使用宣告式驗證的 Web 應用程式需要更新 (SharePoint Server)Web Applications using Claims authentication require an update (SharePoint Server)

摘要:了解如何解決 SharePoint Server 2016 和 SharePoint 2013 的 SharePoint Health Analyzer 規則「使用宣告驗證的 Web 應用程式需要更新」。Summary: Learn how to resolve the SharePoint Health Analyzer rule "Web Applications using Claims authentication require an update" for SharePoint Server 2016 and SharePoint 2013.

規則名稱:使用宣告式驗證的 Web 應用程式需要更新。Rule Name: Web Applications using Claims authentication require an update.

事件識別碼:Event ID: None

摘要:使用宣告式驗證的 Web 應用程式面臨潛在安全性弱點的風險,可能會讓使用者提升權限。主控使用宣告式驗證之 Web 應用程式的網頁伺服器可能容易受到攻擊。Summary: Web applications that use claims-based authentication are at risk for a potential security vulnerability that might allow users to elevate privileges. Web servers that host Web applications that use claims-based authentication are potentially vulnerable.

原因:當您將 Microsoft ASP.NET 2.0 Web 應用程式部署至執行 SharePoint Server 之伺服器所架設的網站,並在伺服器上以整合式模式執行 Internet Information Services (IIS) 7.0 或 IIS 7.5 時,即會發生此情況。Cause: This can happen when you deploy a Microsoft ASP.NET 2.0-based Web application to a Web site that is hosted on a server running SharePoint Server and you have Internet Information Services (IIS) 7.0 or IIS 7.5 running in Integrated mode on the server.

如果您在 SharePoint 網站上部署部分信任的網頁組件或建立外部清單,這些網頁組件或外部清單會具有比預期更多的權限。此問題可能會對 SharePoint 網站造成安全性風險。例如,這些網頁組件或外部清單可能會非預期地產生資料庫要求或 HTTP 要求。If you deploy partially trusted Web Parts or create external lists on the SharePoint site, these Web Parts or external lists can have more permissions than they should have. This issue might create a security risk on the SharePoint site. For example, these Web Parts or external lists may unexpectedly generate database requests or HTTP requests.

這是因為 ASP.NET 2.0 驗證元件發生變更。此變更會導致部分信任的網頁組件或外部清單模擬應用程式集區帳戶。因此,網頁組件會具有存取 SharePoint 網站的完整權限。This issue occurs because of a change in the ASP.NET 2.0 authentication component. The change causes the partially trusted Web Parts or external lists to impersonate the application pool account. Therefore, the Web Parts have full permission to access the SharePoint site.

解決方案:安裝更新Resolution: Install the update