Log Parser Studio查看IIS日志发现调用SPClaimsUtility.AuthenticateFormsUser的部分有time-taken在15秒左右的多个响应,查看call stack如下:
Child-SP RetAddr Call Site 00000000122ad290 000007fef1a7856b DomainNeutralILStubClass.IL_STUB(IntPtr, System.Security.Cryptography.SafeCertContextHandle, System.Runtime.InteropServices.ComTypes.FILETIME ByRef, System.Security.Cryptography.SafeCertStoreHandle, CERT_CHAIN_PARA ByRef, UInt32, IntPtr, System.Security.Cryptography.SafeCertChainHandle ByRef) 00000000122ad4e0 000007fef1a7812e System.Security.Cryptography.X509Certificates.X509Chain.BuildChain(IntPtr, System.Security.Cryptography.SafeCertContextHandle, System.Security.Cryptography.X509Certificates.X509Certificate2Collection, System.Security.Cryptography.OidCollection, System.Security.Cryptography.OidCollection, System.Security.Cryptography.X509Certificates.X509RevocationMode, System.Security.Cryptography.X509Certificates.X509RevocationFlag, System.DateTime, System.TimeSpan, System.Security.Cryptography.SafeCertChainHandle ByRef) 00000000122ad5d0 000007fee933b805 System.Security.Cryptography.X509Certificates.X509Chain.Build(System.Security.Cryptography.X509Certificates.X509Certificate2) 00000000122ad700 000007fee9250394 Microsoft.SharePoint.SPCertificateValidator+SPImmutableCertificateValidator.Validate(System.Security.Cryptography.X509Certificates.X509Certificate2) 00000000122ad760 000007fee610b908 Microsoft.SharePoint.SPCertificateValidator.Validate(System.Security.Cryptography.X509Certificates.X509Certificate2) 00000000122ad7d0 000007ff0026fc53 Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(System.IdentityModel.Tokens.SecurityToken) 00000000122ad880 000007ff00279fc1 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.AuthenticateUser(System.IdentityModel.Tokens.SecurityToken) 00000000122ad8d0 000007fee899ec7c Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(System.IdentityModel.Tokens.SecurityToken, Microsoft.SharePoint.IdentityModel.SPSessionTokenWriteType) 00000000122ad980 000007ff00279a48 Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated) 00000000122ad9d0 000007ff00202f60 Microsoft.SharePoint.IdentityModel.SPClaimsUtility.AuthenticateFormsUser(System.Uri, System.String, System.String)
网上有3种解决方案,个人推荐安装证书,操作参考如下:
1、已管理员身份运行SharePoint 2010 Management Shell。
2、执行以下命令:
$rootCert = (Get-SPCertificateAuthority).RootCertificate $rootCert.Export("Cert") | Set-Content C:SharePointRootAuthority.cer -Encoding byte
3、安装导出的证书” SharePointRootAuthority.cer”至受信任的根证书颁发机构。