It is supposed that you can use Deepnet IIS agent to add 2nd factor authentication onto any web services hosted under Microsoft IIS. However it is doomed to fail on protecting SharePoint if you only configure the settings per its user guide.
Generally you will get the infamous “500 – Internal server error” when visiting the protected SharePoint site.
In addition, you may use IIS manager and check the authentication of the application “DasWeb”(under the protected SharePoint site) created by Deepnet IIS agent, you will get the following error message box which complains duplicate issues.
In order to make Deepnet work with SharePoint 2010, a little bit of effort needs to be contributed.
Prerequisites
You have to configure the SharePoint with Form Authentication before installing Deepnet IIS agent.
Changes on web.config of your SharePoint site
Please find the file web.config in your sharepoint site, you can use IIS Manger, select the site, then click “Explore” in Actions pane, open the file with your favourite editor.
locate <httpModules> under <system.web>, insert
<add name="Session" type="System.Web.SessionState.SessionStateModule" /> after <httpModules>
<httpModules>
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
<add name="FederatedAuthentication" type="Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="SessionAuthentication" type="Microsoft.SharePoint.IdentityModel.SPSessionAuthenticationModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="SPWindowsClaimsAuthentication" type="Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
</httpModules>
<add name="Session" type="System.Web.SessionState.SessionStateModule" />
<add name="FederatedAuthentication" type="Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="SessionAuthentication" type="Microsoft.SharePoint.IdentityModel.SPSessionAuthenticationModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="SPWindowsClaimsAuthentication" type="Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="DasIIS7Native" />
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
</modules>
<pages enableSessionState="false" enableViewState="true" enableViewStateMac="true" validateRequest="false" pageParserFilterType="Microsoft.SharePoint.ApplicationRuntime.SPPageParserFilter, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" asyncTimeout="7">
make a change on enableSessionState, keep others intact.
<pages enableSessionState="true" enableViewState="true" enableViewStateMac="true" validateRequest="false" pageParserFilterType="Microsoft.SharePoint.ApplicationRuntime.SPPageParserFilter, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" asyncTimeout="7">
<!-- <trust level="WSS_Minimal" originUrl="" /> -->
For your convenience, I uploaded the one in my lab just for the reference. Please do NOT use it to overwrite yours.
Changes on web.config of the application “DasWeb”
Simply download the file from here to overwrite the original one.
Application Pool on the application “DasWeb”
The application pool of DasWeb must be as same as the one of the web site root
Now you should be able to use Deepnet two factor authentication with SharePoint 2010.
Reference
Configuring claims and forms based authentication for use with an LDAP provider in SharePoint 2010
No comments:
Post a Comment