none
Referral error extending a site for AD authentication

    คำถาม

  • I have a claims-based SP 2010 Enterprise web application that has an extended FBA site.  I need to start implementing dashboards, but can't currently use Dashboard Designer - see http://technet.microsoft.com/en-us/library/ee748637.aspx:

    Claims-based authentication in SharePoint Server 2010 supports multiple authentication providers on a single web application and is used to pass the users identity between the front-end web servers and the application servers. PerformancePoint Services supports multiple authentication providers only when you use dashboard content through a web browser. Dashboard Designer is not supported when you directly access a URL for any web application that uses multiple authentication providers. In order to use the Dashboard Designer in this configuration, you must extend the web application to configure access to the new URL that is restricted to the Windows authentication provider.

    I tried extending my site and defining an AD authentication provider using http://technet.microsoft.com/en-us/library/cc288259(v=office.12).aspx#section2 and http://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspx but when I visit the extended site I get an unexpected error; the ULS log shows this:

    04/25/2012 10:24:05.40 w3wp.exe (0x2A9C)                                       0x2A30 SharePoint Foundation                 Runtime                                       tkau       Unexpected       System.Configuration.ConfigurationErrorsException: A referral was returned from the server.   (C:\inetpub\wwwroot\wss\VirtualDirectories\SharePoint - Dashboard Designer\web.config line 461)    at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)     at System.Web.Configuration.ProvidersHelper.InstantiateProviders(ProviderSettingsCollection configProviders, ProviderCollection providers, Type providerType)     at System.Web.Security.Membership.Initialize()     at System.Web.Security.Membership.get_Provider()     at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)     at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestEx...  1d3572b1-f366-497d-991c-a128d76beec1
    04/25/2012 10:24:05.40*               w3wp.exe (0x2A9C)                                       0x2A30 SharePoint Foundation                         Runtime                               tkau       Unexpected       ...ecuteAppHandler(Object oSender, EventArgs ea)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)   1d3572b1-f366-497d-991c-a128d76beec1

    Line 461 in the web.config file is:

    <add name="SPADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SPADConnectionString"/>

    The ConnectionStrings entry in the web.config file is:

    <connectionStrings>
       <add name="SPADConnectionString" connectionString="LDAP://ourservername.ourcompany.com/CN=Users,DC=ourservername,DC=ourcompany.com" />
    </connectionStrings>

    I've searched for help online and haven't found any - hoping I can find some on the forum.  Any help would be greatly appreciated!!

    Thanks,


    David


    • แก้ไขโดย dgunnlds 25 เมษายน 2555 21:55
    25 เมษายน 2555 17:31

คำตอบ

ตอบทั้งหมด

  • Hi,

    The only way to use the Dashboard Designer is use Classic Authentication (NTLM / Kerberos). So you need to extend your web application with Classic Authentication in order to work with the Dashboard Designer.

    You need to open your site on the extended Url and then you can open the Dashboard Designer.

    Regards,

    André

    26 เมษายน 2555 13:57
  • Andre,

    Thank you for your reply.

    How do you extend a claims-based web application with classic authentication?  I don't think you can.

    And what about this?

    http://technet.microsoft.com/en-us/library/ee748637.aspx:

    Claims-based authentication in SharePoint Server 2010 supports multiple authentication providers on a single web application and is used to pass the users identity between the front-end web servers and the application servers. PerformancePoint Services supports multiple authentication providers only when you use dashboard content through a web browser. Dashboard Designer is not supported when you directly access a URL for any web application that uses multiple authentication providers. In order to use the Dashboard Designer in this configuration, you must extend the web application to configure access to the new URL that is restricted to the Windows authentication provider.


    David


    • แก้ไขโดย dgunnlds 26 เมษายน 2555 16:09
    26 เมษายน 2555 15:52
  • I found after all my testing and trying different things that somwhere along the way I corrupted the membershipprovider entry in the web.config of my extended app.  I corrected it, and now I don't get the referral error and I am able to see the login page.  I get an error when trying to login, but I've created a separate post for that error (http://social.msdn.microsoft.com/Forums/en/sharepoint2010setup/thread/c93012da-b442-45b1-a1cb-79c4ad030784).

    For the record the membership provider and connection string that are now in my web.config are:

    <add name="SPADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SPADConnectionString"/>

    <add name="SPADConnectionString" connectionString="LDAP://DCServerName.company.com/OU=Service Accounts,DC=company,DC=com" />


    David


    • แก้ไขโดย dgunnlds 26 เมษายน 2555 16:07
    • ทำเครื่องหมายเป็นคำตอบโดย dgunnlds 26 เมษายน 2555 16:07
    26 เมษายน 2555 16:06