Microsoft Sharepoint Products and Technologies Resource Kit eBook

More documents

Recommendations

Info

694 Part VIII: Securing SharePoint Products and Technologies The single sign-on functionality enables scenarios where multiple Web Parts access different enterprise applications, which each use a different type of authentication. Each Web Part can automatically sign on to its enterprise application without prompting the user to provide credentials each time. There are endless uses of single sign-on functionality within an enterprise environment. For example, let’s consider two different scenarios—a human resources intranet site and a business intelligence site, as follows: ■ A standard human resources (HR) portal site or page might include several Web Parts that display employee information from a back-end employee management system. This employee data is stored in a dedicated HR database system, frequently based on SAP or PeopleSoft. These HR databases do not support Microsoft Windows IDs, might not run on Windows-based operating systems and, in fact, might include proprietary logon protocols. The Web Parts on the portal site should retrieve the individual employee data without prompting for a separate logon. In this example, the individual employee does not have a separate logon to the HR system, but uses a group account that provides generic read access to the database. In other words, the employee does not know the user name and password required to log on to the system he or she is accessing. ■ An executive might use a portal site to provide a dynamic, aggregated view of relevant business information. This data is stored in two places: Siebel stores the customer relationship information, and SAP tracks accounts and payments. To see an integrated view, the portal must log on to and access both back-end systems. Prompting the user for additional passwords is an unacceptable user experience. In this example, the executive does not need to know the user names and the passwords required for logon to the back-end systems. In addition, multiple Web Parts are used to ensure this integration. By default, each Web Part separately authenticates the user to the appropriate back-end system. As these examples show, by using single sign-on you can centralize information from multiple back-end applications through a single portal that uses application definitions. In addition, SharePoint Portal Server 2003 provides a programming interface for developers to use and extend this feature. Single Sign-On Architecture For each enterprise application that SharePoint Portal Server connects to, there is a corresponding enterprise application definition configured by an administrator. This application definition is used by a Web Part to integrate with the enterprise application within a portal site. The application definition controls how credentials for a particular business application are stored and mapped. The code within the Web Part
Chapter 26: Single Sign-On in SharePoint Portal Server 2003 695 uses the application definition to retrieve credentials that are then used to integrate with an enterprise application. This process is transparent to the portal site users. There are two primary types of enterprise application definitions used with the SSOSrv service, as follows: ■ Individual enterprise application definitions. In this scenario, individual users know and can manage their own credentials stored within the enterprise application definition. ■ Group enterprise application definitions. In this scenario, the individual user does not know his or her credentials stored within the enterprise application definition, but is associated with a managed group account. The single sign-on administrator, rather than the individual user, chooses the account type when configuring the enterprise application definition. The SSOSrv service stores encrypted credentials in a Microsoft SQL Server database. When you set up the single sign-on on the job server, you specify two settings for the single sign-on database: the name of the computer running SQL Server where the credentials store will be located, and the name of the database that will become the credentials store for your Web farm. These settings are stored in the SharePoint Portal Server configuration database. All credentials in the credentials store are encrypted using the single sign-on encryption key. When you configure single sign-on for the first time, the encryption key is created automatically. You can regenerate the key if required and re-encrypt the credentials store; for example, you might have a policy to change the key after a certain amount of time. How Single Sign-On Works When individual enterprise definition is used, on the first access to the Web Part that integrates with the enterprise application, if a user’s credentials have not been stored in the single sign-on database, the user is redirected to the logon form that prompts the user for appropriate credentials for the enterprise application. The number, the order, and the names of the fields in the logon form are configured by the administrator within the application definition; the logon form is generated automatically based on these configuration settings. The developer needs to write the code within the Web Part to check whether the credentials exist in the database, and to redirect the user to the logon form if necessary. The user-supplied credentials are then stored in the credentials store and mapped to the Windows account that is this user’s account for SharePoint Portal Server. Then, the user is redirected back to the original Web Part. The code in the Web Part then submits the credentials from the credentials store to the application in the way that is relevant to this application, and retrieves
Page 2 and 3:
PUBLISHED BY Microsoft Press A Divi
Page 4 and 5:
iv Contents at a Glance Part VIII S
Page 6 and 7:
vi Contents 2 Installing Windows Sh
Page 8 and 9:
viii Contents 5 SharePoint Portal S
Page 10 and 11:
x Contents Highly Available Medium
Page 12 and 13:
xii Contents 13 Installing and Conf
Page 14 and 15:
xiv Contents 18 Managing SharePoint
Page 16 and 17:
xvi Contents Incremental (Inclusive
Page 18 and 19:
xviii Contents Part VIII Securing S
Page 20 and 21:
xx Contents 29 Usage Analysis Tools
Page 22 and 23:
xxii Contents Advanced Customizatio
Page 24 and 25:
xxiv Contents 37 Using Visual Studi
Page 26 and 27:
xxvi Contents 42 Upgrading and Migr
Page 28 and 29:
xxviii Acknowledgments Shawn Baden,
Page 30 and 31:
xxx Acknowledgments I’d also like
Page 33 and 34:
Chapter 1 Introduction to Microsoft
Page 35 and 36:
Chapter 1: Introduction to Microsof
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Authentication Authorization Chapte
Page 49 and 50:
Page 51 and 52:
Chapter 2 Installing Windows ShareP
Page 53 and 54:
Chapter 2: Installing Windows Share
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
F02XR02 Chapter 2: Installing Windo
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Server Farm with Multiple Host Name
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Creating Sites Chapter 2: Installin
Page 79 and 80:
Table 2-6 Windows SharePoint Servic
Page 81 and 82:
Page 83 and 84:
Chapter 3 Installing Microsoft Offi
Page 85 and 86:
Chapter 3: Installing Microsoft Off
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
F03XR03 Chapter 3: Installing Micro
Page 97 and 98:
Page 99 and 100:
Configure Server Topology Chapter 3
Page 101 and 102:
F03XR09 Chapter 3: Installing Micro
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Uninstall SharePoint Portal Server
Page 119 and 120:
Page 121 and 122:
Page 123:
Part II SharePoint Products and Tec
Page 126 and 127:
96 Part II: SharePoint Products and
Page 128 and 129:
98 Part II: SharePoint Products and
Page 130 and 131:
100 Part II: SharePoint Products an
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 155 and 156:
Chapter 6 Security Architecture for
Page 157 and 158:
IIS IUSR_machinename user identity
Page 159 and 160:
Authorization Chapter 6: Security A
Page 161 and 162:
Chapter 6: Security Architecture fo
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Chapter 7 Architecting SharePoint P
Page 181 and 182:
Chapter 7: Architecting SharePoint
Page 183 and 184:
Chapter 7: Architecting SharePoint
Page 185:
Part III Planning and Deployment In
Page 188 and 189:
158 Part III: Planning and Deployme
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 215 and 216:
Chapter 9 Capacity Planning In this
Page 217 and 218:
Chapter 9: Capacity Planning 187 Th
Page 219 and 220:
Chapter 9: Capacity Planning 189
Page 221 and 222:
Small Server Farm Chapter 9: Capaci
Page 223 and 224:
■ Embedded ATA-100 IDE controller
Page 225 and 226:
Minimum Large Server Farm with a SQ
Page 227 and 228:
Page 229 and 230:
Planning Services Accounts Chapter
Page 231 and 232:
Chapter 9: Capacity Planning 201 di
Page 233 and 234:
Chapter 9: Capacity Planning 203 Mo
Page 235 and 236:
Chapter 9: Capacity Planning 205 sm
Page 237 and 238:
Chapter 9: Capacity Planning 207 Wh
Page 239 and 240:
Chapter 9: Capacity Planning 209 pr
Page 241 and 242:
Estimating System Requirements Chap
Page 243 and 244:
■ Divisional portal site access
Page 245 and 246:
Estimating Current and Future Stora
Page 247 and 248:
Chapter 9: Capacity Planning 217 yo
Page 249 and 250:
Chapter 9: Capacity Planning 219 me
Page 251 and 252:
Page 253 and 254:
Selecting the Stress Test Tool Chap
Page 255 and 256:
Chapter 9: Capacity Planning 225 to
Page 257 and 258:
Topics Chapter 9: Capacity Planning
Page 259 and 260:
Chapter 9: Capacity Planning 229 Th
Page 261 and 262:
Chapter 9: Capacity Planning 231 RA
Page 263 and 264:
RANDOMIZE F = INT(200 * RND) Test.G
Page 265:
Summary Chapter 9: Capacity Plannin
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 301:
Part IV Deployment Scenarios In thi
Page 304 and 305:
274 Part IV: Deployment Scenarios N
Page 306 and 307:
276 Part IV: Deployment Scenarios a
Page 308 and 309:
278 Part IV: Deployment Scenarios N
Page 310 and 311:
280 Part IV: Deployment Scenarios S
Page 312 and 313:
282 Part IV: Deployment Scenarios C
Page 314 and 315:
284 Part IV: Deployment Scenarios S
Page 316 and 317:
286 Part IV: Deployment Scenarios T
Page 318 and 319:
288 Part IV: Deployment Scenarios C
Page 320 and 321:
290 Part IV: Deployment Scenarios F
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
302 Part IV: Deployment Scenarios T
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
308 Part IV: Deployment Scenarios
Page 340 and 341:
310 Part IV: Deployment Scenarios c
Page 342 and 343:
Page 344 and 345:
Page 347 and 348:
Chapter 13 Installing and Configuri
Page 349 and 350:
Chapter 13: Installing and Configur
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Next Steps Chapter 13: Installing a
Page 369 and 370:
Chapter 14 Shared Services In this
Page 371 and 372:
Use Intra-Farm Shared Services Chap
Page 373 and 374:
Chapter 14: Shared Services 343 Not
Page 375 and 376:
Chapter 14: Shared Services 345 6.
Page 377 and 378:
F14XR07 Figure 14-7 Creating a new
Page 379:
F14XX08 Summary Chapter 14: Shared
Page 383 and 384:
Chapter 15 Configuring Windows Shar
Page 385 and 386:
Chapter 15: Configuring Windows Sha
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
Page 399 and 400:
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Page 407 and 408:
Page 409 and 410:
F15XR14 Figure 15-14 Authentication
Page 411 and 412:
Page 413 and 414:
Page 415 and 416:
Page 417 and 418:
Page 419 and 420:
Configuring Site Quotas and Locks C
Page 421 and 422:
Managing Quota Templates Chapter 15
Page 423 and 424:
Page 425 and 426:
Page 427 and 428:
Page 429 and 430:
Page 431 and 432:
Searching with SQL Server 2000 Chap
Page 433:
Page 436 and 437:
406 Part V: Administration of Windo
Page 438 and 439:
Page 440 and 441:
Page 442 and 443:
Page 444 and 445:
Page 446 and 447:
Page 448 and 449:
Page 450 and 451:
Page 452 and 453:
Page 454 and 455:
Page 456 and 457:
Page 458 and 459:
Page 460 and 461:
Page 462 and 463:
Page 464 and 465:
Page 466 and 467:
Page 468 and 469:
Page 470 and 471:
Page 472 and 473:
Page 474 and 475:
Page 476 and 477:
Page 479:
Part VI Administration of Microsoft
Page 482 and 483:
452 Part VI: Administration of Micr
Page 484 and 485:
Page 486 and 487:
Page 488 and 489:
Page 490 and 491:
Page 492 and 493:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
Page 524 and 525:
Page 526 and 527:
Page 528 and 529:
Page 530 and 531:
Page 532 and 533:
Page 534 and 535:
Page 536 and 537:
Page 538 and 539:
Page 541 and 542:
Chapter 19 Working with Documents i
Page 543 and 544:
Form Libraries Chapter 19: Working
Page 545 and 546:
Chapter 19: Working with Documents
Page 547 and 548:
F21xr02 Chapter 19: Working with Do
Page 549 and 550:
Page 551 and 552:
Page 553 and 554:
Page 555 and 556:
Page 557 and 558:
Page 559 and 560:
F21xr05 Chapter 19: Working with Do
Page 561 and 562:
Page 563 and 564:
Page 565 and 566:
Page 567 and 568:
Page 569 and 570:
Page 571 and 572:
Page 573 and 574:
Page 575 and 576:
Page 577 and 578:
Content Approval Chapter 19: Workin
Page 579 and 580:
Page 581 and 582:
Serial Editor Legal Chapter 19: Wor
Page 583 and 584:
Chapter 20 Working with Information
Page 585 and 586:
Chapter 20: Working with Informatio
Page 587 and 588:
Page 589 and 590:
Page 591 and 592:
Page 593 and 594:
Page 595 and 596:
Page 597 and 598:
Page 599 and 600:
Page 601 and 602:
Page 603 and 604:
Areas Chapter 20: Working with Info
Page 605 and 606:
Page 607 and 608:
Page 609 and 610:
Page 611 and 612:
Page 613:
Page 616 and 617:
586 Part VII: Information Managemen
Page 618 and 619:
Page 620 and 621:
Page 622 and 623:
Page 624 and 625:
Page 626 and 627:
Page 628 and 629:
Page 630 and 631:
Page 632 and 633:
Page 634 and 635:
Page 637 and 638:
Chapter 22 Managing External Conten
Page 639 and 640:
Chapter 22: Managing External Conte
Page 641 and 642:
Page 643 and 644:
Page 645 and 646:
Page 647 and 648:
Page 649 and 650:
Page 651 and 652:
Page 653 and 654:
Page 655 and 656:
Page 657 and 658:
Page 659 and 660:
Chapter 23 Personalization Services
Page 661 and 662:
Chapter 23: Personalization Service
Page 663 and 664:
Page 665 and 666:
Page 667 and 668:
Page 669 and 670:
Page 671 and 672:
Page 673 and 674: Chapter 23: Personalization Service
Page 677 and 678: Personal Sites Chapter 23: Personal
Page 691 and 692: Chapter 24 Information Security Pol
Page 693 and 694: Chapter 24: Information Security Po
Page 701: Part VIII Securing SharePoint Produ
Page 704 and 705: 674 Part VIII: Securing SharePoint
Page 723: Chapter 26 Single Sign-On in ShareP
Page 727 and 728: Chapter 26: Single Sign-On in Share
Page 741 and 742: Creating the Encryption Key Chapter
Page 753 and 754: Chapter 27 Securing an Extranet Usi
Page 755 and 756: Chapter 27: Securing an Extranet Us
Page 775 and 776:
Chapter 27: Securing an Extranet Us
Page 777:
Chapter 27: Securing an Extranet Us
Page 781 and 782:
Chapter 28 Disaster Recovery in Sha
Page 783 and 784:
Chapter 28: Disaster Recovery in Sh
Page 785 and 786:
Page 787 and 788:
Page 789 and 790:
Page 791 and 792:
Page 793 and 794:
Page 795 and 796:
Page 797 and 798:
Page 799 and 800:
Page 801 and 802:
Page 803 and 804:
Page 805 and 806:
Page 807 and 808:
Page 809 and 810:
Page 811 and 812:
Page 813 and 814:
Best Practices Chapter 28: Disaster
Page 815 and 816:
Page 817 and 818:
Chapter 29 Usage Analysis Tools in
Page 819 and 820:
Chapter 29: Usage Analysis Tools in
Page 821 and 822:
F31xr01 Chapter 29: Usage Analysis
Page 823 and 824:
Page 825 and 826:
Configuring the Log Files Chapter 2
Page 827 and 828:
Page 829 and 830:
Chapter 30 Default Tools to Customi
Page 831 and 832:
Shared View vs. Personal View Chapt
Page 833 and 834:
Chapter 30: Default Tools to Custom
Page 835 and 836:
Page 837 and 838:
Page 839 and 840:
Page 841 and 842:
Other Customizations Chapter 30: De
Page 843 and 844:
Page 845 and 846:
Page 847:
Areas Summary Chapter 30: Default T
Page 850 and 851:
820 Part IX: Maintaining a Server i
Page 852 and 853:
Page 854 and 855:
Page 856 and 857:
Page 858 and 859:
Page 860 and 861:
Page 862 and 863:
Page 864 and 865:
Page 866 and 867:
Page 868 and 869:
Page 870 and 871:
Page 872 and 873:
Page 874 and 875:
Page 876 and 877:
Page 878 and 879:
Page 880 and 881:
Page 882 and 883:
Page 884 and 885:
Page 886 and 887:
Page 888 and 889:
Page 890 and 891:
Page 892 and 893:
Page 894 and 895:
Page 896 and 897:
Page 898 and 899:
Page 900 and 901:
Page 902 and 903:
Page 904 and 905:
Page 906 and 907:
Page 908 and 909:
Page 910 and 911:
Page 912 and 913:
Page 914 and 915:
Page 916 and 917:
Page 918 and 919:
Page 920 and 921:
Page 922 and 923:
Page 924 and 925:
Page 926 and 927:
Page 928 and 929:
Page 930 and 931:
Page 932 and 933:
Page 934 and 935:
Page 936 and 937:
Page 938 and 939:
Page 940 and 941:
Page 942 and 943:
Page 944 and 945:
Page 946 and 947:
Page 948 and 949:
Page 950 and 951:
Page 952 and 953:
Page 954 and 955:
Page 956 and 957:
Page 958 and 959:
Page 960 and 961:
Page 962 and 963:
Page 964 and 965:
Page 966 and 967:
Page 968 and 969:
Page 970 and 971:
Page 972 and 973:
Page 974 and 975:
Page 976 and 977:
Page 978 and 979:
Page 980 and 981:
Page 982 and 983:
Page 984 and 985:
Page 986 and 987:
Page 988 and 989:
Page 990 and 991:
Page 992 and 993:
Page 994 and 995:
Page 996 and 997:
Page 998 and 999:
Page 1000 and 1001:
Page 1002 and 1003:
Page 1004 and 1005:
Page 1006 and 1007:
Page 1008 and 1009:
Page 1010 and 1011:
Page 1012 and 1013:
Page 1014 and 1015:
Page 1016 and 1017:
Page 1018 and 1019:
Page 1020 and 1021:
Page 1022 and 1023:
Page 1024 and 1025:
Page 1026 and 1027:
Page 1028 and 1029:
Page 1031 and 1032:
Chapter 37 Using Visual Studio .NET
Page 1033 and 1034:
Chapter 37: Using Visual Studio .NE
Page 1035 and 1036:
Page 1037 and 1038:
Page 1039 and 1040:
Page 1041 and 1042:
Creating a Web Part Chapter 37: Usi
Page 1043 and 1044:
Page 1045 and 1046:
Page 1047 and 1048:
Page 1049 and 1050:
Page 1051 and 1052:
Page 1053:
Summary Chapter 37: Using Visual St
Page 1057 and 1058:
Chapter 38 Windows SharePoint Servi
Page 1059 and 1060:
Chapter 38: Windows SharePoint Serv
Page 1061 and 1062:
Page 1063 and 1064:
Page 1065 and 1066:
Document Workspace Sites Chapter 38
Page 1067 and 1068:
Chapter 39 Using Microsoft Office I
Page 1069 and 1070:
Chapter 39: Using Microsoft Office
Page 1071 and 1072:
Page 1073 and 1074:
Page 1075 and 1076:
Page 1077 and 1078:
Page 1079 and 1080:
Page 1081 and 1082:
Page 1083 and 1084:
Page 1085 and 1086:
Page 1087 and 1088:
Page 1089 and 1090:
Page 1091 and 1092:
Page 1093 and 1094:
Page 1095 and 1096:
Page 1097 and 1098:
Chapter 40 Microsoft Outlook 2003 I
Page 1099 and 1100:
Chapter 40: Microsoft Outlook 2003
Page 1101 and 1102:
Page 1103 and 1104:
Page 1105 and 1106:
Page 1107 and 1108:
Page 1109 and 1110:
! Chapter 40: Microsoft Outlook 200
Page 1111 and 1112:
Page 1113 and 1114:
Page 1115 and 1116:
Page 1117:
Part XI Upgrading and Migrating to
Page 1120 and 1121:
1090 Part XI: Upgrading and Migrati
Page 1122 and 1123:
Page 1124 and 1125:
Page 1126 and 1127:
Page 1129 and 1130:
Chapter 42 Upgrading and Migrating
Page 1131 and 1132:
Chapter 42: Upgrading and Migrating
Page 1133 and 1134:
Page 1135 and 1136:
Page 1137 and 1138:
Page 1139 and 1140:
Page 1141 and 1142:
Page 1143 and 1144:
Page 1145 and 1146:
Page 1147 and 1148:
Page 1149 and 1150:
F42XR05 Chapter 42: Upgrading and M
Page 1151 and 1152:
Page 1153 and 1154:
Page 1155 and 1156:
Page 1157 and 1158:
Page 1159 and 1160:
Page 1161 and 1162:
Migration Tools Chapter 42: Upgradi
Page 1163 and 1164:
Glossary access control list (ACL)
Page 1165 and 1166:
crawl To search content to include
Page 1167 and 1168:
Glossary 1137 Internet Server Appli
Page 1169 and 1170:
scope The range and depth of a sear
Page 1171:
Glossary 1141 virtual server A virt
show all

Microsoft Sharepoint Products and Technologies Resource Kit eBook

Create successful ePaper yourself

Delete template?

Save as template?