot\wss\VirtualDirectories\80.

  3. 在應用程式根目錄中尋找 Web.config 檔案,並開啟以進行編輯。Locate the Web.config file in your application root directory and open it for editing.

  4. 為自訂組件將下列安全控制項目新增至 Web.config 檔案:Add the following safe-control entry for your custom assembly to the Web.config file:

    <SafeControl Assembly="<YourWebPartName>, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" Namespace="<YourWebPartNamespace>" TypeName="*" Safe="True" AllowRemoteDesigner="True"/>
    

    其中:Where:

  5. <YourWebPartName> 是要部署的網頁組件名稱。<YourWebPartName> is the name of the web part that is being deployed.

  6. <YourWebPartNamespace> 是與網頁組件相關聯的命名空間。<YourWebPartNamespace> is the namespace that is associated with your web part.

將網頁組件手動安裝至 Bin 資料夾或手動變更 Web.config 檔案的替代方式,是使用 PowerShell 來安裝網頁組件套件。為了讓此程序運作,開發人員或系統管理員必須建立網頁組件的 CAB 解決方案套件。建立 CAB 檔案之後,請遵循這些步驟來部署網頁組件。An alternative to manually installing a web part to the Bin folder or manually changing the Web.config file is to use PowerShell to install the web part package. For this process to work, a developer or system administrator must create a CAB solution package for the web part. After you create a CAB file, follow these steps to deploy the web part.

使用 Microsoft PowerShell 部署網頁組件To deploy the web part by using Microsoft PowerShell

  1. 確認符合下列基本需求:請參閱<Add-SPShellAdmin>。Verify that you meet the following minimum requirements: See Add-SPShellAdmin.

  2. 啟動 SharePoint 管理命令介面。Open SharePoint Management Shell.

  3. 在 PowerShell 命令提示字元 (PS C:\>) 處,輸入下列命令並按 ENTER:At the PowerShell command prompt (PS C:\>), type the following command, and then press ENTER:

    Install-SPWebPartPack -LiteralPath "<PathToCabFile>" -Name "<WebPartName>"
    

    其中:Where:

    • <Cab 檔案路徑> 是要部署之 CAB 檔案的完整路徑。<PathToCabFile> is the full path to the CAB file that is being deployed.

    • <WebPartName> 是要部署的網頁組件名稱。<WebPartName> is the name of the web part that is being deployed.

前一程序說明使用 Install-SPWebPartPack 部署網頁組件的一般方式。您可以指定其他參數變更網頁組件的部署方式。如需詳細資訊,請參閱< Install-SPWebPartPack>。建議您在執行命令列管理工作時使用 Windows PowerShell。Stsadm 命令列工具已過時,但為與舊版產品相容,仍會隨附提供。The previous procedure shows a common way to use Install-SPWebPartPack to deploy a web part. You can specify additional parameters to change the way the web part is deployed. For more information, see Install-SPWebPartPack. We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

每個網頁組件應該都會有一個 .webpart 檔案,是用以說明網頁組件的 XML 檔。.webpart 檔案也會使您的網頁組件出現在網頁組件庫中。下列程序是在部署網頁組件,並將其登錄在「安全控制項」清單之後,用以建立 .webpart 檔案最簡單的方式。Every web part should have a .webpart file, which is an XML file that describes the web part. The .webpart file also causes your web part to appear in the Web Part gallery. The following procedure is the easiest way to create a .webpart file after you deploy your web part and register it in the Safe Control list.

將元件新增至網頁組件庫To add a component to the Web Part Gallery

  1. 確認是否具備下列系統管理認證:Verify that you have the following administrative credentials:

    • 您必須是伺服器陣列管理員群組的成員。You must be a member of the Farm Administrators group.
  2. 若要建立 .webpart 檔案,請瀏覽至 http://<我的伺服器>/_layouts/newdwp.aspx,其中 <我的伺服器> 是部署 SharePoint 網站之伺服器的名稱。To create a .webpart file, navigate to http://<>/_layouts/newdwp.aspx, where <> is the name of the server on which your SharePoint site is deployed.

  3. 選取 <YourWebPartNamespace>.<YourWebPartName> 旁的核取方塊。Select the check box next to <YourWebPartNamespace>.<YourWebPartName>.

  4. 按一下 [擴展組件庫]**** 將 YourWebPartName 網頁組件新增至小組網站資源庫。Click Populate Gallery to add the YourWebPartName web part to the Team Site gallery.

  5. 在網頁組件庫中,選取 [編輯]**** 以編輯網頁組件,然後按一下 [匯入]*In the Web Part gallery, select *Edit to edit the web part, and then click Import.

    系統會提示您指定 .webpart 檔案的位置。您也可以匯出 ASP.NET 網頁組件,再將其匯入 SharePoint 網站。You are prompted to specify a location for the .webpart file. You can also export ASP.NET web parts and import them to SharePoint sites.

另請參閱See also

概念Concepts

在 SharePoint Server 中管理網頁組件Manage web parts in SharePoint Server

其他資源Other Resources

如何在遠端伺服器上部署、發佈和升級 SharePoint 解決方案How to: Deploy, Publish, and Upgrade SharePoint Solutions on a Remote Server