+ All Categories
Home > Technology > Extending SharePoint 2010 to your customers and partners

Extending SharePoint 2010 to your customers and partners

Date post: 08-Jun-2015
Category:
Upload: corey-roth
View: 1,708 times
Download: 4 times
Share this document with a friend
Description:
Slides for the talk I gave at SPC11 about Extranets.
Popular Tags:
47
anaheim, ca octobe r 3– 6 th Conference 2011
Transcript
Page 1: Extending SharePoint 2010 to your customers and partners

anaheim, ca

october

3–6 t h

2011

Conference 2011

Page 2: Extending SharePoint 2010 to your customers and partners

Extending SharePoint 2010 to your customers and partnersCorey Roth@coreyroth

Page 3: Extending SharePoint 2010 to your customers and partners

Problems with using E-mail for collaboration E-mail is not ideal for

sharing with external users Inboxes flooded Versioning issues Files blocked Send / Receive limits

Page 4: Extending SharePoint 2010 to your customers and partners

Agenda Why you need an extranet Extranet network topologies Authentication Options Document Management for Extranets

Page 5: Extending SharePoint 2010 to your customers and partners

Questions to ask yourself… What is an extranet? Do we need an extranet? Who will use the extranet? What does SharePoint offer? How will users get to the extranet? How will users authenticate? How do I populate content on the

extranet?

Page 6: Extending SharePoint 2010 to your customers and partners

Do we need an extranet?

If you answer yes to any of the following then you might: Does your organization often share documents with

customers, vendors, partners, and suppliers? Have you had issues caused by transmitting the wrong

version of a document? Do you have employees that routinely send out

contracts, reports, invoices, and other documents outside the company?

Do you have security or document expiration concerns with the documents you share?

Do you need to be able to search the documents you are sharing?

Page 7: Extending SharePoint 2010 to your customers and partners

Who will use the extranet? What type of users are extranets suitable for?

Page 8: Extending SharePoint 2010 to your customers and partners

Extranet Scenarios – Customers and Partners Collaborate by sharing documents and data Security allows content for each partner to be isolated Partners can’t view each others data

Page 9: Extending SharePoint 2010 to your customers and partners

Extranet Scenarios – Remote Employees Allow remote employees to

access corporate information without needing a VPN connection

Ideal for traveling employees, remote workers, or geographically disperse teams

Page 10: Extending SharePoint 2010 to your customers and partners

What does SharePoint offer? Authenticate and authorize users Fine-tune permissions for a given partner or group of

users Take advantage of ECM features like document libraries Calendars, announcements, picture libraries, tasks Allow users to search for the documents they seek Take documents offline with SharePoint Workspace

Page 11: Extending SharePoint 2010 to your customers and partners

SharePoint ECM Features Enterprise Search Check in / Check out Auditing Versioning Policies (Retention /

Expiration) Office Web Apps SharePoint Workspace

Page 12: Extending SharePoint 2010 to your customers and partners

Questions to ask yourself… What is an extranet? Do we need an extranet? Who will use the extranet? What does SharePoint provide me? How will users get to the

extranet? How will users authenticate? How do I populate content on the

extranet?

Page 13: Extending SharePoint 2010 to your customers and partners

SharePoint Farms for Extranet Different farm Multi-tenancy Same farm with a separate web

application Same farm with the same web

application

Page 14: Extending SharePoint 2010 to your customers and partners

It’s all about the network… Choosing the right network

topology is important. Topologies affect where

SharePoint, SQL, and Active Directory servers are in the network

Several common network topologies can be used for SharePoint extranets

Page 15: Extending SharePoint 2010 to your customers and partners

Network TopologyEdge Firewall

Page 16: Extending SharePoint 2010 to your customers and partners

Network TopologyBack-to-back Perimeter

Page 17: Extending SharePoint 2010 to your customers and partners

Network TopologySplit Back-to-back Perimeter

Page 18: Extending SharePoint 2010 to your customers and partners

Questions to ask yourself… What is an extranet? Do we need an extranet? Who will use the extranet? What does SharePoint provide me? How will users get to the extranet? How will users authenticate? How do I populate content on the

extranet?

Page 19: Extending SharePoint 2010 to your customers and partners

What are my authentication options? Active Directory Forms Based Authentication – ASP.NET Membership

Provider Forms Based Authentication - Active Directory Trusted Identity Provider – Windows Live Id Many others / custom

Page 20: Extending SharePoint 2010 to your customers and partners

AuthenticationActive Directory

Same authentication your internal users use External users presented with a browser login dialog Users login with domain\username Not very user friendly Users get prompted often for authentication Combined with an application firewall to provide FBA

Page 21: Extending SharePoint 2010 to your customers and partners

AuthenticationForms Based Authentication – ASP.NET Membership Provider

Users log in via forms using the ASP.NET Membership provider

Uses Claims-Based Authentication Users stored in SQL Server database Management of users requires code or third party tools

SharePoint 2010 FBA Pack: http://sharepoint2010fba.codeplex.com

CKS: http://cks.codeplex.com/releases/view/7450

Page 22: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration Steps

1) Configure web application to use Claims Based Authentication

2) Configure the membership provider and role manager3) Modify web.config files4) Grant permissions

Page 23: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – Claims Based Authentication

Create a new web application or extend an existing web application Select Claims Based

Authentication for Authentication Check Enable Forms Based

Authentication Specify an ASP.NET Membership

provider name Specify an ASP.NET Role manager

name

Convert existing web apps converted to Claims using PowerShell

Page 24: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – Membership / Role Provider

Create membership database with aspnet_regsql.exe Located at C:\Windows\Microsoft.NET\Framework64\v2.0.50727

Specify a name for the membership database (default: aspnetdb)

Grant SQL Server permissions to membership database Application Pool accounts Farm account

Page 25: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – web.config

Connection string, membership provider and role provider must be added to web.config files

Modifications are required in the following web.config files Forms Based Web Application Central Administration STS (%programfiles%\common files\Microsoft Shared\web

server extensions\14\WebServices\SecurityToken) Modifications on following slides

Page 26: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – web.config Modifications

<!–- Before system.web element --><!– These changes should be added to both FBA web application and Central Admin web.config -><connectionStrings><add name=“MembershipConnectionString" connectionString="data source=SQLServer;Integrated Security=SSPI;Initial Catalog=aspnetdb" /></connectionStrings>

Page 27: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – web.config Modifications

<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"><providers><add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

Page 28: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – web.config Modifications

<add connectionStringName="MembershipConnectionString" applicationName="/" description="Stores and retrieves roles from SQL Server" name="SQL-RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

</providers></roleManager>

Page 29: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – web.config Modifications

<membership defaultProvider="i"><providers><add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

Page 30: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – web.config Modifications

<add connectionStringName=“MembershipConnectionString" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="" name="SQL-MembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /></providers></membership>

Page 31: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (ASP.NET) – Configuration – Grant Permissions

Create users in membership database Create users with code or third party tools

SharePoint 2010 FBA Pack: http://sharepoint2010fba.codeplex.com

CKS: http://cks.codeplex.com/releases/view/7450 After users are created, grant access at Web Application

level Web Applications -> User Policy -> Add User (Default Zone)

Page 32: Extending SharePoint 2010 to your customers and partners

FBA – ASP.NET Membership Provider

Corey Roth@coreyroth

demo

Page 33: Extending SharePoint 2010 to your customers and partners

AuthenticationForms Based Authentication - Active Directory

Similar to ASP.NET Membership configuration Specify users in AD using an LDAP connection string

i.e.: LDAP://dc.domain.local/OU=Users,DC=domain,DC=local Classic Authentication AD users != FBA AD Users Configure web application to use Claims Based

Authentication Specify Membership provider name but no role manager

Edit web.config files

Page 34: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (AD) – Configuration – Web.config Modifications

<!–- Before system.web element --><!– These changes should be added to both FBA web application, Central Admin, and STS web.config -><connectionStrings>    <add name=“ActiveDirectoryConnectionString"         connectionString="LDAP://dc.domain.local/OU=Users,DC=domain,DC=local" /> </connectionStrings>

Page 35: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (AD) – Configuration – Web.config Modifications

<membership defaultProvider=“ActiveDirectoryMembership">    <providers>       <add name="ActiveDirectoryMembership"            type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" …

Page 36: Extending SharePoint 2010 to your customers and partners

AuthenticationFBA (AD) – Configuration – Web.config Modifications

…          connectionStringName=“ActiveDirectoryConnectionString"            enableSearchMethods="true"            attributeMapUsername="sAMAccountName" />    </providers> </membership>

Page 37: Extending SharePoint 2010 to your customers and partners

FBA – Active Directory

Corey Roth@coreyroth

demo

Page 38: Extending SharePoint 2010 to your customers and partners

AuthenticationTrusted Identity Provider – Windows Live Id

Login to the Microsoft Services Manager site with a Windows Live Id https://msm.live.com/

Register your site Site name DNS name (urn:someurl) Policy: Select Windows Live ID Default return URL: http://yourdomain/_trust/default.aspx Override Authentication Policy: MBI_FED_SSL

Page 39: Extending SharePoint 2010 to your customers and partners

AuthenticationTrusted Identity Provider – Windows Live Id

Page 40: Extending SharePoint 2010 to your customers and partners

AuthenticationTrusted Identity Provider – Windows Live Id

Install x509 certificate Configure Claims Provider using PowerShell Configure Web App to use Trusted Identity Provider Test your site with Windows Live ID credentials Begin compliance review Repeat above steps for production Live ID

Page 41: Extending SharePoint 2010 to your customers and partners

Windows Live Id Provider

Corey Roth@coreyroth

demo

Page 42: Extending SharePoint 2010 to your customers and partners

Questions to ask yourself… What is an extranet? Do we need an extranet? Who will use the extranet? What does SharePoint provide me? How will users get to the extranet? How will users authenticate? How do I populate content on the

extranet?

Page 43: Extending SharePoint 2010 to your customers and partners

How do I populate content? I have an extranet! Now how do I

populate it? Manual Uploading Publishing Send to connections Custom code (i.e.: Event Receivers /

Workflows)

Page 44: Extending SharePoint 2010 to your customers and partners

Send to Connections

Corey Roth@coreyroth

demo

Page 46: Extending SharePoint 2010 to your customers and partners

Related Sessions at SPCSPC Code

Session Name Day Time Type Location

SPC3997 TITUS: Using Claims for Authentication in SharePoint 2010

Weds 10/5

5:00p Partner

SPC411 Security Design with Claims Based Authentication

Thurs 10/6

12:00p

Microsoft

Page 47: Extending SharePoint 2010 to your customers and partners

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted

to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Recommended