Wednesday, 13 February 2013

Web application using claims-based authentication


Create a Web application using claims-based authentication
You can create a Web application that uses classic mode authentication or claims-based authentication.
To create a Web application that uses claims-based authentication:
  1. On the Quick Launch, click Application Management.
  2. On the Application Management page, in the Web Applications section, click Manage web applications.
  3. On the Web Applications Management page, on the ribbon, click Create.
  4. On the Create New Web Application page, in the Authentication section, click Claims Based Authentication.
  5. In the IIS Web Site section, click Use an existing Web site to select a Web site that is already created, or leave Create a new IIS web site selected. The Name, Port, and Path boxes are populated with either the existing Web site's information or with suggested settings for a new Web site. The Host Header setting is optional and may not automatically populate.
  6. In the Security Configuration section:
    1. Under Allow anonymous, select Yes or No. If you choose to allow anonymous access, this enables anonymous access to the Web site using the computer-specific anonymous access account IUSR_<computername>, by default. If you choose not to allow anonymous access, it is disabled for all site collections in this Web application. If you choose to enable anonymous access, you can still disable it at for individual site collections in this Web application.
    2. Under Use Secure Sockets Layer (SSL), select Yes or No. If you choose to enable SSL for the Web site, you must configure SSL by installing an SSL certificate on all Web servers in the farm.
Important  More authentication methods are available for Web applications. You can change the type of authentication used by a Web application after it is created. To do this, on the Quick Launch, click Security. Under General Security, select Specify authentication providers, and then select a zone to open the Edit Authentication page.
  1. In the Identity Provider Settings section, configure one or more of the following options:
    • Select the Enable Windows Authentication check box, expand the menu, and then select either Negotiate (Kerberos or NTLM) or NTLM. Select the Basic authentication (password is sent in the clear text) check box if you want to enable basic authentication as a fallback, if Kerberos and NTLM fail.
    • Select the Enable ASP.NET Membership and Role Provider check box. In the Membership provider name box, type the name of the Membership provider that authenticates the user. In the Role manager name box, type the name of the role manager that stores role information and verifies the role or roles of authenticated users.
    • Select the Enable authentication for these Trusted Identity Providers check box, expand the menu, and then select one or more Trusted Identity Providers. This option is not available if no Trusted Identity Providers are defined. To define a Trusted Identify Provider, see Manage trusts.
  1. The Redirection URL section defines the URL of the logon page for users that need to be authenticated. Expand the Default URL menu, and then select one of the default pages. Alternatively, click Custom URL and type in the URL of the logon page.
  2. Under Client Integration, select Enable Client Integration if you want your site to be able to launch applications for users.
  3. In the Public URL section, in the URL box, type the Web server name that users will see in the address bar of their browser for all pages in this Web application. The Zone box is automatically set to Default for a new Web application and cannot be changed from this page. You must extend a Web application to assign a different zone.
  4. In the Application Pool section, you can select Use existing application pool to use an application pool that is already created, or you can choose to leave Create a new application pool selected. To select an existing application pool, expand the list, and then click the application pool that you want to use. To create a new application pool for use by this Web application, click Create new application pool, and then complete the following steps:
    1. In the Application pool name box, type a name for the new application pool, or use the suggested name.
    2. Under Select a security account for the application pool:
      • Select Predefined to use a system account, expand the menu, and then select the account.
      • Select Configurable to use an account that is registered as a managed account, expand the menu, and then select the account. Only accounts that are currently registered as managed accounts are listed in the menu. To register another account, click Register new managed account.
  1. In the Database Name and Authentication section, in the Database Server box, type the name of the database server that this Web application will use. In the Database Name box, type the name of the database that you want this Web application to use. Under Database authentication, select Windows authentication (recommended) or SQL authentication. If you select SQL authentication, in the Account box, type a user name of an account that has the credentials needed to connect to the database server, and in the Password box, type the password for that account.
  2. In the Failover Server section, under Failover Database Server box, if SQL Server database mirroring is implemented, type the name of the designated failover database server. This setting may be left blank.
  3. The Search Server section lists the search service that is available to this new Web application. This section is not configurable.
  4. In the Service Application Connections section, expand the Edit the following group of associations menu, and then click the appropriate association. This setting may be left blank.
  5. In the Customer Experience Improvement Program section, click Yes to send program errors and information to Microsoft for use in improving this application. Click No to opt out of this program.
  6. To accept the settings and create the Web application, click OK. This may take a few moments. After the Web application is created, on the Application Created page, click OK to return to the Web Applications Management page.
Posted by at No comments:

Tuesday, 12 February 2013

Configure incomming and outgoing mail

Install the SMTP service

To install the SMTP service, use the Add Features Wizard in Server Manager. The wizard creates a default SMTP configuration. You can customize this default SMTP configuration to meet the requirements of your organization.

To install the SMTP service

  1. Verify that the user account that is performing this procedure is a member of the Administrators group on the front-end web server.
  2. Click Start, point to Administrative Tools, and then click Server Manager.
  3. In Server Manager, click Features.
  4. In Features Summary, click Add Features to open the Add Features Wizard.
  5. On the Select Features page, select SMTP Server.
  6. In the Add Features Wizard dialog box, click Add Required Roll Services, and then click Next.
  7. On the Confirm Installation Selections page, click Install.
  8. On the Installation Results page, ensure that the installation is complete, and then click Close.

Configure the SMTP service

After you install the SMTP service, you configure it to send email messages from servers in the farm.
You can decide to send relayed email messages to all servers except those that you specifically exclude. Alternatively, you can block messages to all servers except those that you specifically include. You can include servers individually or in groups by subnet or domain.
If you enable anonymous access and relayed email messages, you increase the possibility that the SMTP server will be used to relay unsolicited commercial email messages (spam). It is important to limit this possibility by carefully configuring mail servers to help protect against spam. One way that you can do this is by limiting relayed email messages to a list of specific servers or to a domain, and by preventing relayed email messages from all other servers.
noteNote:
To manage the SMTP service on Windows Server 2008, you must use Internet Information Services (IIS) 6.0 Manager. Ensure that you install IIS 6.0 Management tools in Server Manager.

To install IIS 6.0 Management tools

  1. Verify that the user account that is performing this procedure is a member of the Administrators group on the front-end web server.
  2. Click Start, point to Administrative Tools, and then click Server Manager.
  3. In Server Manager, click Roles.
  4. In the Application Server section, click Add Role Services.
  5. On the Select Role Services page, select Management Tools and IIS 6 Management compatibility, and then click Install.

To configure the SMTP service

  1. Verify that the user account that is performing this procedure is a member of the Administrators group on the front-end web server.
  2. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) 6.0 Manager.
  3. In IIS Manager, expand the server name that contains the SMTP server that you want to configure.
  4. Right-click the SMTP virtual server that you want to configure, and then click Start.
  5. Right-click the SMTP virtual server that you want to configure, and then click Properties.
  6. On the Access tab, in the Access control area, click Authentication.
  7. In the Authentication dialog box, verify that Anonymous access is selected.
  8. Click OK.
  9. On the Access tab, in the Relay restrictions area, click Relay.
  10. To enable relayed email messages to any server, click All except the list below.
  11. To accept relayed email messages from one or more specific servers, follow these steps:
    1. Click Only the list below.
    2. Click Add, and then add servers one at a time by IP address, or in groups by using a subnet or domain.
    3. Click OK to close the Computer dialog box.
  12. Click OK to close the Relay Restrictions dialog box.
  13. Click OK to close the Properties dialog box.
Ensure that the SMTP service is running and set to start automatically. To do this, use the following procedure.

To set the SMTP service to start automatically

  1. Click Start, point to Administrative Tools, and then click Services.
  2. In Services, right-click Simple Mail Transfer Protocol (SMTP), and then select Properties.
  3. In the Simple Mail Transfer Protocol (SMTP) Properties dialog box, on the General tab, in the Startup type list, select Automatic.
  4. Click OK.

Configure outgoing email for a farm

You can configure outgoing email for a farm by using the SharePoint Central Administration website. Use the following procedures to configure outgoing email. After you complete the procedures, users can track changes and updates to individual site collections. In addition, site administrators can, for example, receive notices when users request access to a site.

To configure outgoing email for a farm by using Central Administration

  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group on the server that is running the SharePoint Central Administration website.
  2. In Central Administration, click System Settings.
  3. On the System Settings page, in the E-Mail and Text Messages (SMS) section, click Configure outgoing e-mail settings.
  4. On the Outgoing E-Mail Settings page, in the Mail Settings section, type the SMTP server name for outgoing email (for example, mail.example.com) in the Outbound SMTP server box.
  5. In the From address box, type the email address as you want it to be displayed to email recipients.
  6. In the Reply-to address box, type the email address to which you want email recipients to reply.
  7. In the Character set list, select the character set that is appropriate for your language.
  8. Click OK.

Configure outgoing email for a specific web application

You can configure outgoing email for a specific web application by using the Central Administration website. Use the following procedures to configure outgoing email.
noteNote:
To configure outgoing email for a specific web application, first configure the default outgoing email for all web applications in the farm. If you configure the outgoing email for a specific web application, that configuration will override the default configuration for all web applications in the farm.

To configure outgoing email for a specific web application by using Central Administration

  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group on the server that is running the SharePoint Central Administration website.
  2. In Central Administration, in the Application Management section, click Manage web applications.
  3. On the Web Applications Management page, select a web application, and then in the General Settings group on the ribbon, click Outgoing E-mail.
  4. On the Web Application Outgoing E-Mail Settings page, in the Mail Settings section, type the name of the SMTP server for outgoing email (for example, mail.fabrikam.com) in the Outbound SMTP server box.
  5. In the From address box, type the email address (for example, the site administrator alias) as you want it to be displayed to email recipients.
  6. In the Reply-to address box, type the email address (for example, a help desk alias) to which you want email recipients to reply.
  7. In the Character set list, click the character set that is appropriate for your language.
  8. Click OK.
Posted by at No comments:

Saturday, 2 February 2013

Certificate Installation


To Install an SSL on Microsoft IIS 7
1. To install the intermediate certificate, click Start, and then click Run....
2. Type mmc, and then click OK. The Microsoft Management Console (Console) window opens.
3.In the Console1 window, click the File menu, and then select Add/Remove Snap-in.
4.In the Add or Remove Snap-in window, select Certificates, and then click Add.
5.In the Certificates snap-in window, select Computer Account, and then click Next.
6.In the Select Computer window, select Local Computer, and then click Finish.
7.In the Add or Remove Snap-in window, click OK.
8.In the Console1 window, click + to expand the folder.
9.Right-click Intermediate Certification Authorities, mouse-over All Tasks, and then click Import.
10.In the Certificate Import Wizard window, click Next.
11.Click Browse to find the intermediate certificate file.
12.In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, and then click Open.
NOTE: Do not install your Leaf Certificate in this area. Doing so removes your certificate from the list, and you must reinstall to correct the problem.
13. In the Certificate Import Wizard window, click Next.
14.Select Place all certificates in the following store, and then click Browse.
15.In the Select Certificate Store window, select Intermediate Certification Authorities, and then click OK.
16.In the Certificate Import Wizard window, click Next.
17.Click Finish.
18.Click OK.
19.Close the Console 1 window, and then click No to remove the console settings.
20.To install the certificate, click Start, mouse-over Administrative Tools, and then click Internet Services Manager.
21.In the Internet Information Services (IIS) Manager window, select your server.
22.Double-click Server Certificates.
23.From the Actions panel on the right, click Complete Certificate Request....
24.To locate your certificate file, click ....
25.In the Open window, select *.* as your file name extension, select your certificate (it might be saved as a .txt, .cer, or .crt), and then click Open.
26.In the Complete Certificate Request window, enter a Friendly name for the certificate file, and then click OK.
NOTE: For Wildcard SSL certificates make sure your Friendly Name to matches your Common Name (i.e. *.coolexample.com).
27.In the Internet Information Services (IIS) Manager window, select the name of the server where you installed the certificate.
28.Click + beside Sites, select the site to secure with the SSL certificate.
29.In the Actions panel on the right, click Bindings....
30.Click Add....
31.In the Add Site Binding window:
For Type, select https.
For IP address, select All Unassigned, or the IP address of the site.
For Port, type 443.
For SSL Certificate, select the SSL certificate you just installed, and then click OK.
32.Close the Site Bindings window.
33.Close the Internet Information Services (IIS) Manager window.
Your SSL Certificate is installed. Visit your website with HTTPS to verify the installation.
Posted by at No comments:
Subscribe to: Posts (Atom)