1 / 21

Who are you and what do you want?

Who are you and what do you want?. Authentication and Authorization – SharePoint 2010. Big topic! This session will just scratch surface. Define some terms along the way Focus on SharePoint 2010 capabilities and demos; applicable to SharePoint 2013

devika
Download Presentation

Who are you and what do you want?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Who are you and what do you want? Authentication and Authorization – SharePoint 2010

  2. Big topic! This session will just scratch surface. • Define some terms along the way • Focus on SharePoint 2010 capabilities and demos; applicable to SharePoint 2013 • ASP.Net Membership / Role provider framework • Demos, focused on Membership and Role provider techniques that can be used in both SharePoint 2010 and 2013

  3. Authentication • Confirmation of identity • Allow access • Authorization • Post authentication • Allow access to resource(s) based on permission of identity

  4. SharePoint 2007 • Authentication mode is called “classic” • Default Active Directory authentication • Support for forms-based authentication • Support for ASP.Net web security framework and plug-in custom authentication providers • Support for multiple web application zones • One provider per web application zone • Use of multiple authentication providers require multiple zones/urls

  5. SharePoint 2010 • All 2007 functional capabilities still available • Introduces support for claims-based authentication. Built on Windows Identity Foundation • Introduction of Secure Token Service • Multiple authentication/identity providers per zone/url • Ability to create and register Trusted Identity Providers in farm to provide authentication services to multiple web applications / single-sign on

  6. Identity • Set of attributes to describe a user such as name, e-mail, password, etc. • Identity Provider • An authority that can assert the “true” identity and its attributes • Claim • An assertion (i.e. the claim) issued by an identity provider about a specific user or other entity in a system (machine, etc.) • Contains an encrypted set of information • Identity providers can be trusted by SharePoint

  7. SharePoint - Secure Token Service • Client (i.e. web browser accessing SharePoint) sends request to STS • STS verifies identity by querying authentication provider • STS issues “claim:, i.e. encrypted security token • Client uses token to access SharePoint site

  8. SharePoint 2010 • Authentication selected during web application creation • Claims can also be enabled on existing site with PowerShell script • Forms-based authentication now handled by claims authentication

  9. SharePoint 2010 • Authentication settings now accessible through web application management ribbon • Configurable for each zone • Again, note that Windows, Forms and Identity trusts can be active for each zone

  10. SharePoint 2013 • Claims-based authentication is now default mode • Classic is still supported (PowerShell), but deprecated • Easier migration from classic to claims via use of Convert-SPWebApplicationcmdlet • Login tokens cached in newly introduced Distributed Cache Service • Support for OAuth(open standard for authorization) • Server to Server authorization • Authorize apps to access SharePoint resources

  11. Authentication Providers • Store of user authentication information (i.e., user name and password; roles, etc.) • Basic steps for consuming Authentication provider (membership and roles) • Create or get a provider! • Configure web.config to “register” the provider • Web application • Central Administration site • Security Token Service site (allows the STS to query the auth provider during login process) • Configure web application provider settings in Central Administration

  12. “Built-In” .NET Provider • Start with System.Web.Security built-in SQL-based authentication provider • SqlMembershipProvider • SqlRoleProvider • Create database with aspnet_regsql.exe utility • Configure users and roles with built-in configuration UI

  13. Demo

  14. Custom Authentication Provider • Create Visual Studio project • Create 2 classes, respectively inheriting from: • System.Web.Security.MembershipProvider • System.Web.Security.RoleProvider • Override required methods to implement custom behaviors • Can add other classes as needed to integrate with member store

  15. Membership Provider Interfaces • Five required interface overrides in System.Web.Security.MembershipProvider • GetUser(System.String,System.Bool) • GetUserNameByEmail(System.String) • ValidateUser(System.String,System.String) • FindUsersByEmail(System.String,System.Int32,System.Int32,System.Int32) • FindUsersByName(System.String,System.Int32,System.Int32,System.Int32)

  16. Role Interfaces • Two required interface overrides for Role provider • System.Web.Security.RoleProvider • GetRolesForUser(System.String) • RoleExists(System.String)

  17. Demo

  18. Trusted Identity Provider • Identity providers issue security token (claim) upon login • Custom identity/claim providers can be implemented

  19. Implementing an Identity Provider • Option 1 – procure one already built and install/configure it in the SharePoint farm. Active Directory Federation Services is an example • Option 2 – build one!

  20. Building an Identity Provider • Visual Studio - install Windows Identity Framework SDK • SDK provides Visual Studio templates for creating IP • Create provider • Export certificate • Register provider, claims, and certificate in SharePoint to create trust relationship. • PowerShell - New-SPTrustedIdentityTokenIssuer

  21. Demo Thanks to my buddy Liam Cleary’s blog: http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=17

More Related