1.8. Service Connections
The Service Connections option on the Web
Applications Ribbon allows you to view, and if you choose, to modify
the service applications the Web application is associated with in
SharePoint. The drop-down option shown in the text box at the top of Figure 9
allows you to change the setting from Default to Custom. When you
select the Custom option, all service applications will be cleared, and
you can choose which service applications you want associated with this
Web application.
1.9. Authentication Providers
The role of the authentication
provider is to define which type of authentication is aligned to a
specific zone in a Web application. By default, all zones are created
with Windows NTLM (NT
LAN Manager), and it is recommended that you change this setting only
after you have tested access to the content using NTLM. You can then
change the Web application to support many different types of
authentication depending on the access method. Available authentication
options include the following.
Windows Use the standard Windows authentication.
Forms
Create a forms authentication method; for example, you could create an
authentication method using the SQL Server membership role provider to
have user accounts stored in an SQL Server database to authenticate into
sites hosted for external users.
Web Single Sign-On Use for federated authentication mechanisms such as ADFS (Active Directory Federation Services). This option is useful for companies authenticating users between organizations.
Anonymous Access Allows anonymous connections to the content through this zone.
NTLM Or Kerberos Allows you to switch your authentication
from the default NTLM to the preferred, faster, and more secure
Kerberos. You can also enable Basic authentication if you want this zone
to support basic authentication with Secure Sockets Layer (SSL).
The authentication provider is a
way for SharePoint to provide an element of bridging capabilities.
However, if you need more control of your authentication methods and
more options such as security tokens or smart cards, then you will need a
server, such as an Internet Security and Acceleration (ISA) server in
front of SharePoint to manage the external connection. ISA server
supports all of the authentication methods listed previously, plus many
more methods for publishing and authentication.
1.10. Self-Service Site Creation
By default, users cannot create top-level sites or site collections. If the Self-Service
Site Creation setting is enabled, it will permit users with
self-service site creation permissions to create site collections under
the /sites path or any path you specify within that Web application.
After self-service site creation is enabled, a message displays in the
announcements list of the root of the Web application informing users
that self-service site creation has been turned on for that Web
application. This announcement will contain a link to the page they can
use to create additional site collections.
Note:
If you want the site
collections created in a path other than /sites, you have to create a
wildcard inclusion managed path as discussed in the section titled Section 1.7.8 earlier in this article.
If you decide to enable self-service site creation, be sure to consider the following issues.
Generally you
should require a secondary site collection administrator. Administrative
alerts, such as those generated when quotas are exceeded or when
checking for unused websites, will go to the secondary as well as the
primary administrator.
Define a storage quota and set it as the default quota for the Web application.
Review
the number of site collections allowed per content database. This
setting combined with quotas will help you limit the size of your
content databases.
Enable unused website notifications so that sites that are no longer used can be identified.