I can't understand the concept and, first of all, where it belongs. Is it solely a Shrepoint concept or more general like of ASP.NET or IIS level? Does it only affect authentication and if so how does it affect it? Or what effect does it have on an application? I know it is a broad question, but I've googled for about 15 minutes and haven't been able to find the answer. And it is kind a not so critical for me now but I'm curious.
我无法理解这个概念,首先是它所属的概念。它只是一个Shrepoint概念还是更像ASP.NET或IIS级别的概念?它是否只影响身份验证,如果是这样,它会如何影响身份验证?或者它对应用程序有什么影响?我知道这是一个广泛的问题,但我用谷歌搜索约15分钟,但未能找到答案。对我来说这对我来说并不那么重要,但我很好奇。
Can you please give a link to a resource with an explanation of this? Thanks!
您能否提供一个资源的链接并解释这个?谢谢!
@Edit: I mean zones like in Authentication Provider : Forms Zone : Intranet (Internet, Default)
@Edit:我的意思是像身份验证提供程序中的区域:表单区域:Intranet(Internet,默认)
@Edit: From what I've understood by now the zones have to do with the association of IIS web applications with sharepoint web applications, and with site collections for that matter. So for example you can extend a web application creating a new IIS web application but from sharepoint's point of view it is just another URL pointing to the same web application with the same set of site collections. And the extension IIS web application can have a different sharepoint zone associeted with it (or thay can be the same zone) providing a way to use a different authentication methods for different access points of the same sharepoint application.
@Edit:从我现在所理解的情况来看,这些区域与IIS Web应用程序与sharepoint Web应用程序的关联以及与此相关的网站集有关。因此,例如,您可以扩展Web应用程序以创建新的IIS Web应用程序,但从sharepoint的角度来看,它只是指向具有相同网站集集的同一Web应用程序的另一个URL。扩展IIS Web应用程序可以具有与其关联的不同共享点区域(或者可以是相同的区域),从而提供对同一共享点应用程序的不同访问点使用不同身份验证方法的方法。
Am I right here?
我在这儿吗?
4 个解决方案
#1
29
Each "zone" is essentially a new IIS Website, where each of the web sites point to a single Application Pool. Theses are also called extensions. Application pools in IIS create complete thread isolation by running separate worker proccesses.
每个“区域”本质上是一个新的IIS网站,其中每个网站都指向一个应用程序池。这些也被称为扩展。 IIS中的应用程序池通过运行单独的worker proccesses来创建完整的线程隔离。
Any Web application can be extended into multiple zones. Extending a Web application to additional zones allows users to access the same Web site through separate and independent URLs, each with its own Web.Config file and IIS application scope. Each zone is configured with its own load-balanced URL (protocol, host header, and port). This allows, for instance, one Web application to make use of many configurations including multiple authentication stores, caching scenarios, content databases, or custom HTTP modules.
任何Web应用程序都可以扩展到多个区域。将Web应用程序扩展到其他区域允许用户通过单独且独立的URL访问同一Web站点,每个URL都有自己的Web.Config文件和IIS应用程序范围。每个区域都配置有自己的负载平衡URL(协议,主机头和端口)。例如,这允许一个Web应用程序使用许多配置,包括多个身份验证存储,缓存方案,内容数据库或自定义HTTP模块。
Basically it allows you to treat a single site differently based on what URL is used to access the site. What is important to keep in mind is the aspect of Load Balancing, caching and content databases.
基本上,它允许您根据用于访问站点的URL来区别对待单个站点。重要的是要记住负载平衡,缓存和内容数据库的方面。
If you have a local intranet that will have, say, 500 internal users and want to extend that site so that you allow external users, say in the thousands, then these features will allow you to separate content and load balancing to limit physical access to specific servers, use custom HTTP Modules for specific zones to create unique sign on rules based on these groups of users.
如果你有一个本地内部网,比如500个内部用户,并希望扩展该网站,以便你允许外部用户,比如成千上万,那么这些功能将允许你分离内容和负载平衡,以限制物理访问特定服务器,使用特定区域的自定义HTTP模块,根据这些用户组创建唯一的登录规则。
#2
4
Zones represent different logical paths (URLs) of gaining access to the same Web application. You can use zones to enforce different access and policy conditions for group of users.
区域表示访问同一Web应用程序的不同逻辑路径(URL)。您可以使用区域为用户组强制执行不同的访问和策略条件。
Zones provide a method to partition users by:
区域提供了一种分区用户的方法:
- Authentication type (ex: claims-based authentication, windows authentication)
- Network zone (ex: extranet, Internet)
- Policy permissions (ex: allow or deny read or write access)
身份验证类型(例如:基于声明的身份验证,Windows身份验证)
网络区域(例如:外联网,互联网)
策略权限(例如:允许或拒绝读取或写入访问权限)
Each Web application can have a maximum of 5 zones.The 5 possible zones are:
每个Web应用程序最多可以有5个区域.5个可能的区域是:
- Default
- Intranet
- Internet
- Custom
- Extranet
When you create a Web application, the Default zone is created. You can then extend the Web application to create other zones.
创建Web应用程序时,将创建“默认”区域。然后,您可以扩展Web应用程序以创建其他区域。
Each zone can only be selected once per Web application. For example, you can only have one Default zone in a Web application.
每个Web应用程序只能选择一个区域。例如,Web应用程序中只能有一个默认区域。
Each zone is represented by a different Web site in IIS.
每个区域由IIS中的不同网站表示。
#3
3
it allows you to have different access from different urls with different security.
它允许您从具有不同安全性的不同URL进行不同的访问。
This allows you to set "Windows Authentication" for Intranet, "Form Authentication" for the extranet and "Form Authentication with allow anonymous" for the Internet.
这允许您为Intranet设置“Windows身份验证”,为外联网设置“表单身份验证”,为Internet设置“允许匿名的表单身份验证”。
The cache settings are also different depending on the zone. You can configure the cache to behave differently depending on which zone you are.
缓存设置也因区域而异。您可以将缓存配置为根据您所在的区域而有所不同。
So far, those are the main differences for the different zones (including 3 different public url available).
到目前为止,这些是不同区域的主要差异(包括3个不同的公共网址)。
#4
2
For a Better Understanding,
为了更好地理解,
A zone is a way to map multiple Web application configuration settings to a single set of content databases.
区域是将多个Web应用程序配置设置映射到一组内容数据库的方法。
For example, you can create a Web application, create a content database, and then configure the database to use Windows authentication.
例如,您可以创建Web应用程序,创建内容数据库,然后将数据库配置为使用Windows身份验证。
All of these settings are configured for the Default zone for the Web application. You can then extend the Web application and map it to a new zone. When you do that, you select a zone to map to, such as Intranet, Internet, Custom, or Extranet.
所有这些设置都配置为Web应用程序的默认区域。然后,您可以扩展Web应用程序并将其映射到新区域。执行此操作时,选择要映射到的区域,例如Intranet,Internet,Custom或Extranet。
When you configure the second zone, you select an existing or new Internet Information Services (IIS) virtual server and a new load-balanced URL, and determine whether to use NTLM or Kerberos authentication. You can change the authentication provider, for example, to forms authentication, after the new zone is created.
配置第二个区域时,选择现有或新的Internet信息服务(IIS)虚拟服务器和新的负载平衡URL,并确定是使用NTLM还是Kerberos身份验证。创建新区域后,您可以更改身份验证提供程序,例如,更改表单身份验证。
#1
29
Each "zone" is essentially a new IIS Website, where each of the web sites point to a single Application Pool. Theses are also called extensions. Application pools in IIS create complete thread isolation by running separate worker proccesses.
每个“区域”本质上是一个新的IIS网站,其中每个网站都指向一个应用程序池。这些也被称为扩展。 IIS中的应用程序池通过运行单独的worker proccesses来创建完整的线程隔离。
Any Web application can be extended into multiple zones. Extending a Web application to additional zones allows users to access the same Web site through separate and independent URLs, each with its own Web.Config file and IIS application scope. Each zone is configured with its own load-balanced URL (protocol, host header, and port). This allows, for instance, one Web application to make use of many configurations including multiple authentication stores, caching scenarios, content databases, or custom HTTP modules.
任何Web应用程序都可以扩展到多个区域。将Web应用程序扩展到其他区域允许用户通过单独且独立的URL访问同一Web站点,每个URL都有自己的Web.Config文件和IIS应用程序范围。每个区域都配置有自己的负载平衡URL(协议,主机头和端口)。例如,这允许一个Web应用程序使用许多配置,包括多个身份验证存储,缓存方案,内容数据库或自定义HTTP模块。
Basically it allows you to treat a single site differently based on what URL is used to access the site. What is important to keep in mind is the aspect of Load Balancing, caching and content databases.
基本上,它允许您根据用于访问站点的URL来区别对待单个站点。重要的是要记住负载平衡,缓存和内容数据库的方面。
If you have a local intranet that will have, say, 500 internal users and want to extend that site so that you allow external users, say in the thousands, then these features will allow you to separate content and load balancing to limit physical access to specific servers, use custom HTTP Modules for specific zones to create unique sign on rules based on these groups of users.
如果你有一个本地内部网,比如500个内部用户,并希望扩展该网站,以便你允许外部用户,比如成千上万,那么这些功能将允许你分离内容和负载平衡,以限制物理访问特定服务器,使用特定区域的自定义HTTP模块,根据这些用户组创建唯一的登录规则。
#2
4
Zones represent different logical paths (URLs) of gaining access to the same Web application. You can use zones to enforce different access and policy conditions for group of users.
区域表示访问同一Web应用程序的不同逻辑路径(URL)。您可以使用区域为用户组强制执行不同的访问和策略条件。
Zones provide a method to partition users by:
区域提供了一种分区用户的方法:
- Authentication type (ex: claims-based authentication, windows authentication)
- Network zone (ex: extranet, Internet)
- Policy permissions (ex: allow or deny read or write access)
身份验证类型(例如:基于声明的身份验证,Windows身份验证)
网络区域(例如:外联网,互联网)
策略权限(例如:允许或拒绝读取或写入访问权限)
Each Web application can have a maximum of 5 zones.The 5 possible zones are:
每个Web应用程序最多可以有5个区域.5个可能的区域是:
- Default
- Intranet
- Internet
- Custom
- Extranet
When you create a Web application, the Default zone is created. You can then extend the Web application to create other zones.
创建Web应用程序时,将创建“默认”区域。然后,您可以扩展Web应用程序以创建其他区域。
Each zone can only be selected once per Web application. For example, you can only have one Default zone in a Web application.
每个Web应用程序只能选择一个区域。例如,Web应用程序中只能有一个默认区域。
Each zone is represented by a different Web site in IIS.
每个区域由IIS中的不同网站表示。
#3
3
it allows you to have different access from different urls with different security.
它允许您从具有不同安全性的不同URL进行不同的访问。
This allows you to set "Windows Authentication" for Intranet, "Form Authentication" for the extranet and "Form Authentication with allow anonymous" for the Internet.
这允许您为Intranet设置“Windows身份验证”,为外联网设置“表单身份验证”,为Internet设置“允许匿名的表单身份验证”。
The cache settings are also different depending on the zone. You can configure the cache to behave differently depending on which zone you are.
缓存设置也因区域而异。您可以将缓存配置为根据您所在的区域而有所不同。
So far, those are the main differences for the different zones (including 3 different public url available).
到目前为止,这些是不同区域的主要差异(包括3个不同的公共网址)。
#4
2
For a Better Understanding,
为了更好地理解,
A zone is a way to map multiple Web application configuration settings to a single set of content databases.
区域是将多个Web应用程序配置设置映射到一组内容数据库的方法。
For example, you can create a Web application, create a content database, and then configure the database to use Windows authentication.
例如,您可以创建Web应用程序,创建内容数据库,然后将数据库配置为使用Windows身份验证。
All of these settings are configured for the Default zone for the Web application. You can then extend the Web application and map it to a new zone. When you do that, you select a zone to map to, such as Intranet, Internet, Custom, or Extranet.
所有这些设置都配置为Web应用程序的默认区域。然后,您可以扩展Web应用程序并将其映射到新区域。执行此操作时,选择要映射到的区域,例如Intranet,Internet,Custom或Extranet。
When you configure the second zone, you select an existing or new Internet Information Services (IIS) virtual server and a new load-balanced URL, and determine whether to use NTLM or Kerberos authentication. You can change the authentication provider, for example, to forms authentication, after the new zone is created.
配置第二个区域时,选择现有或新的Internet信息服务(IIS)虚拟服务器和新的负载平衡URL,并确定是使用NTLM还是Kerberos身份验证。创建新区域后,您可以更改身份验证提供程序,例如,更改表单身份验证。