What every SharePoint administrator needs to know about Alternate Access Mappings (Part 3 of 3)
来源:互联网 发布:java图形界面视频教程 编辑:程序博客网 时间:2024/05/16 07:34
In Part 1 of my blog series on Alternate Access Mappings, I gave a brief introduction to the feature and an example of how it can be used. In Part 2, I described some of the common AAM-related problems people run into when deploying SharePoint and how to avoid them. For the final article in our series, I'll discuss how AAM integrates with some other features in SharePoint.
Authentication Providers
As I mentioned in Part 1 of this blog series, AAM allows you to expose a web application in as many as 5 different AAM zones, with a different IIS Web site backing each zone. (As an aside, some people accidentally refer to this as having up to 5 different web applications sharing the same content database(s). In reality, there is just one web application.) Not only do these zones allow you to use multiple URLs to access the same web application, they allow you to use multiple authentication providers to access the same web application as well.
When extending a web application into a zone, SharePoint only offers you the choice of using Windows authentication provided by Internet Information Services. Once the web application has been extended into the zone, you can modify that zone to use a different type of authentication. To do this, browse to the SharePoint 3.0 Central Administration site and click Application Management --> Authentication providers. Next, select your web application from the Web Application selector on the right side of the page. Finally, select the zone that you wish to modify. Now you change your authentication settings for that zone.
The power of this feature is that it allows you to configure completely independent authentication settings to access the very same content. For example, you might configure some content to be anonymously accessible while other content requires credentials. You could configure one zone to have anonymous access enabled and all other forms of authentication disabled, guaranteeing that only the anonymous content will be accessible. At the same time, another zone can have anonymous access disabled while NTLM authentication is enabled, guaranteeing that only authenticated access will be allowed. Plus, you can even have different types of accounts to access the same content - one zone can be configured to use Windows Active Directory (AD) accounts while another zone can be configured to use non-AD accounts via ASP.NET Forms authentication.
Web Application Policies
Web application policies allow administrators to grant or deny access to accounts and security groups for all sites exposed through a zone. This can be useful for a variety of scenarios.
For example, the SharePoint search crawler must go through the same authorization infrastructure as everyone else - it can only crawl content that it has access to. However, users would still like search to crawl restricted content so that authorized users can find that content in search results. The search service uses a "Full Read" policy on the web applications to give its crawler permission to read all content on that web application. That way, it can crawl and index all existing and future content, even content that the site administrator hasn't explicitly given it access to.
Another example would be help desk personnel who need administrative access to SharePoint sites so that they can assist users. To do this, you can create a web application policy that grants the help desk staff accounts "Full Control" permission so that they have full administrative access to all current and future sites on the web application.
Because policies are tied to both web applications and their zones, you can ensure that the policy you've applied to one zone doesn't affect other zones. This can be useful if you have content exposed both on the corporate network and to the Internet. For example, suppose you've given a help desk staff account Full Control permission over a web application's zone that has been assigned to the corporate network. If someone were to try and use that account to access the site over the Internet, that Full Control policy wouldn't apply because it would recognize that the URL is in a different zone. Therefore, the account wouldn't automatically be given administrative access to the site.
External Resource Mappings
On the Alternate Access Mappings page, you may have noticed a button on the toolbar called "Map to External Resource." It allows you to extend the AAM functionality to content that is not hosted within the SharePoint farm. When you click on this button, you will be asked to create an entry for an external resource, which you could conceptually think of as another web application. Once you have an external resource, you can assign different URLs and zones to it in the same way that you do for SharePoint web applications. This feature isn't utilized in Windows SharePoint Services 3.0, but third party products that build on top of WSS can make use of it.
For example, Office SharePoint Server 2007's search technology is able to crawl content external to the SharePoint farm such as file shares and Web sites. If that content is available at different URLs on different networks, then you would want search to return search results using the appropriate URLs for the user's current network. By using AAM's external resource mapping technology, search can remap the external URLs in its search results to match the user's zone.
I hope you've found this series on AAM helpful. As always, feel free to ask any questions via the blog comments
- What every SharePoint administrator needs to know about Alternate Access Mappings (Part 3 of 3)
- What every SharePoint administrator needs to know about Alternate Access Mappings (Part 1 of 3)
- What every SharePoint administrator needs to know about Alternate Access Mappings (Part 2 of 3)
- What every programmer needs to know about game networking
- Foundations of Security: What Every Programmer Needs to Know
- What Every Driver Writer Needs to Know
- Handling IRPs: What Every Driver Writer Needs to Know -翻译
- What every programmer should know about memory, Part 1
- What every programmer should know about memory, Part 1
- What Every Programmer Should Know About Memory
- What every programmer should know about memory
- what every programmer should know about memory
- What every programmer should know about memory
- 《What Every Programmer Should Know About Memory》在线阅读地址
- What Every Dev Must Know About Multithreaded Apps
- note What Every Programmer Should Know About Memory
- 【翻译】what every programmer should know about time
- What Every Dev Must Know About Multithreaded Apps
- java面试题
- 数字信号产生之泊松分布的随机数
- public,protected,private,defualt
- Eval 格式化货币类型
- 活聘网成长历程-开篇(梦的开始)
- What every SharePoint administrator needs to know about Alternate Access Mappings (Part 3 of 3)
- oracle数据库中insert与select
- js-函数
- 页面数据校验类
- android4.0 WIFI的启动流程和状态机变化
- linux gtk 界面设计工具:glade简介
- PostgreSQL / GIST index require "LIMIT" clause to trigger the index.
- MySQL: InnoDB 还是 MyISAM?
- 数字信号产生之ARMA模型数据的产生