SPClaimsUtility.AuthenticateFormsUser的证书验证问题

时间:2021-12-21 16:47:30

Log Parser Studio查看IIS日志发现调用SPClaimsUtility.AuthenticateFormsUser的部分有time-taken在15秒左右的多个响应,查看call stack如下:

Child-SP         RetAddr          Call Site
00000000122ad290 000007fef1a7856b DomainNeutralILStubClass.IL_STUB(IntPtr, System.Security.Cryptography.SafeCertContextHandle, System.Runtime.InteropServices.ComTypes.FILETIME ByRef, System.Security.Cryptography.SafeCertStoreHandle, CERT_CHAIN_PARA ByRef, UInt32, IntPtr, System.Security.Cryptography.SafeCertChainHandle ByRef)
00000000122ad4e0 000007fef1a7812e System.Security.Cryptography.X509Certificates.X509Chain.BuildChain(IntPtr, System.Security.Cryptography.SafeCertContextHandle, System.Security.Cryptography.X509Certificates.X509Certificate2Collection, System.Security.Cryptography.OidCollection, System.Security.Cryptography.OidCollection, System.Security.Cryptography.X509Certificates.X509RevocationMode, System.Security.Cryptography.X509Certificates.X509RevocationFlag, System.DateTime, System.TimeSpan, System.Security.Cryptography.SafeCertChainHandle ByRef)
00000000122ad5d0 000007fee933b805 System.Security.Cryptography.X509Certificates.X509Chain.Build(System.Security.Cryptography.X509Certificates.X509Certificate2)
00000000122ad700 000007fee9250394 Microsoft.SharePoint.SPCertificateValidator+SPImmutableCertificateValidator.Validate(System.Security.Cryptography.X509Certificates.X509Certificate2)
00000000122ad760 000007fee610b908 Microsoft.SharePoint.SPCertificateValidator.Validate(System.Security.Cryptography.X509Certificates.X509Certificate2)
00000000122ad7d0 000007ff0026fc53 Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(System.IdentityModel.Tokens.SecurityToken)
00000000122ad880 000007ff00279fc1 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.AuthenticateUser(System.IdentityModel.Tokens.SecurityToken)
00000000122ad8d0 000007fee899ec7c Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(System.IdentityModel.Tokens.SecurityToken, Microsoft.SharePoint.IdentityModel.SPSessionTokenWriteType)
00000000122ad980 000007ff00279a48 Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated)
00000000122ad9d0 000007ff00202f60 Microsoft.SharePoint.IdentityModel.SPClaimsUtility.AuthenticateFormsUser(System.Uri, System.String, System.String)

网上有3种解决方案,个人推荐安装证书,操作参考如下:

1、已管理员身份运行SharePoint 2010 Management Shell。

2、执行以下命令:

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content C:\SharePointRootAuthority.cer -Encoding byte

3、安装导出的证书” SharePointRootAuthority.cer”至受信任的根证书颁发机构。