Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

Configure Authentication for Sharepoint Sites

Sponsor

Windows Sharepoint Services and its bigger brother Sharepoint Portal Server are powerful tools, but like any website there are a number of authentication methods you can apply to secure your Sharepoint site(s).

WSS and SPS use the authentication method you specify in the IIS virtual server properties for the top level site and all its subsites. There are a number of authentication methods available including:

  • Anonymous authentication 
  • Basic authentication 
  • Integrated Windows authentication 
  • Certificate-based authentication

WSS and SPS support all these authentication methods and you can modify the default authentication methods for virtual servers hosting Sharepoint sites. You also have the ability to enable Secure Sockets Layer (SSL) to further secure your sites or the Sharepoint administration site. By default Sharepoint uses Integrated Windows authentication and this is perfectly fine for internal use, however if you wish to allow access to external users, enabling Basic authentication and SSL is a sutible alternative. This is the same method used by Outlook Web Access.

All changes made to the authentication settings for Sharepoint are done within the IIS Manager MMC. The first step is to enable Basic authentication, Open up the IIS Manager MMC and drill down to the virtual server holding the Sharepoint site. Right-click the virtual server and select Properties and then click on the Directory Security tab. Finally click Edit under the Authentication and access control heading. Leave Integrated Windows authenticaton checked and check the box next to Basic authentication.

 

You will be prompted with a warning about passwords being sent in plaint text. We will take care of this next when we enable SSL.

Enabling SSL for a virtual server hosting SharePoint sites is as simple as enabling SSL for any IIS site however if you wish to use SSL on the Sharepoint administration site you also need to run the STSAdm.exe tool to configure the port. Enabling SSL for the Sharepoint administration site is done in the same manner as for any Sharepoint virtual server however there is one small addition if you are running a Sharepoint server farm.

If you are running a Sharepoint server farm, once you have configured Basic authentication and SSL in IIS you need to use STSAdm.exe to configure the port and configure the administration pages to use SSL.

stsadm.exe o setadminport p12345

You must configure all of the Sharepoint servers in the server farm to use the same administration port. You can use any port number you want for remote administration and you must run the command on each Web front-end server in your server farm.

Next you must also configure the administration pages to use SSL with the following command.

stsadm.exe o setadminport ssl

Again this last command is only necessary if you have a Sharepoint server farm and you must run this command on each Web front-end server in the server farm. One last note, if you are testing this scenario in a lab enviroment you can use SelfSSL.exe from the IIS 6.0 Resource Kit to create self-signed certificates.

For more information see:

Download Details: Internet Information Services 6.0 Resource Kit Tools





Published Monday, March 27, 2006 5:17 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Powered By

 

Syndication

Sponsors

  
Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008