在 SharePoint Server 中管理網頁組件Manage web parts in SharePoint Server

摘要: 協助您準備管理與 SharePoint Server 2016 和 SharePoint 2013 搭配使用之網頁組件頁面和控制項的安全性。Summary: Helps you prepare to manage security for web parts pages and controls that are used with SharePoint Server 2016 and SharePoint 2013.

在 SharePoint Server 中,網頁組件頁面是指將一組網頁組件結合而成,來同時顯示清單資料、即時資訊或有用圖形的動態網頁。您可先設定所有使用者適用的網頁組件頁面版面配置與內容,再選擇是否針對個別使用者進行個人化。網站擁有者或具有適當權限的網站成員可以在瀏覽器中新增、重新設定或移除網頁組件,來建立和自訂網頁組件頁面。In SharePoint Server, a web parts page is a collection of web parts that combines list data, timely information, or useful graphics into a dynamic web page. The layout and content of a web parts page can be set for all users and then, optionally, personalized for individual users. A site owner or a site member with the appropriate permissions can create and customize web parts pages by using a browser to add, reconfigure, or remove web parts.

您可以在網頁組件頁面、Wiki 頁面、內容頁面和發佈頁面上使用網頁組件。You can use web parts on web parts pages, wiki pages, content pages, and publishing pages.

SharePoint Server 中的網頁組件基礎結構存在於 ASP.NET Web Parts 基礎結構的上一層。若想有效保護 SharePoint 網站,伺服器管理員必須熟悉 ASP.NET 的安全性指導方針和最佳做法。如需詳細資訊,請參閱<安全性指導方針 :ASP.NET>。The web parts infrastructure in SharePoint Server exists on a layer above the ASP.NET web parts infrastructure. To effectively protect SharePoint sites, server administrators must be familiar with security guidelines and best practices for ASP.NET. For more information, see Security Guidelines: ASP.NET.

注意

SharePoint 應用程式 會新增功能至網站。網站擁有者可以將 SharePoint 應用程式 新增至 SharePoint 網站,讓自己和其他網站使用者可以使用該應用程式。如需詳細資訊,請參閱<將 SharePoint 相關應用程式新增至 SharePoint 2016 網站>。The apps for SharePoint add functionality to a site. Site owners can add apps for SharePoint to SharePoint sites so that they and other users of the site can use the application. For more information, see Add apps for SharePoint to a SharePoint site.

網頁組件頁面和控制項的安全性Security for web parts pages and controls

保護網頁組件頁面和控制項需要大家共同合作。開發人員、網站管理員和伺服器管理員必須一起合作以改善網頁組件和網頁組件頁面的安全性。開發人員應驗證網頁組件輸入資料以防遭受伺服器攻擊行為。伺服器管理員必須設定 Internet Information Services (IIS) 來使用適當的驗證方法。Protecting web parts pages and controls is a collaborative effort. Developers, site administrators, and server administrators must work together to improve security for web parts and web parts pages. Developers should validate Web Part input to prevent server attacks. Server administrators must configure Internet Information Services (IIS) to use an appropriate authentication method.

伺服器管理員還會對網頁伺服器或網頁伺服器陣列設定並部署網頁組件解決方案。部署解決方案後,網站管理員或伺服器管理員會定義允許存取網頁組件頁面的權限層級及權限。Server administrators also configure and deploy web parts solutions to a web server or web farm. After the solution is deployed, site administrators or server administrators define the permission levels and permissions that allow access to web parts pages.

下表顯示負責在網頁組件頁面和網頁組件上設定權限的安全性角色。The following table shows the security roles that are responsible for configuring permissions on Web Parts pages and Web Parts.

表:用來設定網頁組件和網頁組件頁面的安全性角色Table: Security roles to configure Web Parts and Web Parts pages

角色Role 類別Category 適用於Applies to 描述Description 建議準則Recommended guidelines
開發人員Developer
輸入驗證Input Validation
網頁組件程式碼Web Part code
輸入驗證是指應用程式在其他處理前篩選、廢除或拒絕輸入的方式。這包括驗證應用程式所接收的輸入是有效且安全的驗證程序。Input validation refers to how your application filters, scrubs, or rejects input before additional processing. This includes verification that the input that your application receives is valid and safe.
建置安全的 ASP.NET 頁面和控制項Building Secure ASP.NET Pages and Controls
建立 SharePoint 網頁組件Creating Web Parts For SharePoint
伺服器管理員Server administrator
驗證Authentication
IISIIS
驗證是指一個實體驗證另一個實體之身分識別的程序 (通常透過使用者名稱和密碼之類的認證)。Authentication is the process where an entity validates the identity of another entity, typically through credentials such as a user name and password.
在 SharePoint Server 中規劃使用者驗證方法Plan for user authentication methods in SharePoint Server
網站管理員/伺服器管理員Site administrator/ Server administrator
授權Authorization
網站集合Site collections
授權是一種程序,其會判定哪些使用者可在給定物件上執行特定動作,來提供網站、清單、資料夾或項目的存取控制。授權程序會假設使用者已通過驗證。Authorization is the process that provides access controls for Web sites, lists, folders, or items by determining which users can perform specific actions on a given object. The authorization process assumes that the user has already been authenticated.
授權和驗證Authorization and Authentication
伺服器管理員Server administrator
設定管理Configuration Management
.NET Framework 設定.NET Framework configuration
設定管理通常包含廣泛的設定,可讓管理員管理 Web 應用程式與其環境。這些設定會儲存在 XML 設定檔中,其中有些控制全電腦端的設定,其他則控制應用程式專屬的設定。您可在設定檔中定義特定的安全限制,及電腦層級程式碼存取安全性權限。Configuration management encompasses a broad range of settings that allow an administrator to manage the Web application and its environment. These settings are stored in XML configuration files, some of which control computer-wide settings, while others control application-specific configurations. You can define special security constraints in configuration files and computer-level code access security permissions.
程式碼存取安全性Code Access Security
Microsoft Windows SharePoint Services 和程式碼存取安全性Microsoft Windows SharePoint Services and Code Access Security
對 ASP.NET 使用程式碼存取安全性Using Code Access Security with ASP.NET

感謝 Microsoft 的 MVP Waqas Sarwar 提供下列關於 SharePoint Server 2016網頁組件安全性的文件,<SharePoint 2016 中央管理 - 安全性 - 管理網頁組件安全性>。Thank you to Waqas Sarwar, Microsoft MVP, for providing the following article about web part security in SharePoint Server 2016, SharePoint 2016 Central Admin - Security - Manage Web Part security.

您可以在此章節取得下列有關如何在 SharePoint Server 中管理網頁組件的文章:The following articles about managing web parts in SharePoint Server are available in this section:

內容Content 描述Description
在 SharePoint Server 中設定及部署網頁組件Configure and deploy web parts in SharePoint Server
如何在 SharePoint Server中保全及部署網頁組件。How to secure and deploy web parts in SharePoint Server.
在 SharePoint Server 中編輯現有網頁組件Edit existing web parts in SharePoint Server
如何在 SharePoint Server中編輯網頁組件和網頁組件內容,How to edit web parts and web part properties in SharePoint Server,

另請參閱See also

概念Concepts

在 SharePoint Server 中設定及部署網頁組件Configure and deploy web parts in SharePoint Server

在 SharePoint Server 中編輯現有網頁組件Edit existing web parts in SharePoint Server

SharePoint Server 的安全性Security for SharePoint Server

在 SharePoint Server 中規劃使用者驗證方法Plan for user authentication methods in SharePoint Server

其他資源Other Resources

新增、編輯、最小化或從頁面中刪除網頁組件Add, edit, minimize, or delete a Web Part from a page

在頁面上使用網頁組件Using web parts on pages